Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
Ask a Question

"host signature is invalid" w/ host on port 10022

0 votes
4.7k views
in Java FTP by (360 points)
We use EDT for 40 data feeds (6 other SFTP feeds), but the only problem we are having is this particular one. The only difference I see is that this particular SFTP host uses a non-standard port (10022). Every time we try to connect the host validation fails. I've used EDT to download the public key, used other programs to download the public key, and I've had the other entity send me their public key. They all are identical. I don't know if something different needs to be done when using a non standard port. I've tried the following calls to "addKnownHost"

* Any URL's or other identifying information has been obfuscated 

ftp.getValidator().addKnownHost(clInfo.getUrl(), keyPath + "host.pub");
ftp.getValidator().addKnownHost(clInfo.getUrl() + ":" + Integer.toSting(ftp.getRemotePort()), keyPath + "host.pub");


but I get the same error.


Here is the code:

         
         SSHFTPClient ftp = null;

         // create client
         ftp = new SSHFTPClient();

         // set remote clInfo.getUrl()
         ftp.setRemoteHost(clInfo.getUrl());
         ftp.setRemotePort(10022);

         // Set clInfo.getUrl() keys
         String keyPath = JFig.getInstance().getValue("Paths", "RootPubKeyPath");
         ftp.getValidator().addKnownHost(clInfo.getUrl(), keyPath + "host.pub");

         ftp.setAuthentication(clInfo.getUsername(), clInfo.getPassword())

         ftp.connect();





Logging:


DEBUG [SSHFTPClient] 22 Jan 2010 09:53:11.991 : Created SFTP client.
DEBUG [SSHFTPValidator] 22 Jan 2010 09:53:11.991 : Adding known host 'obfuscated.server.com'
DEBUG [SshPublicKeyFile] 22 Jan 2010 09:53:11.991 : Parsing public key file
DEBUG [AbstractKnownHostsKeyVerification] 22 Jan 2010 09:53:12.7 : 
Allowing obfuscated.server.com with fingerprint 2048: bf af ce d3 4e 48 88 70 55 f6 4a 61 44 3b eb 7
INFO [SCPClient] 22 Jan 2010 09:53:12.22 : SCPClient settings validated.
DEBUG [SCPClient] 22 Jan 2010 09:53:12.22 : Connecting to obfuscated.server.com:10022
DEBUG [TransportProviderFactory] 22 Jan 2010 09:53:12.22 :
 Connecting to obfuscated.server.com:10022 via standard socket
DEBUG [SocketTransportProvider] 22 Jan 2010 09:53:12.241 : Invoking connect with timeout=60000
INFO [TransportProtocolCommon] 22 Jan 2010 09:53:12.304 : Timeout=60000
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.304 : Starting transport protocol
INFO [TransportProtocolCommon] 22 Jan 2010 09:53:12.304 : Wait for state update timeout=60000
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.304 : Registering transport protocol messages with inputstream
INFO [TransportProtocolCommon] 22 Jan 2010 09:53:12.304 : Wait for state update timeout=60000
INFO [cryptix] 22 Jan 2010 09:53:12.366 : GLOBAL_TRACE=false
INFO [cryptix] 22 Jan 2010 09:53:12.366 : GLOBAL_DEBUG=false
INFO [cryptix] 22 Jan 2010 09:53:12.366 : GLOBAL_DEBUG_SLOW=false
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.366 : Negotiating protocol version
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.366 : Local identification: SSH-2.0-edtFTPjPRO-2.0.1
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.366 : EOL is guessed at LF
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.366 : Remote identification: 'SSH-2.0-Connect:Enterprise_UNIX_2.4.02'
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.366 : Protocol negotiation complete
ALL [TransportProtocolCommon] 22 Jan 2010 09:53:12.366 : Name=SSH_MSG_KEX_INIT,MessageId=20
Supported Kex diffie-hellman-group1-sha1
Supported Public Keys ssh-rsa,ssh-dss
Supported Encryption Client->Server 3des-cbc,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc
Supported Encryption Server->Client 3des-cbc,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc
Supported Mac Client->Server hmac-sha1,hmac-md5-96,hmac-sha1-96,hmac-md5
Supported Mac Server->Client hmac-sha1,hmac-md5-96,hmac-sha1-96,hmac-md5
Supported Compression Client->Server none,zlib
Supported Compression Server->Client none,zlib
Supported Languages Client->Server 
Supported Languages Server->Client 
First Kex Packet Follows [FALSE]
INFO [TransportProtocolCommon] 22 Jan 2010 09:53:12.366 : Wait for state update timeout=60000
DEBUG [SshMsgKexInit] 22 Jan 2010 09:53:12.413 : Packetlength=356, Paddinglength=9
ALL [TransportProtocolCommon] 22 Jan 2010 09:53:12.413 : 
Received registered message: Name=SSH_MSG_KEX_INIT,MessageId=20
Supported Kex diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
Supported Public Keys ssh-rsa
Supported Encryption Client->Server aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,cast128-cbc
Supported Encryption Server->Client aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,cast128-cbc
Supported Mac Client->Server hmac-sha1,hmac-ripemd160,hmac-md5
Supported Mac Server->Client hmac-sha1,hmac-ripemd160,hmac-md5
Supported Compression Client->Server none,zlib
Supported Compression Server->Client none,zlib
Supported Languages Client->Server 
Supported Languages Server->Client 
First Kex Packet Follows [FALSE]
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.413 : Received remote key exchange init message
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.413 : Starting key exchange
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.413 : Determine Algorithm
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.413 : Client Algorithms: [diffie-hellman-group1-sha1]
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.413 : Server Algorithms: [diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1]
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.413 : Returning diffie-hellman-group1-sha1
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.413 : Key exchange algorithm: diffie-hellman-group1-sha1
INFO [DhGroup1Sha1] 22 Jan 2010 09:53:12.413 : Starting client side key exchange.
ALL [TransportProtocolCommon] 22 Jan 2010 09:53:12.444 : Name=SSH_MSG_KEXDH_INIT,MessageId=30,e=1112118613543926155783276243550528
463647920469552540241350466807830692631384260238761302910115019390906563775
451354019633526686081018370713733127811027011185828750285014780332305245917
7655929680030804508449785965163818864618771362859505417054117305230737550371931664294497134941505470976498978625234576897049
ALL [TransportProtocolCommon] 22 Jan 2010 09:53:12.538 : Received unregistered message: Name=SSH_MSG_KEXDH_REPLY,MessageId=31
ALL [DhGroup1Sha1] 22 Jan 2010 09:53:12.538 : Name=SSH_MSG_KEXDH_REPLY,MessageId=31
DEBUG [DhGroup1Sha1] 22 Jan 2010 09:53:12.569 : calculateExchangeHash()
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.569 : Verifying host [obfuscated.server.com]:10022,[12.24.58.13]:10022
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.569 : Preferred algorithm null
DEBUG [TransportProtocolCommon] 22 Jan 2010 09:53:12.569 : Determine Algorithm
DEBUG [TransportProtocolCo

3 Answers

0 votes
by (51.6k points)
I've replied to you by e-mail.

- Hans (EnterpriseDT)
0 votes
by (360 points)
Well it looks like it was the format of the "host" in my call to "addKnownHost".

I changed it to: 

[hostname]:port


ftp.getValidator().addKnownHost("[" + clInfo.getUrl() + "]:" + Integer.toString(ftp.getRemotePort()), keyPath + "key.pub");


and now it works..
Thanks!
- Aaron
0 votes
by (51.6k points)
That's great. Thanks for replying on the forums so that others can see the solution.

- Hans (EnterpriseDT)

Categories

EnterpriseDT 2020
...