search

mwiede / jsch

fork of the popular jsch library
Other
662 stars 124 forks source link

Prevent algorithm from known_host entry added to server host key list #552

Closed david-rozsa closed 2 months ago

david-rozsa commented 2 months ago

Hi,

Using jsch 0.2.17, I wish to disable ssh-rsa so I configured the following: 

-Djsch.server_host_key=rsa-sha2-512

But I still see 

client proposal: host key algorithms: ssh-rsa,rsa-sha2-512

in the logs. I narrowed it down to the known_hosts entry:

abc.com ssh-rsa AAAAA

Basically whatever algorithm is in the known_hosts entry, it gets appended to the server host key list that I defined, for example if I add a non existing ecdsa key instead I end up with client proposal: host key algorithms: ecdsa-sha2-nistp256,rsa-sha2-512.

Is there any way I can disable this behavior, so I can properly disable ssh-rsa and force it to use only rsa-sha2-512 instead?

Thanks in advance.

norrisjeremy commented 2 months ago

Hi @david-rozsa,

Can you please provide a full copy of debug logs from JSch with this occurring?

Thanks, Jeremy

david-rozsa commented 2 months ago

Sure, this is with explicitly configuring -Djsch.server_host_key=rsa-sha2-256 :

024-04-29 11:44:12,758 - JSch - paramInt: '1', paramString: 'Connecting to ssh.dev.azure.com port 22'
2024-04-29 11:44:12,760 - JSch - paramInt: '1', paramString: 'Connection established'
2024-04-29 11:44:12,767 - JSch - paramInt: '1', paramString: 'Remote version string: SSH-2.0-SSHBlackbox.10'
2024-04-29 11:44:12,767 - JSch - paramInt: '1', paramString: 'Local version string: SSH-2.0-JSCH_0.2.13'
2024-04-29 11:44:12,767 - JSch - paramInt: '1', paramString: 'CheckCiphers: chacha20-poly1305@openssh.com'
2024-04-29 11:44:12,767 - JSch - paramInt: '1', paramString: 'CheckKexes: curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512'
2024-04-29 11:44:12,767 - JSch - paramInt: '1', paramString: 'CheckSignatures: ssh-ed25519,ssh-ed448'
2024-04-29 11:44:12,767 - JSch - paramInt: '0', paramString: 'server_host_key proposal before known_host reordering is: ssh-rsa,rsa-sha2-256'
2024-04-29 11:44:12,767 - JSch - paramInt: '0', paramString: 'server_host_key proposal after known_host reordering is: ssh-rsa,rsa-sha2-256'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'SSH_MSG_KEXINIT sent'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'SSH_MSG_KEXINIT received'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: KEX algorithms: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: host key algorithms: ssh-rsa,rsa-sha2-256,rsa-sha2-512'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: ciphers c2s: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes256-ctr'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: ciphers s2c: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes256-ctr'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: MACs c2s: hmac-sha2-256,hmac-sha2-512'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: MACs s2c: hmac-sha2-256,hmac-sha2-512'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: compression c2s: none'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: compression s2c: none'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: languages c2s: '
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'server proposal: languages s2c: '
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: host key algorithms: ssh-rsa,rsa-sha2-256'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: ciphers c2s: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: ciphers s2c: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: MACs c2s: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: MACs s2c: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: compression c2s: none,zlib@openssh.com,zlib'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: compression s2c: none,zlib@openssh.com,zlib'
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: languages c2s: '
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'client proposal: languages s2c: '
2024-04-29 11:44:12,768 - JSch - paramInt: '1', paramString: 'kex: algorithm: diffie-hellman-group-exchange-sha256'
2024-04-29 11:44:12,769 - JSch - paramInt: '1', paramString: 'kex: host key algorithm: ssh-rsa'
2024-04-29 11:44:12,769 - JSch - paramInt: '1', paramString: 'kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none'
2024-04-29 11:44:12,769 - JSch - paramInt: '1', paramString: 'kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none'
2024-04-29 11:44:12,769 - JSch - paramInt: '1', paramString: 'SSH_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent'
2024-04-29 11:44:12,769 - JSch - paramInt: '1', paramString: 'expecting SSH_MSG_KEX_DH_GEX_GROUP'
2024-04-29 11:44:12,772 - JSch - paramInt: '1', paramString: 'SSH_MSG_KEX_DH_GEX_INIT sent'
2024-04-29 11:44:12,772 - JSch - paramInt: '1', paramString: 'expecting SSH_MSG_KEX_DH_GEX_REPLY'
2024-04-29 11:44:12,812 - JSch - paramInt: '1', paramString: 'ssh_rsa_verify: ssh-rsa signature true'
2024-04-29 11:44:12,813 - JSch - paramInt: '1', paramString: 'Host 'ssh.dev.azure.com' is known and matches the RSA host key'
2024-04-29 11:44:12,813 - JSch - paramInt: '1', paramString: 'SSH_MSG_NEWKEYS sent'
2024-04-29 11:44:12,814 - JSch - paramInt: '1', paramString: 'SSH_MSG_NEWKEYS received'
2024-04-29 11:44:12,814 - JSch - paramInt: '1', paramString: 'SSH_MSG_SERVICE_REQUEST sent'
2024-04-29 11:44:12,816 - JSch - paramInt: '1', paramString: 'SSH_MSG_EXT_INFO received'
2024-04-29 11:44:12,816 - JSch - paramInt: '1', paramString: 'server-sig-algs=<ssh-rsa,rsa-sha2-256,rsa-sha2-512>'
2024-04-29 11:44:12,857 - JSch - paramInt: '1', paramString: 'SSH_MSG_SERVICE_ACCEPT received'
2024-04-29 11:44:12,859 - JSch - paramInt: '1', paramString: 'Authentications that can continue: publickey,keyboard-interactive,password'
2024-04-29 11:44:12,859 - JSch - paramInt: '1', paramString: 'Next authentication method: publickey'
2024-04-29 11:44:12,859 - JSch - paramInt: '0', paramString: 'PubkeyAcceptedAlgorithms = rsa-sha2-256'
2024-04-29 11:44:12,859 - JSch - paramInt: '0', paramString: 'PubkeyAcceptedAlgorithms in server-sig-algs = [rsa-sha2-256]'
2024-04-29 11:44:12,864 - JSch - paramInt: '0', paramString: 'rsa-sha2-256 preauth success'
2024-04-29 11:44:12,881 - JSch - paramInt: '0', paramString: 'rsa-sha2-256 auth success'
2024-04-29 11:44:12,882 - JSch - paramInt: '1', paramString: 'Authentication succeeded (publickey).'
2024-04-29 11:44:13,046 - JSch - paramInt: '1', paramString: 'Disconnecting from ssh.dev.azure.com port 22'
2024-04-29 11:44:13,046 - JSch - paramInt: '1', paramString: 'Caught an exception, leaving main loop due to Socket closed'
Caused by: org.eclipse.jgit.errors.NoRemoteRepositoryException: git@ssh.dev.azure.com:v3/x: remote: Command git-upload-pack: You’re using ssh-rsa that is about to be deprecated and your request has been blocked intentionally. Any SSH session using SSH-RSA is subject to brown out (failure during random time periods). Please use rsa-sha2-256 or rsa-sha2-512 instead. For more details see https://aka.ms/ado-ssh-rsa-deprecation.
remote: ERROR_SSH_UNSUPPORTED_CIPHER (7)

but based on 

2024-04-29 11:44:12,769 - JSch - paramInt: '1', paramString: 'kex: host key algorithm: ssh-rsa'

still ended up using ssh-rsa.

norrisjeremy commented 2 months ago

Hi @david-rozsa,

Something in your environment is explicitly setting the server_host_key config value to ssh-rsa,rsa-sha2-256, as proven by the following log message:

2024-04-29 11:44:12,767 - JSch - paramInt: '0', paramString: 'server_host_key proposal before known_host reordering is: ssh-rsa,rsa-sha2-256'

The above indicates that server_host_key is set to the value ssh-rsa,rsa-sha2-256 before JSch even looks up any algorithms from your known_hosts file.

This could be because you are running -Djsch.server_host_key=ssh-rsa,rsa-sha2-256, or you are somehow programmatically calling JSch.setConfig("server_host_key", "ssh-rsa,rsa-sha2-256") or Session.setConfig("server_host_key", "ssh-rsa,rsa-sha2-256"), or perhaps you are using an OpenSSH config file with OpenSSHConfig that has HostKeyAlgorithms configured as ssh-rsa,rsa-sha2-256.

Thanks, Jeremy

david-rozsa commented 2 months ago

hi @norrisjeremy

Thanks for the tip, you are correct, we are using the jsch library through jgit, and it seems they have a nice logic for that: https://gerrit.googlesource.com/jgit/+/refs/heads/master/org.eclipse.jgit.ssh.jsch/src/org/eclipse/jgit/transport/ssh/jsch/JschConfigSessionFactory.java#268

Thanks for pointing me in the right direction.