NullPointerException in JSch Session.connect() while connecting to Cisco IOS switch

[junbo666]

Note: This issue appears only on a select few switches, with the majority of other IOS switches functioning normally. I am unsure whether it is a problem with the switches themselves or if certain configurations are causing this.

I'm encountering a NullPointerException when attempting to establish an SSH connection to a Cisco IOS switch using JSch. The issue occurs during the session.connect() call. I have tried the following versions： JSch version: 0.2.17、0.1.72、0.1.56、0.1.55

Java version：1.8

Expected Behavior: The code should establish an SSH connection to the Cisco IOS switch without throwing an exception.

Actual Behavior: The code throws a NullPointerException during the session.connect() call.

Manually connecting to the switch via SSH works without any issues.

Logs:

SSH-2.0-JSCH_0.2.17
JSch Log: Connecting to 10.0.*** port 22
JSch Log: Connection established
JSch Log: Remote version string: SSH-2.0-xxxxxx
JSch Log: Local version string: SSH-2.0-JSCH_0.2.17
JSch Log: CheckCiphers: chacha20-poly1305@openssh.com
JSch Log: CheckKexes: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512
JSch Log: sntrup761x25519-sha512@openssh.com is not available.
JSch Log: curve25519-sha256 is not available.
JSch Log: curve25519-sha256@libssh.org is not available.
JSch Log: curve448-sha512 is not available.
JSch Log: kex proposal before removing unavailable algos is: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
JSch Log: kex proposal after removing unavailable algos is: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
JSch Log: CheckSignatures: ssh-ed25519,ssh-ed448
JSch Log: ssh-ed25519 is not available.
JSch Log: ssh-ed448 is not available.
JSch Log: server_host_key proposal before removing unavailable algos is: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
JSch Log: server_host_key proposal after removing unavailable algos is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
JSch Log: server_host_key proposal before known_host reordering is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
JSch Log: server_host_key proposal after known_host reordering is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
JSch Log: SSH_MSG_KEXINIT sent
JSch Log: Disconnecting from 10.0*** port 22
java.lang.NullPointerException
        at com.jcraft.jsch.Session.start_discard(Session.java:1420)
        at com.jcraft.jsch.Session.read(Session.java:1240)
        at com.jcraft.jsch.Session.connect(Session.java:326)
        at com.jcraft.jsch.Session.connect(Session.java:198)

I'm unsure how to gather useful information to pinpoint the cause of the issue.

The ip is hidden by me

import com.jcraft.jsch.*;

public class SSHConnection {
    public static void main(String[] args) {
        JSch jsch = new JSch();
        Session session = null;
        try {
            session = jsch.getSession("user", "10.0.****", 22);
            session.setPassword("password");
            session.setConfig("StrictHostKeyChecking", "no");
            session.setConfig("PreferredAuthentications", "password");
            java.util.Properties config = new java.util.Properties();
            config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256");
            config.put("cipher.s2c", "aes128-ctr,aes192-ctr,aes256-ctr");
            config.put("cipher.c2s", "aes128-ctr,aes192-ctr,aes256-ctr");
            config.put("mac.s2c", "hmac-sha2-256,hmac-sha2-512");
            config.put("mac.c2s", "hmac-sha2-256,hmac-sha2-512");
            session.setConfig(config);
            JSch.setLogger(new Logger() {
                public boolean isEnabled(int level) { return true; }
                public void log(int level, String message) {
                    System.out.println("JSch Log: " + message);
                }
            });

            session.connect();
        } catch (JSchException e) {
            e.printStackTrace();
        } finally {
            if (session != null && session.isConnected()) {
                session.disconnect();
            }
        }
    }
}

[norrisjeremy]

Hi @junbo666,

I'm not sure why you are getting an NPE: this is occurring very early in the connection setup when attempting to read the servers KEXINIT message. Are you able to perform a full tcpdump packet capture of the failed SSH connection between JSch and this Cisco IOS switch? Otherwise I'm not sure if we will be able to provide much assistance unless you can provide an easy way for us to reproduce this failure.

Thanks, Jeremy

[junbo666]

hi Jeremy, Thank you very much for your prompt response and valuable advice. I will immediately proceed to re-examine this issue, focusing on verifying any special configurations or environmental factors related to these two Cisco IOS switches that could be causing the NPE exception during the initial phase of establishing the SSH connection.

Should I require further insights or encounter insurmountable obstacles during the troubleshooting process, I will promptly reach out for your assistance and provide all necessary information as per your instructions, including tcpdump packet captures, to facilitate a deeper analysis of this issue.

Once again, I greatly appreciate your reply and your ongoing support.

Thanks, Junbo

---- Replied Message ---- | From | Jeremy @.> | | Date | 06/18/2024 18:23 | | To | @.> | | Cc | @.> , @.> | | Subject | Re: [mwiede/jsch] NullPointerException in JSch Session.connect() while connecting to Cisco IOS switch (Issue #577) |

Hi @junbo666,

I'm not sure why you are getting an NPE: this is occurring very early in the connection setup when attempting to read the servers KEXINIT message. Are you able to perform a full tcpdump packet capture of the failed SSH connection between JSch and this Cisco IOS switch? Otherwise I'm not sure if we will be able to provide much assistance unless you can provide an easy way for us to reproduce this failure.

Thanks, Jeremy

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[norrisjeremy]

Hi @junbo666,

Can you provide any details as to what type of Cisco switch is involved, what IOS version it is running and what the SSH configuration is for them? Also, can you manually perform an SSH connection from the command line using ssh -vvv and provide the output that the SSH command prints out?

Thanks, Jeremy

[junbo666]

It's the information？ show version：

VSOS                    : V0600R0708B20221017(V6078) 
AV version              : 2016-08-30 
KPAV version            : 2016-09-02 
IPS version             : 2024-06-12 
APT version             : 2014-04-01 
URL version             : 2017-07-10 
Compile time            : Oct 17 2022 17:51:14 
Copyright (c) 1996-2021 Venustech 

Serial number: 0113211612079972
eth0:   e1000e v3.3.5.3-NAPI intel-82583 10/100/1000M copper MAC address: 00:13:32:0e:83:18
eth1:   e1000e v3.3.5.3-NAPI intel-82583 10/100/1000M copper MAC address: 00:13:32:0e:83:19
ge0/1:  igb v5.3.5.4 intel-82580 10/100/1000M copper MAC address: 00:10:f3:65:a0:93
ge0/2:  igb v5.3.5.4 intel-82580 10/100/1000M copper MAC address: 00:10:f3:65:a0:94
ge0/3:  igb v5.3.5.4 intel-82580 10/100/1000M copper MAC address: 00:10:f3:65:a0:95
ge0/4:  igb v5.3.5.4 intel-82580 10/100/1000M copper MAC address: 00:10:f3:65:a0:96
ge0/5:  igb v5.3.5.4 intel-82580 10/100/1000M copper MAC address: 00:10:f3:65:a0:97
ge0/6:  igb v5.3.5.4 intel-82580 10/100/1000M copper MAC address: 00:10:f3:65:a0:98
ge0/7:  igb v5.3.5.4 intel-82580 10/100/1000M copper MAC address: 00:10:f3:65:a0:99
ge0/8:  igb v5.3.5.4 intel-82580 10/100/1000M copper MAC address: 00:10:f3:65:a0:9a

ssh -vvv

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "10.0.*****" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ip [ip] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version xxxxxx
debug1: no match: xxxxxx
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.0.ip:22 as 'backup'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys from 10.0.pi
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-cbc,3des-cbc
debug2: ciphers stoc: aes128-cbc,3des-cbc
debug2: MACs ctos: hmac-sha1,hmac-sha1-96
debug2: MACs stoc: hmac-sha1,hmac-sha1-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: diffie-hellman-group-exchange-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug1: kex: diffie-hellman-group-exchange-sha1 need=20 dh_need=20
debug3: send packet: type 34
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent
debug3: receive packet: type 31
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 989/2048
debug3: send packet: type 32
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug3: receive packet: type 33
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:rEmlJenVMSL5GVemSY0Gk8WGw6B4ege4J85M+vup8R0
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys from 10.0.254.207
debug1: Host '10.0.ip' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:11
debug2: bits set: 1024/2048
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug2: key: /root/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
admin@10.0.ip's password: 
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).
Authenticated to 10.0ipo ([10.0.ip]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env HOSTNAME
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: channel 0: rcvd adjust 131072
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0

[norrisjeremy]

Hi @junbo666,

Firstly, that does not appear to be a Cisco IOS switch: I've never heard of VenusTech before or know who they are. It appears the problem may be related to the fact that this device to which you are connecting only supports old and insecure crypto algorithms, which JSch does not enable by default, and is likely causing the connection failures you have reported:

debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-cbc,3des-cbc
debug2: ciphers stoc: aes128-cbc,3des-cbc
debug2: MACs ctos: hmac-sha1,hmac-sha1-96
debug2: MACs stoc: hmac-sha1,hmac-sha1-96

I recommend that you review our FAQ and ensure that one or more of the diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 kex algorithms, the ssh-rsa server_host_key algorithm, one or more of the aes128-cbc,3des-cbc cipher.s2c & cipher.c2s algorithms & one or more of the hmac-sha1,hmac-sha1-96 mac.s2c & mac.c2s algorithms is enabled in JSch when attempting to connect to this particular device.

Thanks, Jeremy

[junbo666]

I tried to add some algorithms to solve this problem.
Thank you very much for your reply and help. Thanks again