如何从远程计算机访问Apache Mina SSH服务器？

Question

I have created an Amazon Linux 2 instance where I have deployed a Java program launched with systemd. The Java program is a vertx-shell application which is using Apache Mina to start a SSH server on port 2000. It should possible to connect to the SSH server with 2 ways : public key or password auth.

After a classical ssh authentication on port 22 to access my amazon instance, I can connect to the java ssh server running on port 2000 locally with password auth. However, when I try to connect to SSH server from my local machine providing the Amazon private key, the connection is stuck on ' debug1: Local version string SSH-2.0-OpenSSH_7.5 ' line and finally refused after a timeout of 2 minutes :

ssh -i /Users/toto/.ssh/my_amazon_key.pem -p 2000 ec2-user@my-application.server.com -vvv
OpenSSH_7.5p1, LibreSSL 2.5.4
debug1: Reading configuration data /Users/toto/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug2: resolving "my-application.server.com" port 2000
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to my-application.server.com [35.XXX.XX.XX] port 2000.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/toto/.ssh/my_amazon_key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/toto/.ssh/my_amazon_key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
ssh_exchange_identification: Connection closed by remote host

On the Java application log, I can see a log of somebody trying to connect to the SSH server but failing to authenticate after 2 minutes.

Of course, I have checked in my Amazon security group that I have opened port 2000. There is no denied IP in my case.

Here is the Java code running the SSH server :

ShellService service = ShellService.create(vertx,
                new ShellServiceOptions()
                        .setTelnetOptions(
                            new TelnetTermOptions().
                                setHost("localhost").
                                setPort(5000))
                        .setSSHOptions(
                            new SSHTermOptions().
                                setHost("0.0.0.0").
                                setPort(2000).
                                setKeyPairOptions(new JksOptions().
                                        setPath("ssh/keystore.jks").
                                        setPassword("wibble")).
                                setAuthOptions(new ShiroAuthOptions().
                                        setConfig(new JsonObject().put("properties_path", "classpath:ssh/auth.properties"))))
        );

Any idea ? Vertx/Apache Mina config ? Conflict between SSHD running on port 22 and port 2000 ?

Answer 1

Ok, I finally found out the problem. Actually, I had to do 2 things :

1. I changed the port from 2000 to 3000, and then I was not stuck anymore, at least I was able to authenticate with password. But public key authentication was still failing. So I suppose something else was already running on initial port 2000, causing the connection stuck.
2. I was launching my java application with a specific user vertx, so Apache Mina SSH server was looking for an un-existing authorized_keys file for user vertx. As soon as I created it with the public key inside in its own .ssh directory in vertx user home directory, with the right permissions, then I could authenticate providing the corresponding private key.