堆栈内存溢出
  简体   繁体   English

Apache mina-sshd ssh 客户端始终打印 EdDSA provider not supported

[英]Apache mina-sshd ssh client always prints EdDSA provider not supported

 原文  2021-01-04 16:25:40       java/ ssh/ apache-mina

问题描述

I'm using Apache sshd's ssh client.我正在使用 Apache sshd 的 ssh 客户端。 Whenever I establish a connection to the destination ssh server, I see this in the logs.每当我与目标 ssh 服务器建立连接时,我都会在日志中看到这一点。 The connection works, but is there something wrong?连接有效,但有什么问题吗? How can I fix it?我该如何解决?

The exception looks like:异常如下所示:

(SshException) to process: EdDSA provider not supported

1 个解决方案

解决方案1
 4 已采纳  2021-01-04 16:25:40

How to fix怎么修

To fix the problem add a dependency net.i2p.crypto:eddsa.要解决此问题,请添加依赖项 net.i2p.crypto:eddsa。 Bouncy castle does not provide the implementation of EdDSA. Bouncy castle 不提供 EdDSA 的实现。 For example in maven add this dependency:例如在 maven 添加这个依赖:

   <dependency>
       <groupId>net.i2p.crypto</groupId>
       <artifactId>eddsa</artifactId>
       <version>0.3.0</version>
   </dependency>

Impact of not fixing不固定的影响

If you don't fix this, then you will not be able to validate the host keys.如果您不解决此问题,那么您将无法验证主机密钥。 My testing was not impacted because I was not validating the host keys yet.我的测试没有受到影响,因为我还没有验证主机密钥。 However, once deployed to production, I would have been impacted because host keys must be validated.但是,一旦部署到生产环境,我就会受到影响,因为必须验证主机密钥。

Details细节

In the Apache mina-sshd source code, the class SecurityUtils reveals the problem.在 Apache mina-sshd 源代码中,class SecurityUtils揭示了这个问题。 That class hardcodes the provider for EdDSA to EdDSASecurityProviderRegistrar : class 将 EdDSA 的提供者硬编码为EdDSASecurityProviderRegistrar

public static final List<String> DEFAULT_SECURITY_PROVIDER_REGISTRARS = Collections.unmodifiableList(
        Arrays.asList(
                "org.apache.sshd.common.util.security.bouncycastle.BouncyCastleSecurityProviderRegistrar",
                "org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderRegistrar"));

Looking through EdDSASecurityProviderRegistrar you see that it expects the class net.i2p.crypto.eddsa.EdDSAKey to exist:查看EdDSASecurityProviderRegistrar您会看到它期望 class net.i2p.crypto.eddsa.EdDSAKey存在:

@Override
public boolean isSupported() {
    Boolean supported;
    synchronized (supportHolder) {
        supported = supportHolder.get();
        if (supported != null) {
            return supported.booleanValue();
        }

        ClassLoader cl = ThreadUtils.resolveDefaultClassLoader(getClass());
        supported = ReflectionUtils.isClassAvailable(cl, "net.i2p.crypto.eddsa.EdDSAKey");
        supportHolder.set(supported);
    }

    return supported.booleanValue();
}

A quick google search and you'll see that net.i2p.crypto.eddsa.EdDSAKey is provided by the library net.i2p.crypto:eddsa.快速谷歌搜索,您会看到net.i2p.crypto.eddsa.EdDSAKey由库 net.i2p.crypto:eddsa 提供。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 apache mina sshd验证客户端签名 - apache mina sshd authenticate client signatures 是否可以通过 Apache Mina SSHD ServerSession 获取 SSH/SFTP 客户端的 IP 地址? - Is it possible to get IP address of SSH/SFTP client via Apache Mina SSHD ServerSession? Apache Mina SSHD服务器 - Apache Mina SSHD server apache sshd(MINA)有多成熟? - How mature is apache sshd (MINA)? Apache Mina SSHD端口转发(如NGROK) - Apache Mina SSHD port forwarding like NGROK 如何输出 Apache Mina SSHD 的日志? - How to ouput the log of Apache Mina SSHD? Apache Mina Sshd SetPasswordAuthenticator不执行 - Apache Mina Sshd SetPasswordAuthenticator Does not Execute Apache Mina SSHD 1.0 服务器立即退出 - Apache Mina SSHD 1.0 Server exits immediately 在apache mina sshd核心版本1.3.0版本的客户端是否有gss / kerberos auth支持 - Is there gss/kerberos auth support on client side of apache mina sshd core version 1.3.0 release Apache SSHD 客户端性能 - Apache SSHD client performance
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM