[英]Apache mina-sshd ssh client always prints EdDSA provider not supported
I'm using Apache sshd's ssh client.我正在使用 Apache sshd 的 ssh 客户端。 Whenever I establish a connection to the destination ssh server, I see this in the logs.
每当我与目标 ssh 服务器建立连接时,我都会在日志中看到这一点。 The connection works, but is there something wrong?
连接有效,但有什么问题吗? How can I fix it?
我该如何解决?
The exception looks like:异常如下所示:
(SshException) to process: EdDSA provider not supported
How to fix怎么修
To fix the problem add a dependency net.i2p.crypto:eddsa.要解决此问题,请添加依赖项 net.i2p.crypto:eddsa。 Bouncy castle does not provide the implementation of EdDSA.
Bouncy castle 不提供 EdDSA 的实现。 For example in maven add this dependency:
例如在 maven 添加这个依赖:
<dependency>
<groupId>net.i2p.crypto</groupId>
<artifactId>eddsa</artifactId>
<version>0.3.0</version>
</dependency>
Impact of not fixing不固定的影响
If you don't fix this, then you will not be able to validate the host keys.如果您不解决此问题,那么您将无法验证主机密钥。 My testing was not impacted because I was not validating the host keys yet.
我的测试没有受到影响,因为我还没有验证主机密钥。 However, once deployed to production, I would have been impacted because host keys must be validated.
但是,一旦部署到生产环境,我就会受到影响,因为必须验证主机密钥。
Details细节
In the Apache mina-sshd source code, the class SecurityUtils reveals the problem.在 Apache mina-sshd 源代码中,class SecurityUtils揭示了这个问题。 That class hardcodes the provider for EdDSA to
EdDSASecurityProviderRegistrar
: class 将 EdDSA 的提供者硬编码为
EdDSASecurityProviderRegistrar
:
public static final List<String> DEFAULT_SECURITY_PROVIDER_REGISTRARS = Collections.unmodifiableList(
Arrays.asList(
"org.apache.sshd.common.util.security.bouncycastle.BouncyCastleSecurityProviderRegistrar",
"org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderRegistrar"));
Looking through EdDSASecurityProviderRegistrar you see that it expects the class net.i2p.crypto.eddsa.EdDSAKey
to exist:查看EdDSASecurityProviderRegistrar您会看到它期望 class
net.i2p.crypto.eddsa.EdDSAKey
存在:
@Override
public boolean isSupported() {
Boolean supported;
synchronized (supportHolder) {
supported = supportHolder.get();
if (supported != null) {
return supported.booleanValue();
}
ClassLoader cl = ThreadUtils.resolveDefaultClassLoader(getClass());
supported = ReflectionUtils.isClassAvailable(cl, "net.i2p.crypto.eddsa.EdDSAKey");
supportHolder.set(supported);
}
return supported.booleanValue();
}
A quick google search and you'll see that net.i2p.crypto.eddsa.EdDSAKey
is provided by the library net.i2p.crypto:eddsa.快速谷歌搜索,您会看到
net.i2p.crypto.eddsa.EdDSAKey
由库 net.i2p.crypto:eddsa 提供。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.