Ask Your Question
0

NETCONF ssh signature error

asked 2016-09-12 07:14:29 -0700

cheynester gravatar image

updated 2016-09-12 07:19:06 -0700

Hello, I'm currently seeing the following on karaf-0.4.3-Beryllium-SR3 when trying to connect to NETCONF server on a device. Can anyone point me as to what the issue might be? I can connect to the device fine with yangcli-pro..only when I use ODL it fails:

2016-09-12 09:51:18,727 | INFO  | NioProcessor-6   | ClientSessionImpl                | 293 - org.apache.sshd.core - 0.14.0 | Client session created
2016-09-12 09:51:18,729 | INFO  | NioProcessor-6   | ClientSessionImpl                | 293 - org.apache.sshd.core - 0.14.0 | Start flagging packets as pending until key exchange is done
2016-09-12 09:51:18,783 | INFO  | NioProcessor-6   | ClientSessionImpl                | 293 - org.apache.sshd.core - 0.14.0 | Server version string: SSH-2.0-OpenSSH_6.6.1
2016-09-12 09:51:18,800 | WARN  | NioProcessor-6   | ClientSessionImpl                | 293 - org.apache.sshd.core - 0.14.0 | Exception caught
java.security.SignatureException: error decoding signature bytes.
        at org.bouncycastle.jcajce.provider.asymmetric.util.DSABase.engineVerify(Unknown Source)[bcprov-jdk15on-1.52.jar:1.52.0]
        at java.security.Signature$Delegate.engineVerify(Signature.java:1219)[:1.8.0_91]
        at java.security.Signature.verify(Signature.java:652)[:1.8.0_91]
        at org.apache.sshd.common.signature.SignatureECDSA.verify(SignatureECDSA.java:175)[293:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.client.kex.AbstractDHGClient.next(AbstractDHGClient.java:121)[293:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:425)[293:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[293:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:306)[293:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[293:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[293:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)[293:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.io.mina.MinaService.messageReceived(MinaService.java:105)[293:org.apache.sshd.core:0.14.0]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)[51:org.apache.mina.core:2.0.7]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)[51:org.apache.mina.core:2.0.7]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)[51:org.apache.mina.core:2.0.7]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)[51:org.apache.mina.core:2.0.7]
        at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)[51:org.apache.mina.core:2.0.7]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)[51:org.apache.mina.core:2.0.7]
        at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:410)[51:org.apache.mina.core:2.0.7]
        at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:710 ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-10-21 09:40:49 -0700

Hello,

This is due to mina-sshd dependency, the apache library used to established the ssh connection. We're currently using an old version, 0.14.0. There is plan to upgrade it to newer version, 1.2.0. In-between those versions, many fix were done regarding verifying signature, for instance:
[SSHD-491] SSHD fails to correctly verify ECDSA P-521 public keys
[SSHD-642] Pad RSA signatures with zeroes if necessary to complete the expected signature size

Hope this helps, Alexis

edit flag offensive delete publish link more
Login/Signup to Answer

Stats

Asked: 2016-09-12 07:14:29 -0700

Seen: 89 times

Last updated: Oct 21 '16