pdi-git-plugin icon indicating copy to clipboard operation
pdi-git-plugin copied to clipboard

Published 20 hours ago verified publisher icon HiromuHota

Use Apache MINA sshd instead of JSch

Open HiromuHota opened this issue 5 years ago • 11 comments

This PR will fix #35.

HiromuHota avatar Nov 24 '19 05:11 HiromuHota

I had to remove lib/bcprov-jdk14-138.jar and lib/bcmail-jdk14-138.jar. RSA key worked, but Ed25519 did not with the following warning at logs/spoon.log

[org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider] java.security.NoSuchAlgorithmException: Unsupported key type (ssh-ed25519) in /home/tomcat/.ssh/id_ed25519

HiromuHota avatar Nov 24 '19 05:11 HiromuHota

https://bugs.eclipse.org/bugs/show_bug.cgi?id=520927

rely on net.i2p.crypto.eddsa 0.3.0 for ed25519 support

HiromuHota avatar Nov 24 '19 06:11 HiromuHota

Ed25519 key still not working with an error popup "No more authentication methods available". Also at logs/spoon.log

WARN [org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider] java.security.NoSuchAlgorithmException: Unsupported key type (ssh-ed25519) in /home/tomcat/.ssh/id_ed25519

HiromuHota avatar Nov 26 '19 01:11 HiromuHota

The reason is that the classloader ParallelWebappClassLoader cannot find the class for EdDSAKey.

            ClassLoader cl = ThreadUtils.resolveDefaultClassLoader(getClass());
            supported = ReflectionUtils.isClassAvailable(cl, "net.i2p.crypto.eddsa.EdDSAKey");

https://github.com/apache/mina-sshd/blob/sshd-2.2.0/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/EdDSASecurityProviderRegistrar.java#L98

HiromuHota avatar Nov 26 '19 01:11 HiromuHota

Move eddsa-0.3.0.jar to webapps/spoon/WEB-INF/lib/ solved the error and succeeded. Now is the time to test on Spoon.

HiromuHota avatar Nov 26 '19 16:11 HiromuHota

On Spoon, eddsa-0.3.0.jar needed to move to lib/.

HiromuHota avatar Nov 26 '19 17:11 HiromuHota

In summary, in order for Apache MINA sshd to work, I have to

  • Remove lib/bcprov-jdk14-138.jar

To support Ed25519,

  • Add bcprov-jdk15on-1.64.jar and eddsa-0.3.0.jar to lib/

HiromuHota avatar Nov 26 '19 17:11 HiromuHota

bcmail-jdk14-1.51.jar and bcprov-jdk14-1.51.jar at lib/ did not work.

HiromuHota avatar Nov 26 '19 17:11 HiromuHota

So bcprov-jdk14-1.XX.jar (tested 1.38 thru 1.64) causes an error "InvalidAlgorithmParameterException: parameter object not a ECParameterSpec". bcprov-jdk15on-1.XX.jar (tested 1.51 thru 1.64) worked fine.

HiromuHota avatar Nov 26 '19 19:11 HiromuHota

Related issue: https://osgeo-org.atlassian.net/browse/GEOS-7642

HiromuHota avatar Nov 26 '19 19:11 HiromuHota

Another related issue: https://stackoverflow.com/questions/42238313/java-security-invalidalgorithmparameterexception-parameter-object-not-a-ecparam/42252911

HiromuHota avatar Nov 26 '19 19:11 HiromuHota