Version 0.33.0+ fails authentication using RSA unencrypted private key

[sergi-mm]

When using a RSA unencrypted private key (no passphrase), version 0.32.0 works fine but on version 0.33.0 onwards fails authenticating. Also I tested with an SFTP server that uses ssh-dss host algorithm.

Sample code:

        var sshClient = new SSHClient();
       // also tested loading known hosts and keeps failing
        sshClient.addHostKeyVerifier(new PromiscuousVerifier());        
        sshClient.setConnectTimeout(30000);
        sshClient.setTimeout(30000);
        sshClient.connect("ftpserver");

        final var keyProvider = sshClient.loadKeys("/tmp/id_rsa");
        sshClient.auth("user", new AuthPublickey(keyProvider));

Trace when failing with version 0.33.0:

2023-03-14 12:52:39,760 INFO  [main] net.schmizz.sshj.transport.random.JCERandom: Creating new SecureRandom.
2023-03-14 12:52:39,762 DEBUG [main] net.schmizz.sshj.transport.random.JCERandom: Random creation took 1 ms
2023-03-14 12:52:39,805 DEBUG [main] net.schmizz.sshj.DefaultConfig: Available cipher factories: [[email protected], aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, [email protected], [email protected], blowfish-cbc, blowfish-ctr, cast128-cbc, cast128-ctr, idea-cbc, idea-ctr, serpent128-cbc, serpent128-ctr, serpent192-cbc, serpent192-ctr, serpent256-cbc, serpent256-ctr, 3des-cbc, 3des-ctr, twofish128-cbc, twofish128-ctr, twofish192-cbc, twofish192-ctr, twofish256-cbc, twofish256-ctr, twofish-cbc, arcfour, arcfour128, arcfour256]
2023-03-14 12:52:39,991 INFO  [main] net.schmizz.sshj.transport.TransportImpl: Client identity string: SSH-2.0-SSHJ_0.33.0
2023-03-14 12:52:40,159 INFO  [main] net.schmizz.sshj.transport.TransportImpl: Server identity string: SSH-2.0-9.99 sshlib
2023-03-14 12:52:40,160 DEBUG [main] net.schmizz.sshj.transport.KeyExchanger: Sending SSH_MSG_KEXINIT
2023-03-14 12:52:40,162 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Received packet KEXINIT
2023-03-14 12:52:40,162 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.KeyExchanger: Received SSH_MSG_KEXINIT
2023-03-14 12:52:40,164 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.KeyExchanger: Negotiated algorithms: [ kex=diffie-hellman-group-exchange-sha256; sig=ssh-dss; c2sCipher=aes128-cbc; s2cCipher=aes128-cbc; c2sMAC=hmac-sha1; s2cMAC=hmac-sha1; c2sComp=none; s2cComp=none;  ]
2023-03-14 12:52:40,177 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.kex.AbstractDHGex: Sending KEX_DH_GEX_REQUEST
2023-03-14 12:52:40,519 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Received packet KEXDH_31
2023-03-14 12:52:40,519 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.KeyExchanger: Received kex followup data
2023-03-14 12:52:40,520 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.kex.AbstractDHGex: Got message KEXDH_31
2023-03-14 12:52:40,520 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.kex.AbstractDHGex: Received server p bitlength 2048
2023-03-14 12:52:40,551 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.kex.AbstractDHGex: Sending KEX_DH_GEX_INIT
2023-03-14 12:52:40,724 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Received packet KEX_DH_GEX_REPLY
2023-03-14 12:52:40,725 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.KeyExchanger: Received kex followup data
2023-03-14 12:52:40,725 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.kex.AbstractDHGex: Got message KEX_DH_GEX_REPLY
2023-03-14 12:52:40,778 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.KeyExchanger: Trying to verify host key with net.schmizz.sshj.transport.verification.PromiscuousVerifier@56cb82ac
2023-03-14 12:52:40,779 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.KeyExchanger: Sending SSH_MSG_NEWKEYS
2023-03-14 12:52:40,779 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.Encoder: Encoding packet #3: 15
2023-03-14 12:52:40,779 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.Decoder: Received packet #3: 15
2023-03-14 12:52:40,779 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Received packet NEWKEYS
2023-03-14 12:52:40,779 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.KeyExchanger: Received SSH_MSG_NEWKEYS
2023-03-14 12:52:40,782 DEBUG [main] net.schmizz.sshj.SSHClient: Key exchange took 0.622 seconds
2023-03-14 12:52:40,787 DEBUG [main] net.schmizz.sshj.transport.TransportImpl: Sending SSH_MSG_SERVICE_REQUEST for ssh-userauth
2023-03-14 12:52:41,187 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Received packet SERVICE_ACCEPT
2023-03-14 12:52:41,188 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Setting active service to ssh-userauth
2023-03-14 12:52:41,189 DEBUG [main] net.schmizz.sshj.userauth.UserAuthImpl: Trying `publickey` auth...
2023-03-14 12:52:41,189 DEBUG [main] net.schmizz.sshj.userauth.method.AuthPublickey: Attempting authentication using PKCS5KeyFile{resource=[PrivateKeyFileResource] /tmp/id_rsa}
2023-03-14 12:52:41,477 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Received packet USERAUTH_60
2023-03-14 12:52:41,478 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.userauth.UserAuthImpl: Asking `publickey` method to handle USERAUTH_60 packet
2023-03-14 12:52:41,478 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.userauth.method.AuthPublickey: Key acceptable, sending signed request
2023-03-14 12:52:41,478 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.userauth.method.AuthPublickey: Attempting authentication using PKCS5KeyFile{resource=[PrivateKeyFileResource] /tmp/id_rsa}
2023-03-14 12:52:41,658 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Received packet USERAUTH_FAILURE
2023-03-14 12:52:41,658 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.userauth.method.AuthPublickey: Attempting authentication using PKCS5KeyFile{resource=[PrivateKeyFileResource] /tmp/id_rsa}
2023-03-14 12:52:41,829 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Received packet USERAUTH_60
2023-03-14 12:52:41,829 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.userauth.UserAuthImpl: Asking `publickey` method to handle USERAUTH_60 packet
2023-03-14 12:52:41,829 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.userauth.method.AuthPublickey: Key acceptable, sending signed request
2023-03-14 12:52:41,829 DEBUG [sshj-Reader-ftpserver:22] net.schmizz.sshj.userauth.method.AuthPublickey: Attempting authentication using PKCS5KeyFile{resource=[PrivateKeyFileResource] /tmp/id_rsa}
2023-03-14 12:52:42,017 TRACE [sshj-Reader-ftpserver:22] net.schmizz.sshj.transport.TransportImpl: Received packet USERAUTH_FAILURE
2023-03-14 12:52:42,017 DEBUG [main] net.schmizz.sshj.userauth.UserAuthImpl: `publickey` auth failed

net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods

[exceptionfactory]

@sergi-mm It sounds like the problem could be similar to issue #789.

If the SSH server is expecting the legacy ssh-rsa algorithm, it could be failing due to SSHJ attempting the newer rsa-sha2 algorithms first. This behavior can be changed using the config properties in SSHJ or invoking DefaultConfig.prioritizeSshRsaKeyAlgorithm().

[hierynomus]

@sergi-mm Does the suggestion from @exceptionfactory solve your issue?

[sergi-mm]

Hi @exceptionfactory @hierynomus , this workaround is working for version 0.33.0 and higher, but shouldn't be the default config able to detect both RSA2 and RSA algorithms? To keep automatic backward compatibility.

[vladimirlagunov]

I thought that this problem was fixed: #761

[hierynomus]

now that you mention it, It should indeed have been

[exceptionfactory]

According to the last comment on issue #789, it sounds like authentication with the ssh-rsa algorithm could still fail if the SSH server had a MaxAuthTries setting of 2:

Turns out the server with PubKeyAcceptedAlgorithms=ssh-rsa had MaxAuthTries set to 2.

Not sure if that is the problem in this case, but it is worth noting in light of the fact that changing the algorithm order using prioritizeSshRsaKeyAlgorithm apparently works.

[sawanverma]

According to the last comment on issue #789, it sounds like authentication with the ssh-rsa algorithm could still fail if the SSH server had a MaxAuthTries setting of 2:

Turns out the server with PubKeyAcceptedAlgorithms=ssh-rsa had MaxAuthTries set to 2.

Not sure if that is the problem in this case, but it is worth noting in light of the fact that changing the algorithm order using prioritizeSshRsaKeyAlgorithm apparently works.

Can you suggest how to use prioritizeSshRsaKeyAlgorithm to fix this problem? Probably a code example will help

[hierynomus]

It's a setting in the Config object. config.prioritizeSshRsaKeyAlgorithm()

[sawanverma]

I tried the following but getting the same error

    val client = new net.schmizz.sshj.SSHClient()
    val config = new DefaultConfig()
    config.prioritizeSshRsaKeyAlgorithm()
    client.loadKnownHosts()
    client.connect(ia)
    client.authPublickey(userName)
    client

net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods at net.schmizz.sshj.SSHClient.auth(SSHClient.java:230) at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:345) at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:393) at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:324)

[hierynomus]

Just the stacktrace is not enough information to troubleshoot... Can you add some logs, preferably debug level.

[sawanverma]

2023-04-12 12:08:09.464 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] INFO  n.s.sshj.transport.random.JCERandom - Creating new SecureRandom.
2023-04-12 12:08:09.464 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG n.s.sshj.transport.random.JCERandom - Random creation took 0 ms
2023-04-12 12:08:09.472 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CHACHA
2023-04-12 12:08:09.566 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] WARN  net.schmizz.sshj.DefaultConfig - Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
2023-04-12 12:08:09.566 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.DefaultConfig - Available cipher factories: [aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, [email protected], [email protected], blowfish-cbc, blowfish-ctr, cast128-cbc, cast128-ctr, idea-cbc, idea-ctr, serpent128-cbc, serpent128-ctr, serpent192-cbc, serpent192-ctr, serpent256-cbc, serpent256-ctr, 3des-cbc, 3des-ctr, twofish128-cbc, twofish128-ctr, twofish192-cbc, twofish192-ctr, twofish256-cbc, twofish256-ctr, twofish-cbc, arcfour, arcfour128, arcfour256]
2023-04-12 12:08:09.583 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] INFO  n.s.sshj.transport.random.JCERandom - Creating new SecureRandom.
2023-04-12 12:08:09.583 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG n.s.sshj.transport.random.JCERandom - Random creation took 0 ms
2023-04-12 12:08:09.583 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CHACHA
2023-04-12 12:08:09.602 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] WARN  net.schmizz.sshj.DefaultConfig - Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
2023-04-12 12:08:09.602 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.DefaultConfig - Available cipher factories: [aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, [email protected], [email protected], blowfish-cbc, blowfish-ctr, cast128-cbc, cast128-ctr, idea-cbc, idea-ctr, serpent128-cbc, serpent128-ctr, serpent192-cbc, serpent192-ctr, serpent256-cbc, serpent256-ctr, 3des-cbc, 3des-ctr, twofish128-cbc, twofish128-ctr, twofish192-cbc, twofish192-ctr, twofish256-cbc, twofish256-ctr, twofish-cbc, arcfour, arcfour128, arcfour256]
2023-04-12 12:08:09.610 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|ywu1nWCvjA+DfcgxJTzgBKPqur4=|s90ZMM1qGIOXA1C9B6Y2KZLw/Gg= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
2023-04-12 12:08:09.610 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|690uR2Eys+7WjX0gk/xXaZlohWQ=|H5NCjvLq5xUdEB0Kq7jOdcgXkMA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
2023-04-12 12:08:09.613 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|+Cleb5yn+PpcRFCbz2XUyireyWo=|TmXBStRunUCN0EiE8cTR/YcfUUs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
2023-04-12 12:08:09.614 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
2023-04-12 12:08:09.640 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
2023-04-12 12:08:09.640 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|HBbdFe+Yp27Fi90s7M5SVW/iX28=|Hnq0qIkEA4IHIgSD3uspjCJLl7A= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
2023-04-12 12:08:09.641 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|TDlgW6gdnlSg/MX7VW6WzHbqNWs=|dALFl0Bfr1GaS4dhOtKuRpWrmfY= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
2023-04-12 12:08:09.641 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
2023-04-12 12:08:09.641 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|aXdA2IiRYKn3xigZcjeD4LV3SKE=|CI6h5DKLq2E/0k64DNougsleOK8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
2023-04-12 12:08:09.642 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
2023-04-12 12:08:09.643 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] INFO  n.s.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0.35.0
2023-04-12 12:08:09.660 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] INFO  n.s.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_7.4
2023-04-12 12:08:09.661 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.SSHClient - Initiating Key Exchange for new connection
2023-04-12 12:08:09.661 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG n.s.sshj.transport.KeyExchanger - Sending SSH_MSG_KEXINIT
2023-04-12 12:08:09.665 - 7.3.0.49 - 157412 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681301289661] DEBUG n.s.sshj.transport.KeyExchanger - Received SSH_MSG_KEXINIT
2023-04-12 12:08:09.666 - 7.3.0.49 - 157412 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681301289661] DEBUG n.s.sshj.transport.KeyExchanger - Negotiated algorithms: [ kex=diffie-hellman-group1-sha1; sig=ssh-ed25519; c2sCipher=aes128-cbc; s2cCipher=aes128-cbc; c2sMAC=hmac-sha1; s2cMAC=hmac-sha1; c2sComp=none; s2cComp=none;  ]
2023-04-12 12:08:09.708 - 7.3.0.49 - 157412 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681301289661] DEBUG n.s.sshj.transport.KeyExchanger - Received kex followup data
2023-04-12 12:08:09.708 - 7.3.0.49 - 157412 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681301289661] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
2023-04-12 12:08:09.713 - 7.3.0.49 - 157412 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681301289661] DEBUG n.s.sshj.transport.KeyExchanger - Trying to verify host key with OpenSSHKnownHosts{khFile='/home/gbt/.ssh/known_hosts'}
2023-04-12 12:08:09.714 - 7.3.0.49 - 157412 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681301289661] DEBUG n.s.sshj.transport.KeyExchanger - Sending SSH_MSG_NEWKEYS
2023-04-12 12:08:09.714 - 7.3.0.49 - 157412 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681301289661] DEBUG n.s.sshj.transport.KeyExchanger - Received SSH_MSG_NEWKEYS
2023-04-12 12:08:09.715 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.SSHClient - Key exchange took 0.054 seconds
2023-04-12 12:08:09.715 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /home/gbt/.ssh/id_rsa
2023-04-12 12:08:09.717 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] INFO  net.schmizz.sshj.SSHClient - Could not load keys from /home/gbt/.ssh/id_rsa due to: No provider available for OpenSSH key file
2023-04-12 12:08:09.717 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /home/gbt/.ssh/id_dsa
2023-04-12 12:08:09.717 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] INFO  net.schmizz.sshj.SSHClient - Could not load keys from /home/gbt/.ssh/id_dsa due to: /home/gbt/.ssh/id_dsa (No such file or directory)
2023-04-12 12:08:09.717 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /home/gbt/.ssh/id_ed25519
2023-04-12 12:08:09.717 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] INFO  net.schmizz.sshj.SSHClient - Could not load keys from /home/gbt/.ssh/id_ed25519 due to: /home/gbt/.ssh/id_ed25519 (No such file or directory)
2023-04-12 12:08:09.717 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /home/gbt/.ssh/id_ecdsa
2023-04-12 12:08:09.717 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] INFO  net.schmizz.sshj.SSHClient - Could not load keys from /home/gbt/.ssh/id_ecdsa due to: /home/gbt/.ssh/id_ecdsa (No such file or directory)
2023-04-12 12:08:09.721 - 7.3.0.49 - 157412 - [bc2r-akka.actor.default-dispatcher-5] ERROR Failed to build ssh client for gbt-vert-12. Exiting...
net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods

[exceptionfactory]

Thanks for the providing the debug logs @sawanverma, this line indicates a problem:

Could not load keys from /home/gbt/.ssh/id_rsa due to: No provider available for OpenSSH key file

Other lines seem to indicate that the Bouncy Castle library is not available, which could be the problem. SSHJ is unable to read the RSA private key.

[sawanverma]

I am using the BouncyCastleFipsProvider.

"org.bouncycastle" % "bc-fips" % "1.0.2.3"

And have added this in the code. This is our prod requirement.

Security.addProvider(new BouncyCastleFipsProvider())

Earlier we were using the "com.hierynomus" % "sshj" % "0.30.0" version without BC-Fips provider.

After adding the BCFIPS provider, the above version was giving error

Caused by: java.lang.SecurityException: class "org.bouncycastle.crypto.CryptoServicesRegistrar"'s signer information does not match signer information of other classes in the same package

Probably as this version was using the following two runtime dependencies.

org.bouncycastle.bcpkix-jdk15on-1.66.jar org.bouncycastle.bcprov-jdk15on-1.66.jar

After updating the sshj version to 0.35.0, the above error has gone but now I am stuck at the mentioned error.

If this line is the problem or if other lines indicate that Bouncy Castle Library is not available, what should I change to work?

By the way I do see the following libraries in the lib directory.

org.bouncycastle.bc-fips-1.0.2.3.jar org.bouncycastle.bcpkix-jdk15on-1.70.jar org.bouncycastle.bcprov-jdk15on-1.70.jar org.bouncycastle.bcutil-jdk15on-1.70.jar

[exceptionfactory]

I am not sure about the compatibility of the FIPS provider with SSHJ, but I know some algorithms will not work. I recommend removing the FIPS provider and testing with version 1.70. After getting that to work, then evaluate behavior with the FIPS provider.

[sawanverma]

I tested it by removing the Fips Provider. Even then the same error. Following are the logs

 2023-04-12 14:52:27.638 - 7.3.0.49 - 261310 - [app] INFO  n.schmizz.sshj.common.SecurityUtils - Security Provider class 'org.bouncycastle.jce.provider.BouncyCastleProvider' could not be created
  2023-04-12 14:52:27.638 - 7.3.0.49 - 261310 - [app] INFO  n.schmizz.sshj.common.SecurityUtils - BouncyCastle not registered, using the default JCE provider
  2023-04-12 14:52:27.654 - 7.3.0.49 - 261310 - [app] INFO  n.s.sshj.transport.random.JCERandom - Creating new SecureRandom.
  2023-04-12 14:52:27.654 - 7.3.0.49 - 261310 - [app] DEBUG n.s.sshj.transport.random.JCERandom - Random creation took 0 ms
  2023-04-12 14:52:27.660 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CHACHA
  2023-04-12 14:52:27.668 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CAST5/CBC/NoPadding
  2023-04-12 14:52:27.669 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CAST5/CTR/NoPadding
  2023-04-12 14:52:27.669 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting IDEA/CBC/NoPadding
  2023-04-12 14:52:27.669 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting IDEA/CTR/NoPadding
  2023-04-12 14:52:27.669 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CBC/NoPadding
  2023-04-12 14:52:27.669 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CTR/NoPadding
  2023-04-12 14:52:27.669 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CBC/NoPadding
  2023-04-12 14:52:27.669 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CTR/NoPadding
  2023-04-12 14:52:27.669 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CBC/NoPadding
  2023-04-12 14:52:27.669 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CTR/NoPadding
  2023-04-12 14:52:27.670 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
  2023-04-12 14:52:27.670 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CTR/NoPadding
  2023-04-12 14:52:27.671 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
  2023-04-12 14:52:27.671 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CTR/NoPadding
  2023-04-12 14:52:27.671 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
  2023-04-12 14:52:27.671 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CTR/NoPadding
  2023-04-12 14:52:27.671 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
  2023-04-12 14:52:27.672 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
  2023-04-12 14:52:27.672 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.DefaultConfig - Available cipher factories: [aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, [email protected], [email protected], blowfish-cbc, blowfish-ctr, 3des-cbc, 3des-ctr, arcfour, arcfour128, arcfour256]
  2023-04-12 14:52:27.689 - 7.3.0.49 - 261310 - [app] INFO  n.s.sshj.transport.random.JCERandom - Creating new SecureRandom.
  2023-04-12 14:52:27.689 - 7.3.0.49 - 261310 - [app] DEBUG n.s.sshj.transport.random.JCERandom - Random creation took 0 ms
  2023-04-12 14:52:27.689 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CHACHA
  2023-04-12 14:52:27.690 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CAST5/CBC/NoPadding
  2023-04-12 14:52:27.691 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CAST5/CTR/NoPadding
  2023-04-12 14:52:27.691 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting IDEA/CBC/NoPadding
  2023-04-12 14:52:27.691 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting IDEA/CTR/NoPadding
  2023-04-12 14:52:27.691 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CBC/NoPadding
  2023-04-12 14:52:27.691 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CTR/NoPadding
  2023-04-12 14:52:27.691 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CBC/NoPadding
  2023-04-12 14:52:27.691 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CTR/NoPadding
  2023-04-12 14:52:27.691 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CBC/NoPadding
  2023-04-12 14:52:27.691 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CTR/NoPadding
  2023-04-12 14:52:27.692 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
  2023-04-12 14:52:27.692 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CTR/NoPadding
  2023-04-12 14:52:27.692 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
  2023-04-12 14:52:27.692 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CTR/NoPadding
  2023-04-12 14:52:27.692 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
  2023-04-12 14:52:27.692 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CTR/NoPadding
  2023-04-12 14:52:27.692 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
  2023-04-12 14:52:27.692 - 7.3.0.49 - 261310 - [app] WARN  net.schmizz.sshj.DefaultConfig - Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
  2023-04-12 14:52:27.692 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.DefaultConfig - Available cipher factories: [aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, [email protected], [email protected], blowfish-cbc, blowfish-ctr, 3des-cbc, 3des-ctr, arcfour, arcfour128, arcfour256]
  2023-04-12 14:52:27.700 - 7.3.0.49 - 261310 - [app] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|ywu1nWCvjA+DfcgxJTzgBKPqur4=|s90ZMM1qGIOXA1C9B6Y2KZLw/Gg= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
  2023-04-12 14:52:27.700 - 7.3.0.49 - 261310 - [app] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|690uR2Eys+7WjX0gk/xXaZlohWQ=|H5NCjvLq5xUdEB0Kq7jOdcgXkMA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
  2023-04-12 14:52:27.703 - 7.3.0.49 - 261310 - [app] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|+Cleb5yn+PpcRFCbz2XUyireyWo=|TmXBStRunUCN0EiE8cTR/YcfUUs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
  2023-04-12 14:52:27.703 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
  p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
  2023-04-12 14:52:27.736 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
  p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
  2023-04-12 14:52:27.737 - 7.3.0.49 - 261310 - [app] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|HBbdFe+Yp27Fi90s7M5SVW/iX28=|Hnq0qIkEA4IHIgSD3uspjCJLl7A= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
  2023-04-12 14:52:27.737 - 7.3.0.49 - 261310 - [app] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|TDlgW6gdnlSg/MX7VW6WzHbqNWs=|dALFl0Bfr1GaS4dhOtKuRpWrmfY= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
  2023-04-12 14:52:27.737 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
  p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
  2023-04-12 14:52:27.738 - 7.3.0.49 - 261310 - [app] DEBUG n.s.s.t.v.OpenSSHKnownHosts - Failed to process line (net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256): |1|aXdA2IiRYKn3xigZcjeD4LV3SKE=|CI6h5DKLq2E/0k64DNougsleOK8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGak0Mg7Wh5VkC5xypgNkBlekiLTw2YGrGgClG63UqJmMmy9qYcQ7gL2mZ6W/h84Py92Yv2QopyN1vNhvCgSUoU= 
  2023-04-12 14:52:27.738 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
  p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
  2023-04-12 14:52:27.739 - 7.3.0.49 - 261310 - [app] INFO  n.s.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0.35.0
  2023-04-12 14:52:27.755 - 7.3.0.49 - 261310 - [app] INFO  n.s.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_7.4
  2023-04-12 14:52:27.756 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.SSHClient - Initiating Key Exchange for new connection
  2023-04-12 14:52:27.757 - 7.3.0.49 - 261310 - [app] DEBUG n.s.sshj.transport.KeyExchanger - Sending SSH_MSG_KEXINIT
  2023-04-12 14:52:27.761 - 7.3.0.49 - 261310 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681311147756] DEBUG n.s.sshj.transport.KeyExchanger - Received SSH_MSG_KEXINIT
  2023-04-12 14:52:27.763 - 7.3.0.49 - 261310 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681311147756] DEBUG n.s.sshj.transport.KeyExchanger - Negotiated algorithms: [ kex=diffie-hellman-group1-sha1; sig=ssh-ed25519; c2sCipher=aes128-cbc; s2cCipher=aes128-cbc; c2sMAC=hmac-sha1; s2cMAC=hmac-sha1; c2sComp=none; s2cComp=none;  ]
  2023-04-12 14:52:27.803 - 7.3.0.49 - 261310 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681311147756] DEBUG n.s.sshj.transport.KeyExchanger - Received kex followup data
  2023-04-12 14:52:27.803 - 7.3.0.49 - 261310 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681311147756] DEBUG net.schmizz.sshj.common.KeyType - Key algo: ssh-ed25519, Key curve: 25519, Key Len: 32
  p: [-28, -13, -127, -124, 91, 79, -11, 46, 6, -56, 84, -26, -113, 106, 32, 12, -101, -38, -54, -112, -112, 113, 75, -95, 15, 82, -50, 29, 77, 65, 16, -83]
  2023-04-12 14:52:27.810 - 7.3.0.49 - 261310 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681311147756] DEBUG n.s.sshj.transport.KeyExchanger - Trying to verify host key with OpenSSHKnownHosts{khFile='/home/gbt/.ssh/known_hosts'}
  2023-04-12 14:52:27.811 - 7.3.0.49 - 261310 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681311147756] DEBUG n.s.sshj.transport.KeyExchanger - Sending SSH_MSG_NEWKEYS
  2023-04-12 14:52:27.811 - 7.3.0.49 - 261310 - [sshj-Reader-gbt-vert-12/10.0.80.229:22-1681311147756] DEBUG n.s.sshj.transport.KeyExchanger - Received SSH_MSG_NEWKEYS
  2023-04-12 14:52:27.812 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.SSHClient - Key exchange took 0.055 seconds
  2023-04-12 14:52:27.812 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /home/gbt/.ssh/id_rsa
  2023-04-12 14:52:27.814 - 7.3.0.49 - 261310 - [app] INFO  net.schmizz.sshj.SSHClient - Could not load keys from /home/gbt/.ssh/id_rsa due to: No provider available for OpenSSH key file
  2023-04-12 14:52:27.814 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /home/gbt/.ssh/id_dsa
  2023-04-12 14:52:27.814 - 7.3.0.49 - 261310 - [app] INFO  net.schmizz.sshj.SSHClient - Could not load keys from /home/gbt/.ssh/id_dsa due to: /home/gbt/.ssh/id_dsa (No such file or directory)
  2023-04-12 14:52:27.814 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /home/gbt/.ssh/id_ed25519
  2023-04-12 14:52:27.814 - 7.3.0.49 - 261310 - [app] INFO  net.schmizz.sshj.SSHClient - Could not load keys from /home/gbt/.ssh/id_ed25519 due to: /home/gbt/.ssh/id_ed25519 (No such file or directory)
  2023-04-12 14:52:27.814 - 7.3.0.49 - 261310 - [app] DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /home/gbt/.ssh/id_ecdsa
  2023-04-12 14:52:27.814 - 7.3.0.49 - 261310 - [app] INFO  net.schmizz.sshj.SSHClient - Could not load keys from /home/gbt/.ssh/id_ecdsa due to: /home/gbt/.ssh/id_ecdsa (No such file or directory)
  2023-04-12 14:52:27.818 - 7.3.0.49 - 261310 - [app] ERROR c.g.scalar.bc2r.actor.Supervisor$ - [(NoMPS,NoMPS,NoMPS)] [DEVOPS] Failed to build ssh client for gbt-vert-12. Exiting...

[exceptionfactory]

The logs indicate that Bouncy Castle is still missing at runtime.

[sawanverma]

Yes the log indicates so. But I am very much sure that those jars are present under the project lib directory as mentioned above.

[sawanverma]

I removed the bc-fips jar from the lib directory and then now it works. Probably it was conflicting with that.

So having said that, how can we make it work using bc-fips provider?

[sawanverma]

I can see one issue opened for the same and subsequent comments

https://github.com/hierynomus/sshj/issues/669

https://github.com/hierynomus/sshj/issues/526#issuecomment-895576566

[sawanverma]

@hierynomus Could you suggest what change can make it work? I do really need to have bc-fips provider. In case if there are no options, I may have to switch to any other client for using ssh within the code. Any help would really be appreciated.

[exceptionfactory]

@sawanverma I recommend continuing the conversation regarding FIPS on issue #669 as linked. Supporting FIPS would require adjustments to SSHJ, as well as careful selection of the key algorithms used in the client configuration.