Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Enable ssh-dss algorithm for known-host in Apache-Mina

Tags:

java

sftp

apache-mina

I'm working on a custom SFTP client. The client receives a known-host record as a required server key. My code works fine with ssh-rsa, but in the case of ssh-dss Mina throws an exception with a message Unable to negotiate key exchange for server host key algorithms (client: [email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa / server: ssh-dss). The official documentation (https://github.com/apache/mina-sshd) says that Mina does support ssh-dss.

Would you recommend a way how to make SshClient use ssh-dss (something like PubkeyAcceptedKeyTypes=+ssh-dss in ssh config)?

Thank you.

like image 639
Sergey Panov Avatar asked Apr 29 '26 22:04

Sergey Panov

1 Answers

In NetconfSSHClient.java add the following after the call to SshClient.setUpDefaultClient()

        // add DSS 
        List<NamedFactory<Signature>> signatureFactories = client.getSignatureFactories();
        List<BuiltinSignatures> signatures = new ArrayList<>();
        signatures.add(BuiltinSignatures.dsa);
        signatureFactories.addAll(NamedFactory.setUpBuiltinFactories(false, signatures));
        
        client.setSignatureFactories(signatureFactories);

You'll also need to add the matching includes to the top of your file:

import java.util.List;
import java.util.ArrayList;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.signature.BuiltinSignatures;

There may be an easier way, but this was the way the Mina-SSHD mailing list told me to do it.

If you also need deprecated KEX or Ciphers the process is similar for cyphers but slightly different for KEX:

        // Get the current default list of key exchange factories
        List<KeyExchangeFactory> keyExchangeFactories = client.getKeyExchangeFactories();

        // Add the Diffie-Hellman-group1-sha1 key exchange factory
        keyExchangeFactories.addAll(NamedFactory.setUpTransformedFactories(
                false,
                List.of(BuiltinDHFactories.dhg1),
                ClientBuilder.DH2KEX
        ));

        // Update the key exchange factories
        client.setKeyExchangeFactories(keyExchangeFactories);
like image 113
Luciano Avatar answered May 02 '26 12:05

Luciano
Sign in to Comment

Related questions

How to map child class with Parent class in Hibernate?
Apache CXF 2.x option doesn't appear under Web Services in Eclipse Indigo
JUnit AssertionError: Expecting code to raise a throwable
Java get version of maven dependency at runtime
BouncyCastle Encrypt - Missing "END PGP MESSAGE"
Is there some way to include multiple Google API services (e.g. Sheets and Docs) for a single Java project?
quarkus-resteasy-mutiny extension was not present warning when I use quarkus-resteasy-reactive-jackson
Best performance to search a number in a column of a 2d array without cloning the array

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!