Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net.schmizz.sshj.transport.TransportException: Could not verify ssh-ed25519 host key with fingerprint #635

Open
gdufeZLYL opened this issue Sep 24, 2020 · 4 comments
Open

net.schmizz.sshj.transport.TransportException: Could not verify ssh-ed25519 host key with fingerprint #635

gdufeZLYL opened this issue Sep 24, 2020 · 4 comments

Comments

@gdufeZLYL
Copy link

net.schmizz.sshj.transport.TransportException: Could not verify ssh-ed25519 host key with fingerprint
at net.schmizz.sshj.transport.KeyExchanger.verifyHost(KeyExchanger.java:210)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:368)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:517)
at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
at net.schmizz.sshj.transport.Reader.run(Reader.java:60)
===2020-09-24 20:36:22.566 [reader] INFO net.schmizz.sshj.transport.TransportImpl Line:205 - Disconnected - HOST_KEY_NOT_VERIFIABLE

it's wrong, how to solve, help me, thanks
@stjava
Copy link

stjava commented Apr 13, 2021

I've got this problem, too

@sysmat
Copy link

sysmat commented Apr 20, 2021

Me to using [sshj-0.31.0.jar:0.31.0], but in cmd I could connect with ssh and known_hosts to remote server

@hpoettker
Copy link
Contributor

Without more information like logs or code for a minimal example, it's very hard to give precise help. But I'll try. 😄

If host verification fails but you don't actually care about host verification, then you can turn it off by adding
sshClient.addHostKeyVerifier(new PromiscuousVerifier())
before calling SSHClient::connect.

If you care about host verification and want to use your known_hosts, make sure to call SSHClient::loadKnownHosts before connecting.

If you can connect with ssh but get the given exception with sshj, the problem is most likely that ssh and sshj negotiate different key algorithms with the remote server. Try connecting with ssh -o HostKeyAlgorithms=ssh-ed25519 user@host. If ssh warns you about conflicting host keys, remove the referenced line from known_hosts and try again. If ssh warns you that the authenticity of the remote host can't be established, proceed anyways and ssh will add the ssh-ed25519 key to your known_hosts. Afterwards, you should be able to connect with sshj without disabling host verification.

You can influence the key algorithm that sshj negotiates with the remote server with Config::setKeyAlgorithms before passing the config to the constructor of SSHClient. If you pass only the algorithm that matches the remote server's entry in known_hosts, it should work fine.

@WorkDayHeyHey WorkDayHeyHey mentioned this issue Aug 12, 2021
Closed
WorkDayHeyHey pushed a commit to WorkDayHeyHey/sshj that referenced this issue Sep 22, 2021
Prefer known algorithm for known host
53004b9 
(hierynomus#642, hierynomus#635... 10? issues)

Try to find the Algorithm that was used when a known_host
entry was created and make that the first choice for the
current connection attempt.

If the current connection algorithm matches the
algorithm used when the known_host entry was created
we can get a fair verification.
@WorkDayHeyHey WorkDayHeyHey mentioned this issue Sep 22, 2021
Merged
hierynomus added a commit that referenced this issue Sep 23, 2021
@WorkDayHeyHey @hierynomus
Prefer known algorithm for known host (#721)
14bf93e 
* Prefer known algorithm for known host

(#642, #635... 10? issues)

Try to find the Algorithm that was used when a known_host
entry was created and make that the first choice for the
current connection attempt.

If the current connection algorithm matches the
algorithm used when the known_host entry was created
we can get a fair verification.

* Add support for multiple matching hostkeys, in configuration order

Co-authored-by: Bernie Day <bday@jvncomm.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
@eduveks
Copy link

eduveks commented Dec 5, 2023

The same error here with me, but as @hpoettker said before, just add this before connecting:

ssh.addHostKeyVerifier(new PromiscuousVerifier());

It was enough to solve!

@eduveks eduveks mentioned this issue Dec 5, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sysmat @eduveks @stjava @gdufeZLYL @hpoettker