Unsupported public key type in KnowHostEntry is invalidating all the host entries

[louis-jaris]

Version

2.12.1

Bug description

To reproduce the bug locally, you can create a temporary SSH Server using docker (c.f. the following one liner):

docker run -it --rm -v ${PWD}:/home/sftpuser/some-directory -p 2222:22 atmoz/sftp sftpuser:pass123:1001

(More information on the atmoz docker image, and github repo associated)

Then, get all the public keys of the server:

ssh-keyscan -p 2222 127.0.0.1

It will typically return something like:

# 127.0.0.1:2222 SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
[127.0.0.1]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPu6ntmyfSOkqLl3qPxD5XxwW7OONwwSG3KO+TGn+PFu
# 127.0.0.1:2222 SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
# 127.0.0.1:2222 SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
[127.0.0.1]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpxiMvsgF+TbtTm9Pcl7rOqX/j7Xs5nFsfh5dm+GwTlufJDIIM7pbkq6GDSrlrENhk0Rv+HeLVHbuO6jGYaDc7vvvom3lWNE0t6Kj/dSYoXA4KBH1NUgqHlAyGcEr0kbUoZOQL5j5/RkckKngWG2Rg/qUT6ubdF2B/iybP1BAbsktByGlikCvirzPGb6Bwq13ontzd/uF2obQ367d0eyQ3h8a/vJvXTTc4Q6d2bzl86wQ2e8FBktCYxzAdt1ZQJyqzoWuuuyb+SkmeSdryCI3qtvVHBOHrYKzolKRMghmSiaP2t5IcAOGX4wQvo8uBZcFD6oIhBSY5c5/u27GGjOb4iCbdXXjNMLg3P0Y7EazYwD1D6r5EkwGX6MofGtGdKotwdddWyN/jF6jlyAikBzIw2m021uWsvFSWgjmOx8N9EXVW4Ou6aDBNc2bMP6nxU2JrsSzwnrUN51kl/TJrQeH8XaIwTahEtrjyOzipIdHMORMSPLyDsRxjv5RxqEipBUrbrLDALSoYkp+SQsq6g2Qm9LiMIHXA3Q/FNau5gsuQQ7RXp/rd3wEkYRqhz4zVHqOgBPM3TjS1yBjnXvNUarCjI7B0IwJsKzWMneqKxu2oBZ8gIZC0fFkqOCRRiaGE7doI+SuKHULCMdBo6GzH12Tz15Io4N8XVAg43zkl0V0CJQ==
# 127.0.0.1:2222 SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3
# 127.0.0.1:2222 SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3

Then, in Apache Mina, passing to KnownHostEntry.readKnownHostEntries all the lines above as an input stream (actually, I'm using spring-integration-sftp version 6.3.5 to do that), and then we get the following exception:

java.io.StreamCorruptedException: Failed (IllegalArgumentException) to parse line #2 '[127.0.0.1]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPu6ntmyfSOkqLl3qPxD5XxwW7OONwwSG3KO+TGn+PFu': Bad format (no key data delimiter): AAAAC3NzaC1lZDI1NTE5AAAAIPu6ntmyfSOkqLl3qPxD5XxwW7OONwwSG3KO+TGn+PFu

I've run a debugger up into Apache Mina implementation, and I was able to determined that the algorithm ssh-ed25519 is not supported -- ok fine, not a problem, as we should be able to fallback to ssh-rsa, but this is not the case as the Known Host Parsing is failling as soon as it encounters a non supported key type.

---

The bug here is that KnownHostEntry.readKnownHostEntries should try to return all the valid and supported KnownHostEntry, and let the unsupported algorithm out of the collection returned on that function (and it could fail if no usable/valid entry would have been found).

Actual behavior

java.io.StreamCorruptedException: Failed (IllegalArgumentException) to parse line #2 '[127.0.0.1]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPu6ntmyfSOkqLl3qPxD5XxwW7OONwwSG3KO+TGn+PFu': Bad format (no key data delimiter): AAAAC3NzaC1lZDI1NTE5AAAAIPu6ntmyfSOkqLl3qPxD5XxwW7OONwwSG3KO+TGn+PFu
	at org.apache.sshd.client.config.hosts.KnownHostEntry.readKnownHostEntries(KnownHostEntry.java:208)
	at org.apache.sshd.client.config.hosts.KnownHostEntry.readKnownHostEntries(KnownHostEntry.java:165)
	at org.apache.sshd.client.config.hosts.KnownHostEntry.readKnownHostEntries(KnownHostEntry.java:159)
	at org.springframework.integration.sftp.session.ResourceKnownHostsServerKeyVerifier.lambda$getKnownHostSupplier$3(ResourceKnownHostsServerKeyVerifier.java:90)
	at org.apache.sshd.common.util.GenericUtils.lambda$memoizeLock$7(GenericUtils.java:893)
	at org.springframework.integration.sftp.session.ResourceKnownHostsServerKeyVerifier.verifyServerKey(ResourceKnownHostsServerKeyVerifier.java:68)
	at org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:637)
	at org.apache.sshd.common.session.helpers.AbstractSession.handleKexMessage(AbstractSession.java:766)
	at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:621)
	at org.apache.sshd.common.session.helpers.AbstractSession.lambda$handleMessage$0(AbstractSession.java:545)
	at org.apache.sshd.common.util.threads.ThreadUtils.runAsInternal(ThreadUtils.java:68)
	at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:544)
	at org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1688)
	at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:505)
	at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
	at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:409)
	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:382)
	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:377)
	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:319)
	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
	at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:129)
	at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:221)
	at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:113)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1583)

Expected behavior

Have at least the KnownHost entry with the ssh-rsa algorithm, i.e. the following entry:

[127.0.0.1]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpxiMvsgF+TbtTm9Pcl7rOqX/j7Xs5nFsfh5dm+GwTlufJDIIM7pbkq6GDSrlrENhk0Rv+HeLVHbuO6jGYaDc7vvvom3lWNE0t6Kj/dSYoXA4KBH1NUgqHlAyGcEr0kbUoZOQL5j5/RkckKngWG2Rg/qUT6ubdF2B/iybP1BAbsktByGlikCvirzPGb6Bwq13ontzd/uF2obQ367d0eyQ3h8a/vJvXTTc4Q6d2bzl86wQ2e8FBktCYxzAdt1ZQJyqzoWuuuyb+SkmeSdryCI3qtvVHBOHrYKzolKRMghmSiaP2t5IcAOGX4wQvo8uBZcFD6oIhBSY5c5/u27GGjOb4iCbdXXjNMLg3P0Y7EazYwD1D6r5EkwGX6MofGtGdKotwdddWyN/jF6jlyAikBzIw2m021uWsvFSWgjmOx8N9EXVW4Ou6aDBNc2bMP6nxU2JrsSzwnrUN51kl/TJrQeH8XaIwTahEtrjyOzipIdHMORMSPLyDsRxjv5RxqEipBUrbrLDALSoYkp+SQsq6g2Qm9LiMIHXA3Q/FNau5gsuQQ7RXp/rd3wEkYRqhz4zVHqOgBPM3TjS1yBjnXvNUarCjI7B0IwJsKzWMneqKxu2oBZ8gIZC0fFkqOCRRiaGE7doI+SuKHULCMdBo6GzH12Tz15Io4N8XVAg43zkl0V0CJQ==

Relevant log output

No response

Other information

Thank you for your work guys ! That's awesome to work with well maintained libraries to do SSH/SFTP communication 🙏

[louis-jaris]

Side note: my workaround is to format the KnownHost string passed to the lib, to only include supported algorithm (but the exception / error message is not clearly indicating that the ssh-ed25519 algorithm is not supported, which is not developer friendly 😅 )

[tomaswolf]

Thanks for reporting this.

The exception indicates that the line from the known_hosts file containing the unknown key type cannot be parsed. Indeed the parsing in KnownHostEntry is broken; it parses an AuthorizedKeyEntry but should parse only a PublicKeyEntry. (I agree that the exception message is exceptionally poor; moreover there are two different locations where an exception with that exact message is thrown, and the way the exception is then wrapped loses the causing stack trace.)

Simply ignoring lines with unknown key types is not entirely correct, though. It may be fine if there is another host key recorded for the same host with a known key type, but if not, the behavior between "no host key registered at all" and "some host key other than the one gotten from the server registered" is subtly different in OpenSSH (depending on the setting of StrictHostKeyChecking).

If one doesn't ignore such lines one would then have to look at how these KnownHostEntry objects are used. IIRC correctly the code actually creates a PublicKey from the line, and then compares that to the public key received from the server. I guess this logic should also be flipped around: serialize the host key received into this string format, and then just compare against the string from the known_hosts line. (And likewise for authorized_keys.)

[louis-jaris]

Thank you @tomaswolf for the fix ! 🎉 💪