[jRuby] net/ssh unsupported algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError)

U

Une Bévue

I've migrated from CRuby to jRuby with the same code for ssh connection.
However, within jRuby i get this error message :
Exception in thread "AWT-EventQueue-0"
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in `ssh_do_verify': unsupported
algorithm: DSS1withDSA (OpenSSL::pKey::pKeyError)
from
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in `verify_signature'

this is just after :
* kex: diffie-hellman-group1-sha1
* host_key: ssh-dss
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client:
* language_server:
D, [2008-07-29T14:32:30.388000 #8221] DEBUG --
net.ssh.transport.algorithms[2e]: exchanging keys
D, [2008-07-29T14:32:39.914000 #8221] DEBUG -- tcpsocket[2c]: queueing
packet nr 1 type 30 len 140
D, [2008-07-29T14:32:39.919000 #8221] DEBUG -- tcpsocket[2c]: sent 144
bytes
D, [2008-07-29T14:32:39.931000 #8221] DEBUG -- tcpsocket[2c]: received
packet nr 1 type 2 len 12
D, [2008-07-29T14:32:39.937000 #8221] DEBUG --
net.ssh.transport.session[22]: IGNORE packet recieved: ""
D, [2008-07-29T14:32:40.544000 #8221] DEBUG -- tcpsocket[2c]: read 656
bytes
D, [2008-07-29T14:32:40.683000 #8221] DEBUG -- tcpsocket[2c]: received
packet nr 2 type 31 len 636


i think here net/ssh makes use of OpenSSL (even if I didn't require it)

which dislike ssh-dss for host-key.

the better, for me, would be to avoid using OpenSSL but i don't know how
to...

also, at the beginning i had only a dsa pair and, because of that prob
I've genrerated a rsa one.

no change.

also I've renammed the known_hosts file in order to generate another one
with this new rsa key.

abviously, no change ...
 
C

Charles Oliver Nutter

Une said:
I've migrated from CRuby to jRuby with the same code for ssh connection.
However, within jRuby i get this error message :
Exception in thread "AWT-EventQueue-0"
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in `ssh_do_verify': unsupported
algorithm: DSS1withDSA (OpenSSL::pKey::pKeyError)
from
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in `verify_signature'
Click to expand...

I assume you've installed JRuby-OpenSSL, so what's probably happening
here is that either JRuby-OpenSSL doesn't support that algorithm or the
encryption library it ships with doesn't support that algorithm. JOSSL
uses BouncyCastle...so I'm checking their docs now.

- Charlie
 
C

Charles Oliver Nutter

Une said:
I've migrated from CRuby to jRuby with the same code for ssh connection.
However, within jRuby i get this error message :
Exception in thread "AWT-EventQueue-0"
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in `ssh_do_verify': unsupported
algorithm: DSS1withDSA (OpenSSL::pKey::pKeyError)
from
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in `verify_signature'
Click to expand...

FWIW I'm not sure net/ssh has ever had the last bugs worked out in
JRuby, but we're willing to sit down and fix them. Perhaps you could
stop by #jruby and we'll see what we can do?

- Charlie
 
C

Charles Oliver Nutter

Charles said:
I assume you've installed JRuby-OpenSSL, so what's probably happening
here is that either JRuby-OpenSSL doesn't support that algorithm or the
encryption library it ships with doesn't support that algorithm. JOSSL
uses BouncyCastle...so I'm checking their docs now.
Click to expand...

Disclaimer: I know practically nothing about cryptography.

After a little poking around, it looks like the only references to
DSS1withDSA on the whole interwebs are the ones associated with this
thread. So it looks to me like somewhere in JOSSL we're supposed to be
translating DSS1 to SHA1 (which from most references appear to be
basically the same) and looking for SHA1withDSA, which BouncyCastle
*does* support. So it seems to be a translation problem in JOSSL. Can
you file a bug for it please?

http://jira.codehaus.org/browse/JRUBY

- Charlie
 
U

Une Bévue

Charles Oliver Nutter said:
FWIW I'm not sure net/ssh has ever had the last bugs worked out in
JRuby, but we're willing to sit down and fix them. Perhaps you could
stop by #jruby and we'll see what we can do?
Click to expand...

OK !
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problems with net-ssh 0
Net::SSH is unable to use my RSA Key 0
[ANN] JRuby 1.4.0 Released 2
net/ssh debug errors 1
[ANN] JRuby 1.4.0RC3 Released 0
Problem using Net::SSH::Perl 4
net/ssh makes log4r fail 0
[ANN] JRuby 1.1RC2 Released 1

Members online

No members online now.
Total: 29 (members: 0, guests: 29)
Robots: 319

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,007
Latest member
obedient dusk

Latest Threads

Top