[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

[jRuby] net/ssh unsupported algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError

unbewusst.sein

7/29/2008 12:44:00 PM

I've migrated from CRuby to jRuby with the same code for ssh connection.
However, within jRuby i get this error message :
Exception in thread "AWT-EventQueue-0"
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in `ssh_do_verify': unsupported
algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError)
from
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in `verify_signature'

this is just after :
* kex: diffie-hellman-group1-sha1
* host_key: ssh-dss
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client:
* language_server:
D, [2008-07-29T14:32:30.388000 #8221] DEBUG --
net.ssh.transport.algorithms[2e]: exchanging keys
D, [2008-07-29T14:32:39.914000 #8221] DEBUG -- tcpsocket[2c]: queueing
packet nr 1 type 30 len 140
D, [2008-07-29T14:32:39.919000 #8221] DEBUG -- tcpsocket[2c]: sent 144
bytes
D, [2008-07-29T14:32:39.931000 #8221] DEBUG -- tcpsocket[2c]: received
packet nr 1 type 2 len 12
D, [2008-07-29T14:32:39.937000 #8221] DEBUG --
net.ssh.transport.session[22]: IGNORE packet recieved: ""
D, [2008-07-29T14:32:40.544000 #8221] DEBUG -- tcpsocket[2c]: read 656
bytes
D, [2008-07-29T14:32:40.683000 #8221] DEBUG -- tcpsocket[2c]: received
packet nr 2 type 31 len 636


i think here net/ssh makes use of OpenSSL (even if I didn't require it)

which dislike ssh-dss for host-key.

the better, for me, would be to avoid using OpenSSL but i don't know how
to...

also, at the beginning i had only a dsa pair and, because of that prob
I've genrerated a rsa one.

no change.

also I've renammed the known_hosts file in order to generate another one
with this new rsa key.

abviously, no change ...

--
Une Bévue
4 Answers

Charles Oliver Nutter

7/29/2008 4:48:00 PM

0

Une Bévue wrote:
> I've migrated from CRuby to jRuby with the same code for ssh connection.
> However, within jRuby i get this error message :
> Exception in thread "AWT-EventQueue-0"
> /opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
> x/diffie_hellman_group1_sha1.rb:187:in `ssh_do_verify': unsupported
> algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError)
> from
> /opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
> x/diffie_hellman_group1_sha1.rb:187:in `verify_signature'

I assume you've installed JRuby-OpenSSL, so what's probably happening
here is that either JRuby-OpenSSL doesn't support that algorithm or the
encryption library it ships with doesn't support that algorithm. JOSSL
uses BouncyCastle...so I'm checking their docs now.

- Charlie

Charles Oliver Nutter

7/29/2008 4:54:00 PM

0

Une Bévue wrote:
> I've migrated from CRuby to jRuby with the same code for ssh connection.
> However, within jRuby i get this error message :
> Exception in thread "AWT-EventQueue-0"
> /opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
> x/diffie_hellman_group1_sha1.rb:187:in `ssh_do_verify': unsupported
> algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError)
> from
> /opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
> x/diffie_hellman_group1_sha1.rb:187:in `verify_signature'

FWIW I'm not sure net/ssh has ever had the last bugs worked out in
JRuby, but we're willing to sit down and fix them. Perhaps you could
stop by #jruby and we'll see what we can do?

- Charlie

Charles Oliver Nutter

7/29/2008 5:05:00 PM

0

Charles Oliver Nutter wrote:
> Une Bévue wrote:
>> I've migrated from CRuby to jRuby with the same code for ssh connection.
>> However, within jRuby i get this error message :
>> Exception in thread "AWT-EventQueue-0"
>> /opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
>> x/diffie_hellman_group1_sha1.rb:187:in `ssh_do_verify': unsupported
>> algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError)
>> from
>> /opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
>> x/diffie_hellman_group1_sha1.rb:187:in `verify_signature'
>
> I assume you've installed JRuby-OpenSSL, so what's probably happening
> here is that either JRuby-OpenSSL doesn't support that algorithm or the
> encryption library it ships with doesn't support that algorithm. JOSSL
> uses BouncyCastle...so I'm checking their docs now.

Disclaimer: I know practically nothing about cryptography.

After a little poking around, it looks like the only references to
DSS1withDSA on the whole interwebs are the ones associated with this
thread. So it looks to me like somewhere in JOSSL we're supposed to be
translating DSS1 to SHA1 (which from most references appear to be
basically the same) and looking for SHA1withDSA, which BouncyCastle
*does* support. So it seems to be a translation problem in JOSSL. Can
you file a bug for it please?

http://jira.codehaus.org/br...

- Charlie

unbewusst.sein

7/30/2008 9:24:00 PM

0

Charles Oliver Nutter <charles.nutter@sun.com> wrote:

>
> FWIW I'm not sure net/ssh has ever had the last bugs worked out in
> JRuby, but we're willing to sit down and fix them. Perhaps you could
> stop by #jruby and we'll see what we can do?

OK !
--
Une Bévue