I’ve migrated from CRuby to jRuby with the same code for ssh connection.
However, within jRuby i get this error message :
Exception in thread “AWT-EventQueue-0”
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in ssh_do_verify': unsupported algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError) from /opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke x/diffie_hellman_group1_sha1.rb:187:inverify_signature’
this is just after :
- kex: diffie-hellman-group1-sha1
- host_key: ssh-dss
- encryption_server: aes128-cbc
- encryption_client: aes128-cbc
- hmac_client: hmac-sha1
- hmac_server: hmac-sha1
- compression_client: none
- compression_server: none
- language_client:
- language_server:
D, [2008-07-29T14:32:30.388000 #8221] DEBUG –
net.ssh.transport.algorithms[2e]: exchanging keys
D, [2008-07-29T14:32:39.914000 #8221] DEBUG – tcpsocket[2c]: queueing
packet nr 1 type 30 len 140
D, [2008-07-29T14:32:39.919000 #8221] DEBUG – tcpsocket[2c]: sent 144
bytes
D, [2008-07-29T14:32:39.931000 #8221] DEBUG – tcpsocket[2c]: received
packet nr 1 type 2 len 12
D, [2008-07-29T14:32:39.937000 #8221] DEBUG –
net.ssh.transport.session[22]: IGNORE packet recieved: “”
D, [2008-07-29T14:32:40.544000 #8221] DEBUG – tcpsocket[2c]: read 656
bytes
D, [2008-07-29T14:32:40.683000 #8221] DEBUG – tcpsocket[2c]: received
packet nr 2 type 31 len 636
i think here net/ssh makes use of OpenSSL (even if I didn’t require it)
which dislike ssh-dss for host-key.
the better, for me, would be to avoid using OpenSSL but i don’t know how
to…
also, at the beginning i had only a dsa pair and, because of that prob
I’ve genrerated a rsa one.
no change.
also I’ve renammed the known_hosts file in order to generate another one
with this new rsa key.
abviously, no change …
Une Bévue wrote:
I’ve migrated from CRuby to jRuby with the same code for ssh connection.
However, within jRuby i get this error message :
Exception in thread “AWT-EventQueue-0”
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in ssh_do_verify': unsupported algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError) from /opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke x/diffie_hellman_group1_sha1.rb:187:inverify_signature’
I assume you’ve installed JRuby-OpenSSL, so what’s probably happening
here is that either JRuby-OpenSSL doesn’t support that algorithm or the
encryption library it ships with doesn’t support that algorithm. JOSSL
uses BouncyCastle…so I’m checking their docs now.
Une Bévue wrote:
I’ve migrated from CRuby to jRuby with the same code for ssh connection.
However, within jRuby i get this error message :
Exception in thread “AWT-EventQueue-0”
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in ssh_do_verify': unsupported algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError) from /opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke x/diffie_hellman_group1_sha1.rb:187:inverify_signature’
FWIW I’m not sure net/ssh has ever had the last bugs worked out in
JRuby, but we’re willing to sit down and fix them. Perhaps you could
stop by #jruby and we’ll see what we can do?
Charles Oliver N. wrote:
I assume you’ve installed JRuby-OpenSSL, so what’s probably happening
here is that either JRuby-OpenSSL doesn’t support that algorithm or the
encryption library it ships with doesn’t support that algorithm. JOSSL
uses BouncyCastle…so I’m checking their docs now.
Disclaimer: I know practically nothing about cryptography.
After a little poking around, it looks like the only references to
DSS1withDSA on the whole interwebs are the ones associated with this
thread. So it looks to me like somewhere in JOSSL we’re supposed to be
translating DSS1 to SHA1 (which from most references appear to be
basically the same) and looking for SHA1withDSA, which BouncyCastle
does support. So it seems to be a translation problem in JOSSL. Can
you file a bug for it please?
http://jira.codehaus.org/browse/JRUBY
Charles Oliver N. [email protected] wrote:
FWIW I’m not sure net/ssh has ever had the last bugs worked out in
JRuby, but we’re willing to sit down and fix them. Perhaps you could
stop by #jruby and we’ll see what we can do?
OK !