Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Native Image of an application with SSHJ fails to reach a settlement upon SSH handshake #858

Open
noblehelm opened this issue Apr 28, 2023 · 6 comments
Open

Native Image of an application with SSHJ fails to reach a settlement upon SSH handshake #858

noblehelm opened this issue Apr 28, 2023 · 6 comments

Comments

@noblehelm
Copy link

While trying to build a GraalVM native image of a project with SSHJ as dependency, and running it to create an SSH connection with whatever equipment, the SSH handshake fails because there is no algorithm to choose, due to missing BouncyCastle support. I've tried implementing #828 locally to see if it could fix, but the problem still continued (and seemed unrelated).

Note.: The image and log below are missing two SSHJ log messages (that indicate that BouncyCastle is not registered and could not be registered) because of the #828 local implementation. With or without the patch applied, the error remains the same.

2023-04-28_11-26

2023-04-28 17:05:26 [http-nio-7300-exec-3] ERROR net.schmizz.sshj.DefaultConfig - Could not read the sshj.properties file, returning an 'unknown' version as fallback.
2023-04-28 17:05:26 [http-nio-7300-exec-3] INFO  n.s.sshj.transport.random.JCERandom - Creating new SecureRandom.
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CHACHA
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CAST5/CBC/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting CAST5/CTR/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting IDEA/CBC/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting IDEA/CTR/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CBC/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CTR/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CBC/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CTR/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CBC/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Serpent/CTR/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CTR/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CTR/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CTR/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
2023-04-28 17:05:26 [http-nio-7300-exec-3] WARN  net.schmizz.sshj.DefaultConfig - Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
2023-04-28 17:05:26 [http-nio-7300-exec-3] DEBUG c.f.provisioning.ssh.SshExecutor - Connecting...(timeout: 30000 ms)
2023-04-28 17:05:26 [pool-9-thread-1] INFO  n.s.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_VERSION_UNKNOWN
2023-04-28 17:05:26 [pool-9-thread-1] INFO  n.s.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_8.2
2023-04-28 17:05:26 [sshj-Reader-/10.0.3.43:22-1682701526349] ERROR n.s.sshj.transport.TransportImpl - Dying because - Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
net.schmizz.sshj.transport.TransportException: Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
	at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:175)
	at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:129)
	at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:233)
	at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:380)
	at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:495)
	at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:113)
	at net.schmizz.sshj.transport.Decoder.received(Decoder.java:200)
	at net.schmizz.sshj.transport.Reader.run(Reader.java:60)
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine(PlatformThreads.java:775)
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine(PosixPlatformThreads.java:203)
2023-04-28 17:05:26 [sshj-Reader-/10.0.3.43:22-1682701526349] INFO  n.s.sshj.transport.TransportImpl - Disconnected - UNKNOWN
2023-04-28 17:05:26 [pool-9-thread-1] ERROR net.schmizz.concurrent.Promise - <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
2023-04-28 17:05:26 [http-nio-7300-exec-3] DEBUG c.f.p.d.s.controller.OltOperations - Failed to get OLT info (10.0.3.43)
2023-04-28 17:05:26 [http-nio-7300-exec-3] ERROR c.f.p.c.a.PlanRepositoryServiceControllerAdvice - Exception: TransportException (Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256])
net.schmizz.sshj.transport.TransportException: Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
	at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:175)
	at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:129)
	at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:233)
	at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:380)
	at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:495)
	at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:113)
	at net.schmizz.sshj.transport.Decoder.received(Decoder.java:200)
	at net.schmizz.sshj.transport.Reader.run(Reader.java:60)
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine(PlatformThreads.java:775)
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine(PosixPlatformThreads.java:203)

Anyone have an idea of what is happening, and how fix it?
@ijux7
Copy link

ijux7 commented May 23, 2023

There was also such a problem after I converted the code to .jar :(

@exceptionfactory
Copy link
Contributor

@noblehelm I submitted pull request #861 to address the Bouncy Castle registration issue.

Part of the problem with the current approach is that the default configuration requires Bouncy Castle to be registered in order to configure most of the standard algorithms.

It may be possible to make it work with custom configuration that adds the necessary algorithm factories, but the changes in the referenced pull request should provide additional options.

@noblehelm
Copy link
Author

noblehelm commented May 23, 2023
edited

@exceptionfactory I must be doing something wrong because even with the pull request I'm still having the same problem:

--2023-05-23T19:11:52.801Z -ERROR 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Could not read the sshj.properties file, returning an 'unknown' version as fallback.
--2023-05-23T19:11:52.802Z - INFO 1 --- [nio-7300-exec-2] n.s.sshj.transport.random.JCERandom      : Creating new SecureRandom.
--2023-05-23T19:11:52.802Z -DEBUG 1 --- [nio-7300-exec-2] n.s.sshj.transport.random.JCERandom      : Random creation took 0 ms
--2023-05-23T19:11:52.803Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting CHACHA
--2023-05-23T19:11:52.804Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting CAST5/CBC/NoPadding
--2023-05-23T19:11:52.804Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting CAST5/CTR/NoPadding
--2023-05-23T19:11:52.804Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting IDEA/CBC/NoPadding
--2023-05-23T19:11:52.805Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting IDEA/CTR/NoPadding
--2023-05-23T19:11:52.805Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Serpent/CBC/NoPadding
--2023-05-23T19:11:52.805Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Serpent/CTR/NoPadding
--2023-05-23T19:11:52.806Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Serpent/CBC/NoPadding
--2023-05-23T19:11:52.806Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Serpent/CTR/NoPadding
--2023-05-23T19:11:52.806Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Serpent/CBC/NoPadding
--2023-05-23T19:11:52.807Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Serpent/CTR/NoPadding
--2023-05-23T19:11:52.807Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Twofish/CBC/NoPadding
--2023-05-23T19:11:52.808Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Twofish/CTR/NoPadding
--2023-05-23T19:11:52.808Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Twofish/CBC/NoPadding
--2023-05-23T19:11:52.808Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Twofish/CTR/NoPadding
--2023-05-23T19:11:52.808Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Twofish/CBC/NoPadding
--2023-05-23T19:11:52.808Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Twofish/CTR/NoPadding
--2023-05-23T19:11:52.808Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Cannot find any provider supporting Twofish/CBC/NoPadding
--2023-05-23T19:11:52.808Z - WARN 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
--2023-05-23T19:11:52.808Z -DEBUG 1 --- [nio-7300-exec-2] net.schmizz.sshj.DefaultConfig           : Available cipher factories: [aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, [email protected], [email protected], blowfish-cbc, blowfish-ctr, 3des-cbc, 3des-ctr, arcfour, arcfour128, arcfour256]
--2023-05-23T19:11:52.923Z - INFO 1 --- [pool-9-thread-1] n.schmizz.sshj.transport.TransportImpl   : Client identity string: SSH-2.0-SSHJ_VERSION_UNKNOWN
--2023-05-23T19:11:52.982Z - INFO 1 --- [pool-9-thread-1] n.schmizz.sshj.transport.TransportImpl   : Server identity string: SSH-2.0-OpenSSH_8.2
--2023-05-23T19:11:52.982Z -DEBUG 1 --- [pool-9-thread-1] net.schmizz.sshj.SSHClient               : Initiating Key Exchange for new connection
--2023-05-23T19:11:52.982Z -DEBUG 1 --- [pool-9-thread-1] n.schmizz.sshj.transport.KeyExchanger    : Sending SSH_MSG_KEXINIT
--2023-05-23T19:11:52.982Z -TRACE 1 --- [pool-9-thread-1] net.schmizz.sshj.transport.Encoder       : Encoding packet #0: 14 da 4b 53 1d d0 fa 89 08 41 90 92 38 c3 68 c1 c8 00 00 00 3d 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d 73 68 61 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d 73 68 61 31 00 00 01 47 73 73 68 2d 65 64 32 35 35 31 39 2d 63 65 72 74 2d 76 30 31 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 73 73 68 2d 65 64 32 35 35 31 39 2c 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 2d 63 65 72 74 2d 76 30 31 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 2c 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 33 38 34 2d 63 65 72 74 2d 76 30 31 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 33 38 34 2c 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 32 35 36 2d 63 65 72 74 2d 76 30 31 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 32 35 36 2c 72 73 61 2d 73 68 61 32 2d 35 31 32 2c 72 73 61 2d 73 68 61 32 2d 32 35 36 2c 73 73 68 2d 72 73 61 2d 63 65 72 74 2d 76 30 31 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 73 73 68 2d 64 73 73 2d 63 65 72 74 2d 76 30 31 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 73 73 68 2d 72 73 61 2c 73 73 68 2d 64 73 73 00 00 00 b9 61 65 73 31 32 38 2d 63 62 63 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 62 63 2c 61 65 73 32 35 36 2d 63 74 72 2c 61 65 73 31 32 38 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63 74 72 2c 33 64 65 73 2d 63 62 63 2c 33 64 65 73 2d 63 74 72 2c 61 72 63 66 6f 75 72 2c 61 72 63 66 6f 75 72 31 32 38 2c 61 72 63 66 6f 75 72 32 35 36 00 00 00 b9 61 65 73 31 32 38 2d 63 62 63 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 62 63 2c 61 65 73 32 35 36 2d 63 74 72 2c 61 65 73 31 32 38 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63 74 72 2c 33 64 65 73 2d 63 62 63 2c 33 64 65 73 2d 63 74 72 2c 61 72 63 66 6f 75 72 2c 61 72 63 66 6f 75 72 31 32 38 2c 61 72 63 66 6f 75 72 32 35 36 00 00 01 46 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 31 2d 39 36 2c 68 6d 61 63 2d 73 68 61 31 2d 39 36 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 6d 64 35 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 6d 64 35 2d 39 36 2c 68 6d 61 63 2d 6d 64 35 2d 39 36 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2d 39 36 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 01 46 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 31 2d 39 36 2c 68 6d 61 63 2d 73 68 61 31 2d 39 36 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 6d 64 35 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 6d 64 35 2d 39 36 2c 68 6d 61 63 2d 6d 64 35 2d 39 36 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2d 39 36 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 04 6e 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 00 00 00
--2023-05-23T19:11:53.016Z -TRACE 1 --- [2-1684869112982] net.schmizz.sshj.transport.Decoder       : Received packet #0: 14 84 20 d2 37 64 e0 80 08 91 64 2b 80 95 97 6e f9 00 00 00 e6 63 75 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 2c 63 75 72 76 65 32 35 35 31 39 2d 73 68 61 32 35 36 40 6c 69 62 73 73 68 2e 6f 72 67 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 32 35 36 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 33 38 34 2c 65 63 64 68 2d 73 68 61 32 2d 6e 69 73 74 70 35 32 31 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67 65 2d 73 68 61 32 35 36 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 36 2d 73 68 61 35 31 32 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 38 2d 73 68 61 35 31 32 2c 64 69 66 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 34 2d 73 68 61 32 35 36 00 00 00 07 73 73 68 2d 72 73 61 00 00 00 6c 63 68 61 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 2c 61 65 73 31 32 38 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 6c 63 68 61 63 68 61 32 30 2d 70 6f 6c 79 31 33 30 35 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 72 2c 61 65 73 31 32 38 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 61 65 73 32 35 36 2d 67 63 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 d5 75 6d 61 63 2d 36 34 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 31 32 38 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 31 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 36 34 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 31 32 38 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2c 68 6d 61 63 2d 73 68 61 31 00 00 00 d5 75 6d 61 63 2d 36 34 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 31 32 38 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 31 2d 65 74 6d 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 36 34 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 75 6d 61 63 2d 31 32 38 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 2c 68 6d 61 63 2d 73 68 61 32 2d 32 35 36 2c 68 6d 61 63 2d 73 68 61 32 2d 35 31 32 2c 68 6d 61 63 2d 73 68 61 31 00 00 00 04 6e 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 00 00 00
--2023-05-23T19:11:53.016Z -TRACE 1 --- [2-1684869112982] n.schmizz.sshj.transport.TransportImpl   : Received packet KEXINIT
--2023-05-23T19:11:53.016Z -DEBUG 1 --- [2-1684869112982] n.schmizz.sshj.transport.KeyExchanger    : Received SSH_MSG_KEXINIT
--2023-05-23T19:11:53.016Z -ERROR 1 --- [2-1684869112982] n.schmizz.sshj.transport.TransportImpl   : Dying because - Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
-
net.schmizz.sshj.transport.TransportException: Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
	at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:175) ~[na:na]
	at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:129) ~[na:na]
	at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:233) ~[na:na]
	at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:380) ~[na:na]
	at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:495) ~[na:na]
	at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:113) ~[na:na]
	at net.schmizz.sshj.transport.Decoder.received(Decoder.java:200) ~[na:na]
	at net.schmizz.sshj.transport.Reader.run(Reader.java:60) ~[na:na]
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine(PlatformThreads.java:775) ~[native:na]
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine(PosixPlatformThreads.java:203) ~[na:na]

-2023-05-23T19:11:53.017Z - INFO 1 --- [2-1684869112982] n.schmizz.sshj.transport.TransportImpl   : Disconnected - UNKNOWN
--2023-05-23T19:11:53.017Z -DEBUG 1 --- [2-1684869112982] n.schmizz.sshj.transport.KeyExchanger    : Got notified of net.schmizz.sshj.transport.TransportException: Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
--2023-05-23T19:11:53.017Z -DEBUG 1 --- [2-1684869112982] n.s.s.t.TransportImpl$NullService        : Notified of net.schmizz.sshj.transport.TransportException: Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
--2023-05-23T19:11:53.017Z -DEBUG 1 --- [2-1684869112982] n.schmizz.sshj.transport.TransportImpl   : Setting active service to null-service
--2023-05-23T19:11:53.017Z -ERROR 1 --- [pool-9-thread-1] net.schmizz.concurrent.Promise           : <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
--2023-05-23T19:11:53.017Z -DEBUG 1 --- [2-1684869112982] net.schmizz.sshj.transport.Reader        : Stopping
--2023-05-23T19:11:53.017Z -ERROR 1 --- [nio-7300-exec-2] .a.PlanRepositoryServiceControllerAdvice : Exception: TransportException (Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256])
-
net.schmizz.sshj.transport.TransportException: Unable to reach a settlement of KeyExchangeAlgorithms: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256]
	at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:175) ~[na:na]
	at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:129) ~[na:na]
	at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:233) ~[na:na]
	at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:380) ~[na:na]
	at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:495) ~[na:na]
	at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:113) ~[na:na]
	at net.schmizz.sshj.transport.Decoder.received(Decoder.java:200) ~[na:na]
	at net.schmizz.sshj.transport.Reader.run(Reader.java:60) ~[na:na]
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine(PlatformThreads.java:775) ~[native:na]
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine(PosixPlatformThreads.java:203) ~[na:na]

This is the following configuration I have in the pom.xml with the native-maven-plugin:

<plugin>
                            <groupId>org.graalvm.buildtools</groupId>
                            <artifactId>native-maven-plugin</artifactId>
                            <configuration>
                                <outputDirectory>${project.build.directory}/boot</outputDirectory>
                                <requiredVersion>22.3</requiredVersion>
                                <skipNativeTests>true</skipNativeTests>
                                <buildArgs>
                                    <arg>--no-fallback</arg>
                                    <arg>--enable-all-security-services</arg>
                                    <arg>--features=com.my.company.BouncyCastleFeature</arg>
                                    <arg>--initialize-at-build-time=org.bouncycastle.crypto.prng.SP800SecureRandom</arg>
                                    <arg>--initialize-at-build-time=org.bouncycastle.jcajce.provider.drbg.DRBG$Default</arg>
                                    <arg>--initialize-at-build-time=org.bouncycastle.jcajce.provider.drbg.DRBG$NonceAndIV</arg>
                                </buildArgs>
                            </configuration>
                            <executions>
                                <execution>
                                    <id>build-image</id>
                                    <goals>
                                        <goal>compile-no-fork</goal>
                                    </goals>
                                </execution>
                            </executions>
                        </plugin>

and the following BouncyCastleFeature class:

public class BouncyCastleFeature implements Feature {
    @Override
    public void beforeAnalysis(BeforeAnalysisAccess access) {
        RuntimeClassInitialization.initializeAtBuildTime("org.bouncycastle");
        Security.addProvider(new BouncyCastleProvider());
    }
}

@exceptionfactory
Copy link
Contributor

@noblehelm The logs indicate that the changes in the pull request are not being used. As mentioned in the PR, the DefaultSecurityProviderConfig also needs to be used instead of the DefaultConfig, when instantiating SSHClient.

@noblehelm
Copy link
Author

@exceptionfactory Yeah, Imma dumbnut and forgot that in addition to gradle build there is gradle publishToMavenLocal, so that's why it wasn't picking up the new dependency. It works now!
And the SSH connection was successful. Thanks in advance for the tip and patience ❤️

@exceptionfactory
Copy link
Contributor

No problem @noblehelm, glad to hear the changes worked!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@noblehelm @exceptionfactory @ijux7