OpenSSL unsupported algorithm: DSS1withDSA

1 réponse
Avatar
unbewusst.sein
j'ai un setup ssh avec des clés dsa.

ça marche "normalement".

ce matin j'ai décidé de mettre mes scripts dans un UI.
apparemment, la même librairie qu'en mode CLI, utilise OpenSSL pour
l'authentification, dans ce cas.

les librairies de l'UI incluent OpenSSL, même si je ne le demande pas.

et du coup je n'arrive plus à me connecter car OpenSSL râle :
unsupported algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError)

pensant qu'OpenSSL râlait à cause de DSA, j'ai ajouté, et vérifié des
clés rsa à ma config ssh.

je me retrouve avec le même message d'erreur.
"j'intuite" que le pb ne viendrait pas des clés perso, mais de la clé
relative à host.

le fichier ~/.ssh/known_hosts ne contient qu'une clé :
[169.254.0.2]:2222 ssh-dss AAAAB ... ... dog084U=

qui ne plairaît pas à OpenSSL (que je n'utilise pas "de mon plein grès")

ais-je fait le bon diagnostic ?

comment me dépatouiller pour trouver une solution ?

le log debug quand ça couine avec OpenSSL
------------------------------------------------------------------------
$ jruby tt_connect.rb
Connection to TT could be done.
Twin-Tact is available.
D, [2008-07-29T14:32:26.648000 #8221] DEBUG --
net.ssh.transport.session[22]: establishing connection to
169.254.0.2:2222
D, [2008-07-29T14:32:29.598000 #8221] DEBUG --
net.ssh.transport.session[22]: connection established
I, [2008-07-29T14:32:29.624000 #8221] INFO --
net.ssh.transport.server_version[24]: negotiating protocol version
D, [2008-07-29T14:32:29.675000 #8221] DEBUG --
net.ssh.transport.server_version[24]: remote is
`SSH-2.0-dropbear_0.50-TwinTact'
D, [2008-07-29T14:32:29.694000 #8221] DEBUG --
net.ssh.transport.server_version[24]: local is
`SSH-2.0-Ruby/Net::SSH_2.0.3 java'
D, [2008-07-29T14:32:30.116000 #8221] DEBUG -- tcpsocket[2c]: read 256
bytes
D, [2008-07-29T14:32:30.149000 #8221] DEBUG -- tcpsocket[2c]: received
packet nr 0 type 20 len 236
I, [2008-07-29T14:32:30.155000 #8221] INFO --
net.ssh.transport.algorithms[2e]: got KEXINIT from server
I, [2008-07-29T14:32:30.196000 #8221] INFO --
net.ssh.transport.algorithms[2e]: sending KEXINIT
D, [2008-07-29T14:32:30.212000 #8221] DEBUG -- tcpsocket[2c]: queueing
packet nr 0 type 20 len 508
D, [2008-07-29T14:32:30.217000 #8221] DEBUG -- tcpsocket[2c]: sent 512
bytes
I, [2008-07-29T14:32:30.221000 #8221] INFO --
net.ssh.transport.algorithms[2e]: negotiating algorithms
D, [2008-07-29T14:32:30.367000 #8221] DEBUG --
net.ssh.transport.algorithms[2e]: negotiated:
* kex: diffie-hellman-group1-sha1
* host_key: ssh-dss
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client:
* language_server:
D, [2008-07-29T14:32:30.388000 #8221] DEBUG --
net.ssh.transport.algorithms[2e]: exchanging keys
D, [2008-07-29T14:32:39.914000 #8221] DEBUG -- tcpsocket[2c]: queueing
packet nr 1 type 30 len 140
D, [2008-07-29T14:32:39.919000 #8221] DEBUG -- tcpsocket[2c]: sent 144
bytes
D, [2008-07-29T14:32:39.931000 #8221] DEBUG -- tcpsocket[2c]: received
packet nr 1 type 2 len 12
D, [2008-07-29T14:32:39.937000 #8221] DEBUG --
net.ssh.transport.session[22]: IGNORE packet recieved: ""
D, [2008-07-29T14:32:40.544000 #8221] DEBUG -- tcpsocket[2c]: read 656
bytes
D, [2008-07-29T14:32:40.683000 #8221] DEBUG -- tcpsocket[2c]: received
packet nr 2 type 31 len 636
Exception in thread "AWT-EventQueue-0"
/opt/jruby/lib/ruby/gems/1.8/gems/net-ssh-2.0.3/lib/net/ssh/transport/ke
x/diffie_hellman_group1_sha1.rb:187:in `ssh_do_verify': unsupported
algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError)
------------------------------------------------------------------------


le log debug en CLI sans OpenSSL -> ça roule
------------------------------------------------------------------------
$ ./ssh_exec_ls.rb
D, [2008-07-29T11:29:00.148189 #7369] DEBUG --
net.ssh.transport.session[b5f39c]: establishing connection to
169.254.0.2:2222
D, [2008-07-29T11:29:00.151968 #7369] DEBUG --
net.ssh.transport.session[b5f39c]: connection established
I, [2008-07-29T11:29:00.152576 #7369] INFO --
net.ssh.transport.server_version[b5eaaa]: negotiating protocol version
D, [2008-07-29T11:29:00.247662 #7369] DEBUG --
net.ssh.transport.server_version[b5eaaa]: remote is
`SSH-2.0-dropbear_0.50-TwinTact'
D, [2008-07-29T11:29:00.248084 #7369] DEBUG --
net.ssh.transport.server_version[b5eaaa]: local is
`SSH-2.0-Ruby/Net::SSH_2.0.3 powerpc-darwin8.11.0'
D, [2008-07-29T11:29:00.262203 #7369] DEBUG -- tcpsocket[b5f054]: read
256 bytes
D, [2008-07-29T11:29:00.262990 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 0 type 20 len 236
I, [2008-07-29T11:29:00.263929 #7369] INFO --
net.ssh.transport.algorithms[b5e3ca]: got KEXINIT from server
I, [2008-07-29T11:29:00.264707 #7369] INFO --
net.ssh.transport.algorithms[b5e3ca]: sending KEXINIT
D, [2008-07-29T11:29:00.265821 #7369] DEBUG -- tcpsocket[b5f054]:
queueing packet nr 0 type 20 len 508
D, [2008-07-29T11:29:00.266553 #7369] DEBUG -- tcpsocket[b5f054]: sent
512 bytes
I, [2008-07-29T11:29:00.266934 #7369] INFO --
net.ssh.transport.algorithms[b5e3ca]: negotiating algorithms
D, [2008-07-29T11:29:00.269197 #7369] DEBUG --
net.ssh.transport.algorithms[b5e3ca]: negotiated:
* kex: diffie-hellman-group1-sha1
* host_key: ssh-dss
* encryption_server: aes128-cbc
* encryption_client: aes128-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client:
* language_server:
D, [2008-07-29T11:29:00.269892 #7369] DEBUG --
net.ssh.transport.algorithms[b5e3ca]: exchanging keys
D, [2008-07-29T11:29:00.360370 #7369] DEBUG -- tcpsocket[b5f054]:
queueing packet nr 1 type 30 len 140
D, [2008-07-29T11:29:00.361132 #7369] DEBUG -- tcpsocket[b5f054]: sent
144 bytes
D, [2008-07-29T11:29:00.362052 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 1 type 2 len 12
D, [2008-07-29T11:29:00.362920 #7369] DEBUG --
net.ssh.transport.session[b5f39c]: IGNORE packet recieved: ""
D, [2008-07-29T11:29:01.003273 #7369] DEBUG -- tcpsocket[b5f054]: read
640 bytes
D, [2008-07-29T11:29:01.004961 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 2 type 31 len 636
D, [2008-07-29T11:29:01.186354 #7369] DEBUG -- tcpsocket[b5f054]:
queueing packet nr 2 type 21 len 20
D, [2008-07-29T11:29:01.187318 #7369] DEBUG -- tcpsocket[b5f054]: sent
24 bytes
D, [2008-07-29T11:29:01.188042 #7369] DEBUG -- tcpsocket[b5f054]: read
16 bytes
D, [2008-07-29T11:29:01.199739 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 3 type 21 len 12
D, [2008-07-29T11:29:01.202165 #7369] DEBUG --
net.ssh.authentication.session[b4de94]: beginning authentication of
`root'
D, [2008-07-29T11:29:01.203235 #7369] DEBUG -- tcpsocket[b5f054]:
queueing packet nr 3 type 5 len 28
D, [2008-07-29T11:29:01.237576 #7369] DEBUG -- tcpsocket[b5f054]: sent
52 bytes
D, [2008-07-29T11:29:01.238226 #7369] DEBUG -- tcpsocket[b5f054]: read
52 bytes
D, [2008-07-29T11:29:01.238825 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 4 type 6 len 28
D, [2008-07-29T11:29:01.239733 #7369] DEBUG --
net.ssh.authentication.session[b4de94]: trying publickey
D, [2008-07-29T11:29:01.240277 #7369] DEBUG --
net.ssh.authentication.agent[b4bf7c]: connecting to ssh-agent
D, [2008-07-29T11:29:01.246662 #7369] DEBUG --
net.ssh.authentication.agent[b4bf7c]: sending agent request 1 len 52
D, [2008-07-29T11:29:01.262910 #7369] DEBUG --
net.ssh.authentication.agent[b4bf7c]: received agent packet 5 len 1
D, [2008-07-29T11:29:01.263388 #7369] DEBUG --
net.ssh.authentication.agent[b4bf7c]: sending agent request 11 len 0
D, [2008-07-29T11:29:01.265240 #7369] DEBUG --
net.ssh.authentication.agent[b4bf7c]: received agent packet 12 len 5
D, [2008-07-29T11:29:01.289833 #7369] DEBUG --
net.ssh.authentication.methods.publickey[b4c01c]: trying publickey
(17:e6:02:16:bc:f3:c2:a2:0a:26:ef:0a:6f:51:8f:61)
D, [2008-07-29T11:29:01.294557 #7369] DEBUG -- tcpsocket[b5f054]:
queueing packet nr 4 type 50 len 508
D, [2008-07-29T11:29:01.294972 #7369] DEBUG -- tcpsocket[b5f054]: sent
532 bytes
D, [2008-07-29T11:29:01.318935 #7369] DEBUG -- tcpsocket[b5f054]: read
484 bytes
D, [2008-07-29T11:29:01.319735 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 5 type 60 len 460
D, [2008-07-29T11:29:01.483156 #7369] DEBUG -- tcpsocket[b5f054]:
queueing packet nr 5 type 50 len 556
D, [2008-07-29T11:29:01.483804 #7369] DEBUG -- tcpsocket[b5f054]: sent
580 bytes
D, [2008-07-29T11:29:01.585952 #7369] DEBUG -- tcpsocket[b5f054]: read
36 bytes
D, [2008-07-29T11:29:01.586797 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 6 type 52 len 12
D, [2008-07-29T11:29:01.587138 #7369] DEBUG --
net.ssh.authentication.methods.publickey[b4c01c]: publickey succeeded
(17:e6:02:16:bc:f3:c2:a2:0a:26:ef:0a:6f:51:8f:61)
D, [2008-07-29T11:29:01.589138 #7369] DEBUG -- tcpsocket[b5f054]:
queueing packet nr 6 type 90 len 44
D, [2008-07-29T11:29:01.589858 #7369] DEBUG -- tcpsocket[b5f054]: sent
68 bytes
D, [2008-07-29T11:29:01.597069 #7369] DEBUG -- tcpsocket[b5f054]: read
52 bytes
D, [2008-07-29T11:29:01.597903 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 7 type 91 len 28
I, [2008-07-29T11:29:01.598451 #7369] INFO --
net.ssh.connection.session[b45cb2]: channel_open_confirmation: 0 0 24576
32768
I, [2008-07-29T11:29:01.598747 #7369] INFO --
net.ssh.connection.channel[b45b22]: sending channel request "exec"
D, [2008-07-29T11:29:01.599838 #7369] DEBUG -- tcpsocket[b5f054]:
queueing packet nr 7 type 98 len 44
D, [2008-07-29T11:29:01.601118 #7369] DEBUG -- tcpsocket[b5f054]: sent
68 bytes
D, [2008-07-29T11:29:01.617903 #7369] DEBUG -- tcpsocket[b5f054]: read
36 bytes
D, [2008-07-29T11:29:01.618693 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 8 type 99 len 12
I, [2008-07-29T11:29:01.619423 #7369] INFO --
net.ssh.connection.session[b45cb2]: channel_success: 0
D, [2008-07-29T11:29:01.766856 #7369] DEBUG -- tcpsocket[b5f054]: read
1448 bytes
D, [2008-07-29T11:29:01.767756 #7369] DEBUG -- tcpsocket[b5f054]: read
236 bytes
D, [2008-07-29T11:29:01.768914 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 9 type 94 len 1660
I, [2008-07-29T11:29:01.772466 #7369] INFO --
net.ssh.connection.session[b45cb2]: channel_data: 0 1642b
D, [2008-07-29T11:29:01.773566 #7369] DEBUG -- tcpsocket[b5f054]: read
72 bytes
D, [2008-07-29T11:29:01.774450 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 10 type 96 len 12
I, [2008-07-29T11:29:01.775069 #7369] INFO --
net.ssh.connection.session[b45cb2]: channel_eof: 0
D, [2008-07-29T11:29:01.775885 #7369] DEBUG -- tcpsocket[b5f054]:
received packet nr 11 type 97 len 12
I, [2008-07-29T11:29:01.776404 #7369] INFO --
net.ssh.connection.session[b45cb2]: channel_close: 0
D, [2008-07-29T11:29:01.777399 #7369] DEBUG -- tcpsocket[b5f054]:
queueing packet nr 8 type 97 len 28
I, [2008-07-29T11:29:01.777951 #7369] INFO --
net.ssh.connection.session[b45cb2]: closing remaining channels (0 open)
------------------------------------------------------------------------

--
Une Bévue

1 réponse

Avatar
unbewusst.sein
Une Bev ue wrote:

les librairies de l'UI incluent OpenSSL, même si je ne le demande pas.

et du coup je n'arrive plus à me connecter car OpenSSL râle :
unsupported algorithm: DSS1withDSA (OpenSSL::PKey::PKeyError)



d'après les développeurs de jRuby c'est un bug, je vais regarder ça de +
près avec eux...
--
Une Bévue