Description
Hi,
we are using sshj to connect through ssh from java code to newly created VMs in the cloud and we've noticed that sometimes the fingerprint of the ECDSA public key returned by sshj is different from the one we are expecting (generated with ssh-keygen on VM startup), so our code won't accept it and won't make the ssh connection.
After some debugging it seems that the key is read incorrectly in some cases, check the following example (I've added the keypair to this gist: https://gist.github.com/martonsereg/63b5108f7c484155becb):
It reads the same keypair with sshj and jsch and prints out the fingerprints and the differences in the public key byte arrays.
// load sshj keyfile
OpenSSHKeyFile keyFile = new OpenSSHKeyFile();
keyFile.init(new File("/tmp/test_ecdsa"));
// load jsch keypair
KeyPair jschKeyPair = KeyPair.load(new JSch(), "/tmp/test_ecdsa", "/tmp/test_ecdsa.pub");
// print fingerprints
System.out.println(SecurityUtils.getFingerprint(keyFile.getPublic()));
System.out.println(jschKeyPair.getFingerPrint());
// compare it with `ssh-keygen -lf /tmp/test_ecdsa.pub` - it equals the jsch fingerprint
// compare public key bytes
byte[] sshjbytes = new Buffer.PlainBuffer().putPublicKey(keyFile.getPublic()).getCompactData();
byte[] jschbytes = jschKeyPair.getPublicKeyBlob();
StringBuilder result = new StringBuilder();
for (int i = 0; i < jschbytes.length; i++) {
if (i < sshjbytes.length && jschbytes[i] != sshjbytes[i]){
result.append(i).append(" ")
.append(jschbytes[i]).append(" ").append(sshjbytes[i])
.append("\n");
}
}
System.out.println(result.toString());
Note that this code produces the same results with jsch and sshj (and ssh-keygen) in most cases but for the attached keypair for example the result is different.
Marton