Skip to Main Content

com.maverick.ssh.SshException: Key exchange failed: Expected SSH_MSG_KEX_GEX_GROUP

Damir DevNov 1 2021 — edited Nov 1 2021

Hello.

Environment:
1. Oracle Weblogic Server 12.1.3.0
2. Oracle Service Bus 12.1.3.0
3. Java 1.7.0_79
4. SFTP client
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
5. SFTP server
SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10

Steps:
1. Create the proxy service for polling files from remote SFTP resource: sftp://mysrv.dev/in
Any properties in Transport Details of proxy service is default.
sftp://mysrv.dev/input is allowed.

2.Run command:
ssh-keyscan mysrv.dev >> /home/user/Oracle/Middleware/Oracle_Home/user_projects/domains/dev_domain/config/osb/transports/sftp/known_hosts

3.New row in known_hosts:
mysrv.dev ssh-rsa AA...

4.Deploy proxy service to OSB.
5. As result, polling does not work, it has error in a OSB log files:

com.bea.wli.sb.transports.TransportException: Key exchange failed: Expected SSH_MSG_KEX_GEX_GROUP [id=3] [Unknown cause]
at com.bea.wli.sb.transports.sftp.connector.SFTPWorkPartitioningAgent.execute(SFTPWorkPartitioningAgent.java:133)
at com.bea.wli.sb.transports.poller.TransportTimerListener.run(TransportTimerListener.java:74)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.bea.wli.sb.transports.TransportException: Key exchange failed: Expected SSH_MSG_KEX_GEX_GROUP [id=3] [Unknown cause]
at com.bea.wli.sb.transports.sftp.connector.SFTPWorkPartitioningAgent.getSftpResource(SFTPWorkPartitioningAgent.java:179)
at com.bea.wli.sb.transports.sftp.connector.SFTPWorkPartitioningAgent.execute(SFTPWorkPartitioningAgent.java:59)
... 8 more
Caused by: com.maverick.ssh.SshException: Key exchange failed: Expected SSH_MSG_KEX_GEX_GROUP [id=3] [Unknown cause]
at com.maverick.ssh.components.jce.DiffieHellmanGroupExchangeSha1.performClientExchange(Unknown Source)
at com.maverick.ssh2.TransportProtocol.e(Unknown Source)
at com.maverick.ssh2.TransportProtocol.processMessage(Unknown Source)
at com.maverick.ssh2.TransportProtocol.startTransportProtocol(Unknown Source)
at com.maverick.ssh2.Ssh2Client.connect(Unknown Source)
at com.maverick.ssh.SshConnector.connect(Unknown Source)
at com.maverick.ssh.SshConnector.connect(Unknown Source)
at com.bea.wli.sb.transports.sftp.client.SFTPClient.authenticate(SFTPClient.java:236)
at com.bea.wli.sb.transports.sftp.connector.SFTPResource.<init>(SFTPResource.java:89)
at com.bea.wli.sb.transports.sftp.resource.SFTPUtils.createSFTPResource(SFTPUtils.java:153)
at com.bea.wli.sb.transports.sftp.connector.SFTPWorkPartitioningAgent.getSftpResource(SFTPWorkPartitioningAgent.java:161)
... 9 more

This error is generated by the DiffieHellmanGroupExchangeSha1 class from j2ssh-maverick:

https://github.com/sshtools/j2ssh-maverick/blob/master/j2ssh-maverick/src/main/java/com/sshtools/ssh/components/jce/DiffieHellmanGroupExchangeSha1.java

final static int SSH_MSG_KEXDH_GEX_GROUP = 31;
byte[] tmp = transport.nextMessage();

if (tmp[0] != SSH_MSG_KEXDH_GEX_GROUP) {
transport.disconnect(TransportProtocol.KEY_EXCHANGE_FAILED,
"Expected SSH_MSG_KEX_GEX_GROUP");
throw new SshException(
"Key exchange failed: Expected SSH_MSG_KEX_GEX_GROUP [id="
+ tmp[0] + "]", SshException.INTERNAL_ERROR);

}

because of this code, get the description of the error:
Key exchange failed: Expected SSH_MSG_KEX_GEX_GROUP [id=3]

It meanes after request SSH2_MSG_KEX_DH_GEX_REQUEST expecting response with value «31» to continue connecting.

Experiment conducted:
1. If to connect from cleint with OpenSSH_7.2p2 to server with OpenSSH_5.3p1, it has ssh log behind:
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug3: receive packet: type 31
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1511/3072
debug3: send packet: type 32
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug3: receive packet: type 33
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY

2. If to connect from cleint with OpenSSH_5.3p1 to server with OpenSSH_5.3p1 or OpenSSH_7.2p2, it has ssh log behind:
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 909
debug2: dh_gen_key: priv key bits set: 162/320
debug2: bits set: 1044/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

For the first experiment it get value «31», but for the second experiment no any information about value «3» ([id=3]).

Why is different log stack between two experiments?
How to solve this error?

Comments
Post Details
Added on Nov 1 2021
0 comments
610 views