Discussion:
[JSch-users] FIPS mode failure
Scott Smith
2015-03-13 16:43:55 UTC
Permalink
Hi ymnk,

Using 0.1.51, I am unable to connect to a CentOS6/RH6 Server setup in
"FIPS compliance mode"
(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html).

When connecting, it fails with the following error:

com.jcraft.jsch.JSchException: Session.connect: java.io.IOException:
End of IO Stream Read
at com.jcraft.jsch.Session.connect(Session.java:558)
at JschApp.main(JschApp.java:56)

In the server log:

sshd[9303]: debug1: SSH2_MSG_KEXINIT received
sshd[9303]: debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
sshd[9303]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
sshd[9303]: debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
sshd[9303]: debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
sshd[9303]: debug2: kex_parse_kexinit:
hmac-sha1,hmac-sha2-256,hmac-sha2-512
sshd[9303]: debug2: kex_parse_kexinit:
hmac-sha1,hmac-sha2-256,hmac-sha2-512
sshd[9303]: debug2: kex_parse_kexinit: none,***@openssh.com
sshd[9303]: debug2: kex_parse_kexinit: none,***@openssh.com
sshd[9303]: debug2: kex_parse_kexinit:
sshd[9303]: debug2: kex_parse_kexinit:
sshd[9303]: debug2: kex_parse_kexinit: first_kex_follows 0
sshd[9303]: debug2: kex_parse_kexinit: reserved 0
sshd[9303]: debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1
sshd[9303]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
sshd[9303]: debug2: kex_parse_kexinit:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
sshd[9303]: debug2: kex_parse_kexinit:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
sshd[9303]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
sshd[9303]: debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
sshd[9303]: debug2: kex_parse_kexinit: none
sshd[9303]: debug2: kex_parse_kexinit: none
sshd[9303]: debug2: kex_parse_kexinit:
sshd[9303]: debug2: kex_parse_kexinit:
sshd[9303]: debug2: kex_parse_kexinit: first_kex_follows 0
sshd[9303]: debug2: kex_parse_kexinit: reserved 0
sshd[9303]: debug2: mac_setup: found hmac-sha1
sshd[9303]: debug1: kex: client->server aes128-ctr hmac-sha1 none
sshd[9303]: debug3: mm_request_send entering: type 78
sshd[9303]: debug3: mm_request_receive_expect entering: type 79
sshd[9303]: debug3: mm_request_receive entering
sshd[9299]: debug3: monitor_read: checking request 78
sshd[9299]: debug3: mm_request_send entering: type 79
sshd[9299]: debug3: mm_request_receive entering
sshd[9303]: debug2: mac_setup: found hmac-sha1
sshd[9303]: debug1: kex: server->client aes128-ctr hmac-sha1 none
sshd[9303]: debug3: mm_request_send entering: type 78
sshd[9303]: debug3: mm_request_receive_expect entering: type 79
sshd[9303]: debug3: mm_request_receive entering
sshd[9299]: debug3: monitor_read: checking request 78
sshd[9299]: debug3: mm_request_send entering: type 79
sshd[9299]: debug3: mm_request_receive entering
sshd[9303]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
sshd[9303]: debug3: mm_request_send entering: type 0
sshd[9303]: debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
sshd[9303]: debug3: mm_request_receive_expect entering: type 1
sshd[9303]: debug3: mm_request_receive entering
sshd[9299]: debug3: monitor_read: checking request 0
sshd[9299]: debug3: mm_answer_moduli: got parameters: 2048 2048 1024
sshd[9299]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
sshd[9299]: debug1: do_cleanup

Using either diffie-hellman-group-exchange-sha1 or
diffie-hellman-group-exchange-sha256 fails with FIPS enabled, but
succeeds with FIPS disabled. Using either with the OpenSSH client works
fine.

On a side note, IF the client is using Java 8, I am able to connect with
JSch, as it is able to use diffie-hellman-group14-sha1 successfully.
Does the server output give you any ideas what may be the issue?

Thank you in advance.
- Scott
Atsuhiko Yamanaka
2015-03-14 00:33:32 UTC
Permalink
Hi,

+-From: Scott Smith <***@smithdomain.com> --
|_Date: Fri, 13 Mar 2015 11:43:55 -0500 ______
|
|Using 0.1.51, I am unable to connect to a CentOS6/RH6 Server setup in
|"FIPS compliance mode"
|(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html).
...
| sshd[9299]: debug3: mm_answer_moduli: got parameters: 2048 2048 1024
| sshd[9299]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024

|Using either diffie-hellman-group-exchange-sha1 or
|diffie-hellman-group-exchange-sha256 fails with FIPS enabled, but
|succeeds with FIPS disabled. Using either with the OpenSSH client works
|fine.

Could you try to replace the following line
static int max=1024;
with
static int max=2048;
in src/main/java/com/jcraft/jsch/DHGEX.java, and
choose 'diffie-hellman-group-exchange-sha1' on 'Java8'?


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Skype callto://jcraft/
Twitter: http://twitter.com/ymnk
Facebook: http://facebook.com/aymnk
Scott Smith
2015-03-14 15:58:06 UTC
Permalink
Yes, that works on Java8, I can now access the FIPS-mode server using
diffie-hellman-group-exchange-sha1 .
But it still fails on Java7, I assume because it can not generate keys >
1024?
Does this mean it will be hopeless to use JSch to connect to a FIPS-mode
server on Java7 (that's mostly all I have here)?
Thanks.
- Scott
Post by Atsuhiko Yamanaka
Hi,
|_Date: Fri, 13 Mar 2015 11:43:55 -0500 ______
|
|Using 0.1.51, I am unable to connect to a CentOS6/RH6 Server setup in
|"FIPS compliance mode"
|(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html).
...
| sshd[9299]: debug3: mm_answer_moduli: got parameters: 2048 2048 1024
| sshd[9299]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
|Using either diffie-hellman-group-exchange-sha1 or
|diffie-hellman-group-exchange-sha256 fails with FIPS enabled, but
|succeeds with FIPS disabled. Using either with the OpenSSH client works
|fine.
Could you try to replace the following line
static int max=1024;
with
static int max=2048;
in src/main/java/com/jcraft/jsch/DHGEX.java, and
choose 'diffie-hellman-group-exchange-sha1' on 'Java8'?
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Skype callto://jcraft/
Twitter: http://twitter.com/ymnk
Facebook: http://facebook.com/aymnk
Atsuhiko Yamanaka
2015-03-15 01:12:09 UTC
Permalink
Hi,

+-From: Scott Smith <***@smithdomain.com> --
|_Date: Sat, 14 Mar 2015 10:58:06 -0500 ______
|
|Yes, that works on Java8, I can now access the FIPS-mode server using
|diffie-hellman-group-exchange-sha1 .
|But it still fails on Java7, I assume because it can not generate keys >
|1024?

For a long time, Sun(and Oracle)'s default JCE provider had not
supported the long key for DH. It may be worth trying other JCE provider
like BouncyCastle on Java7.

|Does this mean it will be hopeless to use JSch to connect to a FIPS-mode
|server on Java7 (that's mostly all I have here)?

Does FIPS mode allow to use ecdh-sha2-nistp*? We have succeeded to
support ECC(Elliptic Curve Cryptography)[1] defined in RFC5656[2],
and that functionality will be available on Java7.
If you are interested in it, try
http://www.jcraft.com/jsch/jsch-0.1.52-rc24.zip

[1] https://twitter.com/ymnk/status/570116671899185152
[2] http://tools.ietf.org/html/rfc5656


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Skype callto://jcraft/
Twitter: http://twitter.com/ymnk
Facebook: http://facebook.com/aymnk
Scott Smith
2015-03-16 21:56:22 UTC
Permalink
Yes, it works in Java7!
I had to call setConfig("kex", ...) to force the new ecdh ones in front,
or else it still chose dhgex and then failed because the 2048 key size
could not be used.
Thanks!
- Scott
Post by Atsuhiko Yamanaka
Hi,
|_Date: Sat, 14 Mar 2015 10:58:06 -0500 ______
|
|Yes, that works on Java8, I can now access the FIPS-mode server using
|diffie-hellman-group-exchange-sha1 .
|But it still fails on Java7, I assume because it can not generate keys >
|1024?
For a long time, Sun(and Oracle)'s default JCE provider had not
supported the long key for DH. It may be worth trying other JCE provider
like BouncyCastle on Java7.
|Does this mean it will be hopeless to use JSch to connect to a FIPS-mode
|server on Java7 (that's mostly all I have here)?
Does FIPS mode allow to use ecdh-sha2-nistp*? We have succeeded to
support ECC(Elliptic Curve Cryptography)[1] defined in RFC5656[2],
and that functionality will be available on Java7.
If you are interested in it, try
http://www.jcraft.com/jsch/jsch-0.1.52-rc24.zip
[1] https://twitter.com/ymnk/status/570116671899185152
[2] http://tools.ietf.org/html/rfc5656
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Skype callto://jcraft/
Twitter: http://twitter.com/ymnk
Facebook: http://facebook.com/aymnk
Loading...