-
Type: Bug
-
Status: Closed (View Workflow)
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 1.10.0
-
Fix Version/s: 1.11.0
-
Component/s: None
-
Labels:
I am currently testing ONOS 1.10 with my NETCONF device using SSH keys and ran into some problems when using the new Apache Mina based implementation.
As discussed here
https://wiki.onosproject.org/display/ONOS/NETCONF
the SSH key can be specified in the JSON file:
> The device can be accessed also via SSH Key. Just specify the sshkey:<key> in the json file as a key,value pair.
This worked for me using the old Ganymed SSH2 from ETH Zurich. I specified the key in PEM format which, as I understood it, is a Base64 encoded version of the binary key in DER format.
The same JSON file (example attached) did not work with the Apache Mina SSHD implementation. I always got an exception (also attached) in the method startSession() in NetconfSessionMinaImp.java when getPublicKey() is called.
Note:
The reason is that X509EncodedKeySpec requires a key in binary DER format and not PEM. I implemented a variant of class NetconfSessionMinaImpl which uses org.bouncycastle.openssl.PEMParser in order to convert the PEM key to DER format. AFAIK Bouncy Castle is not used in ONOS yet. Might this be a solution?
# | Subject | Branch | Project | Status | CR | V |
---|---|---|---|---|---|---|
15283,6 | Fix for ONOS-6766: "NETCONF: Exception when using SSH keys and Apache Mina SSHD" Modified SSH key handling. Now using BouncyCastle. (Update #2) | master | onos | Status: MERGED | +2 | +1 |