Exception During Authentication - IOException: End of IO Stream Read about jsch HOT 5 CLOSED

Hi @austinarbor-wk,

Yes, I suspect this server doesn't correctly support RSA/SHA-2 and it is failing when JSch attempts RSA/SHA-2 based authentication. So you either will want to remove the RSA/SHA-2 algorithms (rsa-sha2-512 & rsa-sha2-256) from the PubkeyAcceptedAlgorithms config setting, or make sure RSA/SHA-1 (ssh-rsa) has a higher priority by appearing earlier in the comma delimited list for the PubkeyAcceptedAlgorithms config setting.

Thanks,
Jeremy

from jsch.

@norrisjeremy thanks for your quick response! We use a generalized "works-for-everyone" config and the same code is also used for servers which do support rsa-sha2-512 and rsa-sha2-256 and we don't know ahead of time what the server will support. Do you think moving ssh-rsa ahead in the priority list will make those no longer work, or should it essentially be a no-op?

from jsch.

Hi @austinarbor-wk,

If the other types of servers you connect to support both RSA/SHA-2 and RSA/SHA-1, by prioritizing RSA/SHA-1 in the list, you will coercing JSch into performing insecure authentication with these servers (since RSA/SHA-1 is generally considered cryptographically insecure).
Ultimately this will be a judgement call that only you can make, since only you better the nature of your application, the type servers you are connecting to, etc., and not us.

Thanks,
Jeremy

from jsch.

@norrisjeremy thanks for the info, appreciate the quick responses!

from jsch.

confirming that moving ssh-rsa in front of the other rsa algorithms resolved the exception

from jsch.