#63 NullPointerException in Settion.connect()

v1.0 (example)
open
nobody
None
5
2013-11-18
2013-08-28
Oleg Sukhodolsky
No

in 0.1.50 user can get NPE from SessionConnect

java.lang.NullPointerException
at com.jcraft.jsch.Session.checkHost(Session.java:802)
at com.jcraft.jsch.Session.connect(Session.java:342)

The problem is that checkHost() can return null, but Seestion.connect() doesn't check for this :(

Discussion

  • Meiner1er
    Meiner1er
    2013-11-13

    I had the same problem. It was caused by "old" fashioned entries in my known_hosts file.
    The working entries look like:
    [fqdn-hostname]:22,[10.0.4.2]:PORT# ssh-rsa AAAA...removed...md5Q==
    the [ and ] are part of the entries in the known_hosts file.

     
  • I've patched .jar to check for null in Session.connect()

     
  • Gerry Reno
    Gerry Reno
    2013-11-16

    Same here.

    Using JSch 1.5.0

    I'm seeing a NullPointerExcepton every so often from Session.java on valid params.

    eg:

    session = jsch.getSession(TEST-2003\Administrator, 192.168.2.108, 22222)
    
    E/AndroidRuntime(17889): FATAL EXCEPTION: Thread-1684
    E/AndroidRuntime(17889): java.lang.NullPointerException
    E/AndroidRuntime(17889):     at com.jcraft.jsch.Session.checkHost(Session.java:802)
    E/AndroidRuntime(17889):     at com.jcraft.jsch.Session.connect(Session.java:342)
    E/AndroidRuntime(17889):     at com.jcraft.jsch.Session.connect(Session.java:183)
    

    I can log in with command line ssh using these same params both from Linux and from same Android.

    $ ssh -p 22222 'TEST-2003\Administrator'@192.168.2.108
    The authenticity of host '192.168.2.108 (192.168.2.108)' can't be established.
    DSA key fingerprint is d4:e9:39:58:95:03:23:24:5a:e9:f7:df:29:b6:d5:d5.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.2.108' (DSA) to the list of known hosts.
    TEST-2003\Administrator@192.168.2.108's password:
    
    Microsoft Windows [Version
    5.2.3790]                                                                                           
    (C) Copyright 1985-2003 Microsoft
    Corp.
    
    C:\Documents and
    Settings\Administrator>exit                                                                                   
    Connection to 192.168.2.108
    closed.                                                                                            
    $
    
     
  • Gerry Reno
    Gerry Reno
    2013-11-16

    Here's what I'm seeing in known_hosts:

    A key causing the NPE:
    192.168.2.108 ssh-dss AAAAB3NzaC1kc3MAAACBAJX/Z8AYPGrDXPPXxUo3W3m1VXxOASvnHudJX7NE4Oq9pD2UTDoerUzlIxm2vPafqx4MXATpI8cLfXP7dyDIR+JGeFL1bYkuhAzHrVjZus9i9eilQ1YotSpDotvgK9ouedDmT9XTQdbq+nvotL+UHXbHHD+tu0fK5pEkESV4V+A3AAAAFQCWLTQjDEdvgaQ+8Q3aOF0/O5ZRrQAAAIEAjqa4AFSrAyrhRVNBe84phVY0jdYzvD5xTMJhyALFuvwNoX0dKBBfcNkc+KDFwYGDmaXXyYs3uCkCDQY3GboTsPs1tMBgHoSaXjDYx5B21zNm5Eyif1SysJeH6TyanvgNzS2gsMWMX7aemcjQmDHElABXDh8Rj+bkc56G+OYbJoEAAACBAIjaydJU4cCcWqZGAWgvQPdC0HVMbBUW1Lx+6Bu+H7sBKP/9e7F0bZ64IO53YrAfufHCPYfaDsFa7v/Tw0b0p8D/uXBWTA1D00d5mV/OAFHsZiTGTQI2j3/hSMrCNj7o+sCHXjRbeW/Z6UEyYN0e8fYeeMNAtvLD/GG1x6mOeKEL

    A key generated by JSch that does not cause NPE:
    [192.168.2.108]:22222 ssh-dss AAAAB3NzaC1kc3MAAACBAJX/Z8AYPGrDXPPXxUo3W3m1VXxOASvnHudJX7NE4Oq9pD2UTDoerUzlIxm2vPafqx4MXATpI8cLfXP7dyDIR+JGeFL1bYkuhAzHrVjZus9i9eilQ1YotSpDotvgK9ouedDmT9XTQdbq+nvotL+UHXbHHD+tu0fK5pEkESV4V+A3AAAAFQCWLTQjDEdvgaQ+8Q3aOF0/O5ZRrQAAAIEAjqa4AFSrAyrhRVNBe84phVY0jdYzvD5xTMJhyALFuvwNoX0dKBBfcNkc+KDFwYGDmaXXyYs3uCkCDQY3GboTsPs1tMBgHoSaXjDYx5B21zNm5Eyif1SysJeH6TyanvgNzS2gsMWMX7aemcjQmDHElABXDh8Rj+bkc56G+OYbJoEAAACBAIjaydJU4cCcWqZGAWgvQPdC0HVMbBUW1Lx+6Bu+H7sBKP/9e7F0bZ64IO53YrAfufHCPYfaDsFa7v/Tw0b0p8D/uXBWTA1D00d5mV/OAFHsZiTGTQI2j3/hSMrCNj7o+sCHXjRbeW/Z6UEyYN0e8fYeeMNAtvLD/GG1x6mOeKEL

     
  • Volker Jung
    Volker Jung
    2013-11-18

    JSch treats the known-hosts-file just fine. The key causing the NPE has no port set, therefore the SSH default port 22 is assumed. As the port you've set is 22222, the NPE-causing key just does not match and the missing null-check leads to the seen exception.

    For more information on the known-hosts file-format, have a look at the Linux sshd-manpage (paragraph 'SSH_KNOWN_HOSTS FILE FORMAT').