Jurrie Overgoor

It's been a while since I wrote my fix, so the details are a bit vague. But I wrote a unit test that fails on 0.1.54 with the error in question, and succeeds on 0.1.55. So I think the 0.1.55 release does actually fix this issue. I'm a little bit disappointed that the JSch team did not contact me, or mention me. Oh well, that's life I suppose :)

Thanks! I would see it as a compliment if you ported the code changes and/or unit test to sshj. If you could mention me somewhere, that would be great. (Not required of course.) I agree on your suggestion to explain that "0:0:0:7:73:73:68:2d" maps to "SSH-". However, I don't consider that change a valid fix. It's just to reduce the risk of hitting such a hash; it doesn't stop it from happening. I think the authors of JSch should fix it in another way. Do note though that the "0:0:0:7:73:73:68:2d"...

Hello Ankit, Are you able to download from Maven Central? jsch-111-bugfix-1.0.0.jar jsch-111-bugfix-1.0.0-sources.jar With kind regards, Jurrie

Detection of identification string exchange message too brittle

Hello everyone, I've traced this to be a bug in the conversion of mpint (which SSH uses) to ASN.1 (which JCA expects). It's in SignatureDSA.java. I've fixed this and notified the JSCH team, but as I need the fix myself (and right now) I've published a Maven artifact that you can use to fix this bug. It contains an alternative implementation of SignatureDSA.java. Please see https://github.com/Jurrie/jsch-111-bugfix for more information. By the way: during testing I also hit another bug. When the first...