#94 com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read

[Vijay]

Hi Team,

We have an issue with JSCH library when Openssh is upgraded to openssh-6.2p2-0.21.1.x86_64.rpm this version.

We have tried with different jsch libraries(jsch-0.1.52.jar & jsch-0.1.53.jar) and options but the issue is still persisted.

I am using JSCH version 0.1.51 and my – is connecting to server using openssh6.2p2-0.21.1.
I get the following error message.

2015-11-04 17:14:08,821 WARN {WorkManager(2)-191} [com.cntdb.dbm.ssh.SshIntegration] createSshConnection(): blr67-rds02-b error while opening a connection.Session.connect: java.io.IOException: End of IO Stream Read
com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read
at com.jcraft.jsch.Session.connect(Session.java:558)
at sun.reflect.GeneratedMethodAccessor475.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at org.jboss.aspects.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:112)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.mdb.MessagingContainer.localInvoke(MessagingContainer.java:249)
at org.jboss.ejb3.mdb.inflow.MessageInflowLocalProxy.delivery(MessageInflowLocalProxy.java:268)
at org.jboss.ejb3.mdb.inflow.MessageInflowLocalProxy.invoke(MessageInflowLocalProxy.java:138)
at com.sun.proxy.$Proxy191.onMessage(Unknown Source)
at org.jboss.resource.adapter.jms.inflow.JmsServerSession.onMessage(JmsServerSession.java:178)
at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMessageConsumer.java:906)
at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:170)
at org.jboss.mq.SpySession.run(SpySession.java:323)
at org.jboss.resource.adapter.jms.inflow.JmsServerSession.run(JmsServerSession.java:237)
at org.jboss.resource.work.WorkWrapper.execute(WorkWrapper.java:204)
at org.jboss.util.threadpool.BasicTaskWrapper.run(BasicTaskWrapper.java:275)
at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:756)
at java.lang.Thread.run(Unknown Source)
2015-11-04 17:14:08,821 FATAL {WorkManager(2)-191} [com.cntdb.dbm.ssh.SshAlarmUtil] ADM 1 The ADM cannot open an SSH connection to host blr67-rds02-b because of error: Session.connect: java.io.IOException: End of IO Stream Read
2015-11-04 17:14:08,821 INFO {WorkManager(2)-191} [com.cntdb.dbm.ssh.SshIntegration] closeSshConnection(): blr67-rds02-b - disconnecting.
2015-11-04 17:14:08,821 ERROR {WorkManager(2)-191} [com.cntdb.dbm.ssh.SshIntegration] createSshConnection(): Error while opening an ssh connection to blr67-rds02-b
2015-11-04 17:14:08,821 ERROR {WorkManager(2)-191} [com.cntdb.dbm.dsaadmin.job.DsStatusJob] Error resulted from ds status job at server blr67-rds02-b:
com.cntdb.dbm.ssh.SshException: SSH Authentication incomplete with host: blr67-rds02-b
at sun.reflect.GeneratedMethodAccessor475.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at org.jboss.aspects.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:112)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.mdb.MessagingContainer.localInvoke(MessagingContainer.java:249)
at org.jboss.ejb3.mdb.inflow.MessageInflowLocalProxy.delivery(MessageInflowLocalProxy.java:268)
at org.jboss.ejb3.mdb.inflow.MessageInflowLocalProxy.invoke(MessageInflowLocalProxy.java:138)
at com.sun.proxy.$Proxy191.onMessage(Unknown Source)
at org.jboss.resource.adapter.jms.inflow.JmsServerSession.onMessage(JmsServerSession.java:178)
at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMessageConsumer.java:906)
at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:170)
at org.jboss.mq.SpySession.run(SpySession.java:323)
at org.jboss.resource.adapter.jms.inflow.JmsServerSession.run(JmsServerSession.java:237)
at org.jboss.resource.work.WorkWrapper.execute(WorkWrapper.java:204)
at org.jboss.util.threadpool.BasicTaskWrapper.run(BasicTaskWrapper.java:275)
at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:756)
at java.lang.Thread.run(Unknown Source)
Caused by: com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read
at com.jcraft.jsch.Session.connect(Session.java:558)
at com.cntdb.dbm.ssh.SshIntegration.createSshConnection(SshIntegration.java:108)
... 38 more

From the above I see the authentication failure error, which I have not seen when I was using openssh6.2p2-0.13.1. The connection was happening successfully.

After analysing I see that the difference between openssh 0.13 and 0.21, is the moduli file in sshd doesn’t support 1024 bit primes and the moduli starts supporting 1535 bits and above.

So, I was wondering whether the connection failure is with the moduli file as it doesn’t support 1024 bit primes or am I missing something and this is blocker please help us ASAP

Openssh moduli file has 1535 bit primes.

• CVE-2015-4000: Removed and disabled weak DH groups to address LOGJAM (bsc#932483).
• Hardening patch to fix sftp RCE (bsc#903649).

[Vijay]

Nov 25 14:46:12 abcd-01 sshd[31443]: fatal: mm_answer_moduli: bad parameters: 1536 1536 1024

[Vijay]

Hi Team,

Is there any update on the above issue/error?

Thanks & Regards,
Vijay
reddy99666@gmail.com