After upgrading your OpenSSH client or your OS distribution, you may encounter this error when connecting to your SSH servers. What does “no matching host key type found” mean? When establishing an SSH connection, the client uses the host key of the SSH server to verify the information the server has provided, which it does […]
In 2019, I answered a question on StackOverflow on converting an OpenSSH Private Key to an RSA Private Key. Recently I had an inquiry about this, so I thought it would be helpful to document for others the exact steps required to perform the conversion in Java using the Maverick Synergy Java SSH API. https://stackoverflow.com/questions/56900615/how-to-convert-openssh-private-key-to-rsa-private-key-in-java […]
The major flaw found in Log4J, a Java logging API, has had a lot of focus this week, and security experts and IT teams have been scrambling to ensure their web servers are not vulnerable. Amid all this craziness, we should not forget that Enterprise Java Software is not limited to the world of HTTP […]
I put together this simple application to demonstrate the Log4Shell vulnerability to my colleagues. To exploit the vulnerability, we need an exploit string and a Java Main class that logs that string using Log4J. First, we need to set up the application. The easiest way to do this is through Maven to set up the […]
Log4Shell CVE-2021-44228 describes a remote code execution vulnerability in Log4J 2. We can confirm that our Maverick Java SSH APIs do not depend on Log4J 2, and we do not distribute the affected versions with our APIs as a third-party dependency. However, it is still possible to use these versions with our library through the […]
Almost all SSH users are familiar with public key authentication and use SSH private keys to authenticate themselves when logging into a remote machine. The SSH key mechanism is relatively simple; the user generates a private key and shares his public key with the administrators of devices he wants to access. To allow access, the […]
With the release of OpenSSH 8.2 last week, the project announced that they would be disabling ssh-rsa signatures in a future version. I thought that it would be paramount to update our API users as to what this means in practice and how it will impact your implementations. Why are SSH-RSA signatures being disabled? OpenSSH […]
The latest Maverick Legacy 1.7.27 releases include a new concept we have called Managed Security. This update introduces several changes under-the-hood to ensure that usage of the APIs maintains the highest possible security whenever possible. We introduced a set of security levels to classify the algorithms we support. As a developer, you can now fix […]
With the release of OpenSSH 7.8, the default private key format for private keys generated from ssh-keygen has changed from OpenSSL compatible PEM files to a custom key format created by the OpenSSH developers. At the time of writing, the majority of open-source Java SSH APIs will need the keys converting back to the old […]
JADAPTIVE Limited is pleased to announce the launch of the Maverick Synergy Java SSH API. This new API is the third generation of SSH API developed by JADAPTIVE and builds upon the core, trusted components of the Maverick Legacy API in a unified framework for client and server development built upon the Java NIO framework. […]