After upgrading your OpenSSH client or your OS distribution, you may encounter this error when connecting to your SSH servers. What does “no matching host key type found” mean? When establishing an SSH connection, the client uses the host key of the SSH server to verify the information the server has provided, which it does […]
Convert OpenSSH Private Key to OpenSSL Private Key in Java
In 2019, I answered a question on StackOverflow on converting an OpenSSH Private Key to an RSA Private Key. Recently, I had an inquiry about this, so I thought it would be helpful to document for others the exact steps required to perform the conversion in Java using the Maverick Synergy Java SSH API. https://stackoverflow.com/questions/56900615/how-to-convert-openssh-private-key-to-rsa-private-key-in-java […]
A Java Application to demonstrate Log4Shell
I put together this simple application to demonstrate the Log4Shell vulnerability to my colleagues. To exploit the vulnerability, we need an exploit string and a Java Main class that logs that string using Log4J. First, we need to set up the application. The easiest way is through Maven to set up the Log4J dependency. I’m […]
Log4J and Log4Shell in Java SSH Clients and Servers
The major flaw found in Log4J, a Java logging API, has had a lot of focus this week, and security experts and IT teams have been scrambling to ensure their web servers are not vulnerable. Amid all this craziness, we should not forget that Enterprise Java Software is not limited to the world of HTTP […]
Log4Shell and the Maverick Java SSH APIs
Log4Shell CVE-2021-44228 describes a remote code execution vulnerability in Log4J 2. We can confirm that our Maverick Java SSH APIs do not depend on Log4J 2, and we do not distribute the affected versions with our APIs as a third-party dependency. However, using these versions with our library through the SLF4J facade we use to […]