I'm using J2SSH 0.2.9 SFTP. When connecting to specific SFTP site, I'm receiving the error
The host key signature is invalid
However connecting to the same site using WinSCP or Filezilla doesn't give me any kind of error.
The specific area of code which is of concern is
boolean result = pk.verifySignature(sig, sigdata);
log.info("The host key signature is " +
(result ? " valid" : "invalid"));
Within TransportProtocolClient.java
The key is a SSH-DSS if it makes a difference.
Bit of stab in the dark without having an environment to reproduce but I'm going to guess whatever you are connecting to is causing problems on this part of j2ssh.transport.publickey.dsa.SshDssPublicKey.
163 if (!header.equals("ssh-dss")) {
164 throw new InvalidSshKeySignatureException();
165 }
There is also a handful of other error conditions which can cause the same exception muddies the water somewhat.
252 } catch (NoSuchAlgorithmException nsae) {
253 throw new InvalidSshKeySignatureException();
254 } catch (InvalidKeyException ike) {
255 throw new InvalidSshKeySignatureException();
256 } catch (IOException ioe) {
257 throw new InvalidSshKeySignatureException();
258 } catch (SignatureException se) {
259 throw new InvalidSshKeySignatureException();
260 }
I suspect the server is miss interpreting Page 13 of IETF RFC 4253 and sending something slightly different(all upper-case?) for its encoding of the signature format identifier. Other programs with similar functionality I checked seem to force the key name to upper or lower case then preform an equality check.