[
https://issues.apache.org/jira/browse/SSHD-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14570565#comment-14570565
]
Jochen Seliger commented on SSHD-473:
-------------------------------------
Hi Guillaume,
Please find attached to this mail a word documet with the code of my
createSSHDClient-method.
The session, created with the IP adresse 127.0.0.1. That means, you will have to
use a local user at the system to connect you start the server .
Here my unit test informations:
OS used: SLES12-Linux
Java-Version: 1.7.0.65
used libraries: I've send you allready
Local User, used tor connection tests: "jochen", password not "jochen"
Test parameters and corresponding authentification results:
1. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "jochen"
Password at session.addPasswordIdentity() = "jochenx" -> authenftification
failed. That could be correct, if the OS usermanagement was consulted, because
the real password is different
2. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "jochen"
The session logg reports that Jochen@linux-oh68 was authenticated.
Password at session.addPasswordIdentity() = "jochen" -> authenftification
succeedes. That is incorrect in different ways. My SSHDPasswordAuthenticator
should prevent any authentication. Even if the OS user management is consulted,
the result is false too, because the user "jochen" has a different password at
the user management.
3. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "Jochen"
Password at session.addPasswordIdentity() = "jochenx" -> authenftification
failed. This seems to be correct, beause a) the SSHDPasswordAuthenticator should
preven any authentication. b) the OS user management does not contai an user
"Jochen"
4. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = Jjochen"
The session logg reports that Jochen@linux-oh68 was authenticated.
Password at session.addPasswordIdentity() = "Jochen" -> authenftification
succeedes. That is incorrect in different ways. My SSHDPasswordAuthenticator
should prevent any authentication. Even if the OS user management is consulted,
the result should be false too, because the user "Jochen" doe not exist.
5. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "Jochenx"
Password at session.addPasswordIdentity() = "Jochen" -> authenftification
failed. This seems to be correct, beause a) the SSHDPasswordAuthenticator should
preven any authentication. b) the OS user management does not contai an user
"Jochen"
6. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "Jochenx"
Password at session.addPasswordIdentity() = "Jochenx -> authenftification
succeedes. This definitly wrong!!!!
Please have a look at these parametzers and corresponding results carefully. On
my oppinion they definitly describe errors at PasswordAuthentication.
Jochen
> PasswordAuthentifikation
> ------------------------
>
> Key: SSHD-473
> URL: https://issues.apache.org/jira/browse/SSHD-473
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 0.14.0
> Environment: Windows 7, Java 8, Eclipse JUNO
> Reporter: Jochen Seliger
> Priority: Critical
> Attachments: SSHDPasswordAuthenticator.java, SSH_SERVER.java
>
>
> I run the sshd and the ssh client both on the windos mashine.
> The sshd I start on port 8000 and with password authentificator ans an own
> atthenicator class, which shall shoe a messagebox when envoced.
> The client I start aftercreating it as SshClient.setUpDefaultClient();
> without stting any factury with the statement ClientSession session =
> client.connect("Jochen","192.168.100.13",8000).await().getSession(); (Jochen
> is an existing user on the mashine).
> But till shellChannel I can proceed only when setting after session creation
> session.addPasswordIdentity("Jochen"); (it is tha same user as provided at
> session creation)
> There is no functionality to set the password.
> The method authPassword is depreciated.
> 1. My first question: How to proceed th use PasswordAuthentification?
> As stated I can proceesd til ssh-Shell, but the server is logging at a first
> run an autentification failure and at a second run authentification success:
> Mai 22, 2015 12:14:21 PM org.apache.sshd.client.session.ClientSessionImpl
> readIdentification
> INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier verifyServerKey
> WARNUNG: Server at /192.168.100.13:8000 presented unverified DSA key:
> e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35
> Mai 22, 2015 12:14:22 PM org.apache.sshd.common.session.AbstractSession
> doHandleMessage
> INFORMATION: Dequeing pending packets
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_FAILURE
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.auth.UserAuthKeyboardInteractive process
> INFORMATION: Received Password authentication en-US
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_SUCCESS
> ShellChannell opened
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten.
> C:\Users\Jochen\workspace\USF_SSH_WS>
> allthoug I did not provide an password.
> 2. Why thes two runs are processed?
> 3. Why the first run fails and the second one succedes?
> 4. How to proceede to get a functioning password and keypair authentication?
> Regards
> Jochen Seliger
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
