[ https://issues.apache.org/jira/browse/SSHD-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14570565#comment-14570565 ]
Jochen Seliger commented on SSHD-473: ------------------------------------- Hi Guillaume, Please find attached to this mail a word documet with the code of my createSSHDClient-method. The session, created with the IP adresse 127.0.0.1. That means, you will have to use a local user at the system to connect you start the server . Here my unit test informations: OS used: SLES12-Linux Java-Version: 1.7.0.65 used libraries: I've send you allready Local User, used tor connection tests: "jochen", password not "jochen" Test parameters and corresponding authentification results: 1. Test The customer SSHDPasswordAuthenticator is permanetly returning 'false` User (at session.connect() = "jochen" Password at session.addPasswordIdentity() = "jochenx" -> authenftification failed. That could be correct, if the OS usermanagement was consulted, because the real password is different 2. Test The customer SSHDPasswordAuthenticator is permanetly returning 'false` User (at session.connect() = "jochen" The session logg reports that Jochen@linux-oh68 was authenticated. Password at session.addPasswordIdentity() = "jochen" -> authenftification succeedes. That is incorrect in different ways. My SSHDPasswordAuthenticator should prevent any authentication. Even if the OS user management is consulted, the result is false too, because the user "jochen" has a different password at the user management. 3. Test The customer SSHDPasswordAuthenticator is permanetly returning 'false` User (at session.connect() = "Jochen" Password at session.addPasswordIdentity() = "jochenx" -> authenftification failed. This seems to be correct, beause a) the SSHDPasswordAuthenticator should preven any authentication. b) the OS user management does not contai an user "Jochen" 4. Test The customer SSHDPasswordAuthenticator is permanetly returning 'false` User (at session.connect() = Jjochen" The session logg reports that Jochen@linux-oh68 was authenticated. Password at session.addPasswordIdentity() = "Jochen" -> authenftification succeedes. That is incorrect in different ways. My SSHDPasswordAuthenticator should prevent any authentication. Even if the OS user management is consulted, the result should be false too, because the user "Jochen" doe not exist. 5. Test The customer SSHDPasswordAuthenticator is permanetly returning 'false` User (at session.connect() = "Jochenx" Password at session.addPasswordIdentity() = "Jochen" -> authenftification failed. This seems to be correct, beause a) the SSHDPasswordAuthenticator should preven any authentication. b) the OS user management does not contai an user "Jochen" 6. Test The customer SSHDPasswordAuthenticator is permanetly returning 'false` User (at session.connect() = "Jochenx" Password at session.addPasswordIdentity() = "Jochenx -> authenftification succeedes. This definitly wrong!!!! Please have a look at these parametzers and corresponding results carefully. On my oppinion they definitly describe errors at PasswordAuthentication. Jochen > PasswordAuthentifikation > ------------------------ > > Key: SSHD-473 > URL: https://issues.apache.org/jira/browse/SSHD-473 > Project: MINA SSHD > Issue Type: Bug > Affects Versions: 0.14.0 > Environment: Windows 7, Java 8, Eclipse JUNO > Reporter: Jochen Seliger > Priority: Critical > Attachments: SSHDPasswordAuthenticator.java, SSH_SERVER.java > > > I run the sshd and the ssh client both on the windos mashine. > The sshd I start on port 8000 and with password authentificator ans an own > atthenicator class, which shall shoe a messagebox when envoced. > The client I start aftercreating it as SshClient.setUpDefaultClient(); > without stting any factury with the statement ClientSession session = > client.connect("Jochen","192.168.100.13",8000).await().getSession(); (Jochen > is an existing user on the mashine). > But till shellChannel I can proceed only when setting after session creation > session.addPasswordIdentity("Jochen"); (it is tha same user as provided at > session creation) > There is no functionality to set the password. > The method authPassword is depreciated. > 1. My first question: How to proceed th use PasswordAuthentification? > As stated I can proceesd til ssh-Shell, but the server is logging at a first > run an autentification failure and at a second run authentification success: > Mai 22, 2015 12:14:21 PM org.apache.sshd.client.session.ClientSessionImpl > readIdentification > INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0 > Mai 22, 2015 12:14:22 PM > org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier verifyServerKey > WARNUNG: Server at /192.168.100.13:8000 presented unverified DSA key: > e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35 > Mai 22, 2015 12:14:22 PM org.apache.sshd.common.session.AbstractSession > doHandleMessage > INFORMATION: Dequeing pending packets > Mai 22, 2015 12:14:22 PM > org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth > INFORMATION: Received SSH_MSG_USERAUTH_FAILURE > Mai 22, 2015 12:14:22 PM > org.apache.sshd.client.auth.UserAuthKeyboardInteractive process > INFORMATION: Received Password authentication en-US > Mai 22, 2015 12:14:22 PM > org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth > INFORMATION: Received SSH_MSG_USERAUTH_SUCCESS > ShellChannell opened > Microsoft Windows [Version 6.0.6001] > Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten. > C:\Users\Jochen\workspace\USF_SSH_WS> > allthoug I did not provide an password. > 2. Why thes two runs are processed? > 3. Why the first run fails and the second one succedes? > 4. How to proceede to get a functioning password and keypair authentication? > Regards > Jochen Seliger -- This message was sent by Atlassian JIRA (v6.3.4#6332)