[
https://issues.apache.org/jira/browse/SSHD-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14572238#comment-14572238
]
Goldstein Lyor commented on SSHD-473:
-------------------------------------
To put this matter to rest once and for all - below you will find a sample
server and client (I even placed them in the *same* package as your original
code) + the results of running them. Make *sure* your client/server code looks
like the samples and that no step has been missed/skipped. The attached results
prove 100% percent that the client authenticates *only* if you provide the
correct credentials - regardless of whether the client is written in _Java_ or
off-the-shelf. If that doesn't clear the issue for you nothing will - if your
results are different than this then you are doing something wrong or confusing
clients and servers.
h1. The code
{code:title=SampleServer.java}
package org.flowcontrol.uniselflow.web_services.ssh;
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Map;
import org.apache.sshd.SshServer;
import org.apache.sshd.common.ForwardingFilter;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.Session;
import org.apache.sshd.common.SshdSocketAddress;
import org.apache.sshd.common.util.OsUtils;
import org.apache.sshd.common.util.SecurityUtils;
import org.apache.sshd.server.Command;
import org.apache.sshd.server.CommandFactory;
import org.apache.sshd.server.PasswordAuthenticator;
import org.apache.sshd.server.PublickeyAuthenticator;
import org.apache.sshd.server.ServerFactoryManager;
import org.apache.sshd.server.command.ScpCommandFactory;
import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider;
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.apache.sshd.server.session.ServerSession;
import org.apache.sshd.server.sftp.SftpSubsystem;
import org.apache.sshd.server.shell.ProcessShellFactory;
/**
* @author lgoldstein
* @since Jun 4, 2015 7:25:11 AM
*/
public class SampleServer {
public static void main(String[] args) {
SshServer sshd = SshServer.setUpDefaultServer();
Map<String,String> props = sshd.getProperties();
props.put(ServerFactoryManager.WELCOME_BANNER, "SSHD-473 issue example
for Jochen");
// If ANY other combination other than this is provided the
authentication fails !!!
final String EXPECTED_USER_NAME="foo", EXPECTED_PASSWORD="bar";
sshd.setPasswordAuthenticator(new PasswordAuthenticator() {
@Override
public boolean authenticate(String username, String password,
ServerSession session) {
// NOTE: acceptance/rejection is solely based on the Java
code - has NOTHING to
// do with the O/S users - if want to use the O/S
user/password then you need
// to write your own authenticator. The decision
whether to accept/reject the
// provided username/password relies SOLELY on the
return value: true/false
// (assuming the public-key authenticator always
returns FALSE as is the
// case for this code)
boolean accept=EXPECTED_USER_NAME.equals(username) &&
EXPECTED_PASSWORD.equals(password);
PrintStream ps=accept ? System.out : System.err;
String action=accept ? "Accepted" : "Rejected";
ps.println(action + " user=" + username + ",password=" +
password + " from " + session.getIoSession().getRemoteAddress());
return accept;
}
});
sshd.setPublickeyAuthenticator(new PublickeyAuthenticator() {
@Override // just to make sure that authentication is not
achieved by any means other than via password
public boolean authenticate(String username, PublicKey key,
ServerSession session) {
System.err.println("Reject public key authentication for "
+ username + " from " + session.getIoSession().getRemoteAddress());
return false;
}
});
String cwd=System.getProperty("user.dir");
if (cwd.charAt(cwd.length() - 1) == File.separatorChar) {
cwd = cwd.substring(0, cwd.length() - 1);
}
// MUST be provided or not encryption can take place
// if you comment this out the server won't even start...
if (SecurityUtils.isBouncyCastleRegistered()) {
sshd.setKeyPairProvider(new PEMGeneratorHostKeyProvider(cwd +
File.separator + "jochen.pem"));
} else {
sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider(cwd +
File.separator + "jochen.ser"));
}
// comment this out if you don't want to allow remote shell to be run
on the local host
if (OsUtils.isUNIX()) {
sshd.setShellFactory(new ProcessShellFactory(new String[] {
"/bin/sh", "-i", "-l" },
EnumSet.of(ProcessShellFactory.TtyOptions.ONlCr)));
} else {
sshd.setShellFactory(new ProcessShellFactory(new String[] {
"cmd.exe "},
EnumSet.of(ProcessShellFactory.TtyOptions.Echo,
ProcessShellFactory.TtyOptions.ICrNl, ProcessShellFactory.TtyOptions.ONlCr)));
}
// comment this out if you don't want to allow port forwarding
sshd.setTcpipForwardingFilter(new ForwardingFilter() {
@Override
public boolean canForwardAgent(Session session) {
System.out.println("Asked if can forward agent for " +
session.getIoSession().getRemoteAddress());
return true;
}
@Override
public boolean canForwardX11(Session session) {
System.out.println("Asked if can forward X11 for " +
session.getIoSession().getRemoteAddress());
return true;
}
@Override
public boolean canListen(SshdSocketAddress address, Session
session) {
System.out.println("Asked if can listen on " + address + "
for " + session.getIoSession().getRemoteAddress());
return true;
}
@Override
public boolean canConnect(SshdSocketAddress address, Session
session) {
System.out.println("Asked if can connect on " + address + "
for " + session.getIoSession().getRemoteAddress());
return true;
}
});
// comment this out if you don't want to allow remote commands or SCP
to be run on the local host
sshd.setCommandFactory(new ScpCommandFactory(new CommandFactory() {
@Override
public Command createCommand(String command) {
EnumSet<ProcessShellFactory.TtyOptions> ttyOptions;
if (OsUtils.isUNIX()) {
ttyOptions =
EnumSet.of(ProcessShellFactory.TtyOptions.ONlCr);
} else {
ttyOptions =
EnumSet.of(ProcessShellFactory.TtyOptions.Echo,
ProcessShellFactory.TtyOptions.ICrNl, ProcessShellFactory.TtyOptions.ONlCr);
}
System.out.println("Run command: " + command);
return new ProcessShellFactory(command.split(" "),
ttyOptions).create();
}
}));
// comment this out if you don't want to support SFTP
sshd.setSubsystemFactories(Arrays.<NamedFactory<Command>>asList(new
SftpSubsystem.Factory()));
// or whatever else you like, just make sure you connect to the SAME
port from your client
sshd.setPort(8000);
try(BufferedReader stdin=new BufferedReader(new
InputStreamReader(System.in))) {
sshd.start();
// NOTE: MUST have a loop or a long sleep or the server will exit...
while(true) {
System.out.print("Listening on port=" + sshd.getPort() + "
enter (Q)uit to stop: ");
String line=stdin.readLine();
if (line == null) { // EOF
break;
}
line = line.trim();
if (line.length() <= 0) {
continue;
}
char ch=line.charAt(0);
if ((ch == 'q') || (ch == 'Q')) {
break;
}
}
System.out.println("Stopping...");
sshd.stop();
System.out.println("Stopped");
} catch(Throwable t) {
t.printStackTrace();
}
}
}
{code}
{code:title=SampleClient.java}
package org.flowcontrol.uniselflow.web_services.ssh;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.List;
import org.apache.sshd.ClientChannel;
import org.apache.sshd.ClientSession;
import org.apache.sshd.SshClient;
import org.apache.sshd.client.channel.ChannelShell;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.util.NoCloseInputStream;
import org.apache.sshd.common.util.NoCloseOutputStream;
import org.apache.sshd.common.util.SecurityUtils;
import org.bouncycastle.openssl.PasswordFinder;
/**
* @author lgoldstein
* @since Jun 4, 2015 8:06:42 AM
*/
public class SampleClient {
public static void main(String[] args) {
SshClient client = SshClient.setUpDefaultClient();
String homePath = System.getProperty("user.home");
if (homePath.charAt(homePath.length() - 1) == File.separatorChar) {
homePath = homePath.substring(0, homePath.length() - 1);
}
File homeDir = new File(homePath), sshDir = new File(homeDir, ".ssh");
List<String> files = new ArrayList<String>();
for (String fileType : new String[] { "rsa", "dsa", "ecdsa" }) {
File f = new File(sshDir, "/id_" + fileType);
String filePath = f.getAbsolutePath();
if (f.exists()) {
if (f.isFile() && f.canRead()) {
files.add(filePath);
System.out.println("Found " + filePath);
} else {
System.err.println("Not a file or not readable: " +
filePath);
}
} else {
System.out.println("Skip non-existing file: " + filePath);
}
}
if (files.size() <= 0) {
throw new IllegalStateException("No SSH key files found in " +
sshDir.getAbsolutePath());
}
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("Need Bouncycastle on the classpath
in order to load the key files");
}
try(final BufferedReader stdin=new BufferedReader(new
InputStreamReader(System.in))) {
client.setKeyPairProvider(new FileKeyPairProvider(files.toArray(new
String[files.size()]), new PasswordFinder() {
@Override
public char[] getPassword() {
try {
System.out.println("Enter password for private key:
");
String password = stdin.readLine();
return password.toCharArray();
} catch (IOException e) {
return null;
}
}
}));
client.start();
System.out.print("Username: ");
String username=stdin.readLine();
System.out.print("Password: ");
String password=stdin.readLine();
// NOTE: change the 'localhost' to some other address if you need to
// NOTE: change the port (8000) to whatever port you need
ClientSession session = client.connect(username, "localhost",
8000).await().getSession();
try {
System.out.println("Authenticating using password=" + password
+ " ...");
// try commenting this out and see what happens (authentication
should fail)
session.addPasswordIdentity(password);
session.auth().verify();
System.out.println("Authenticated");
ClientChannel channel =
session.createChannel(ClientChannel.CHANNEL_SHELL);
try {
((ChannelShell) channel).setAgentForwarding(false);
channel.setIn(new NoCloseInputStream(System.in));
channel.setOut(new NoCloseOutputStream(System.out));
channel.setErr(new NoCloseOutputStream(System.err));
System.out.println("Open shell...");
channel.open().await();
} finally {
channel.waitFor(ClientChannel.CLOSED, 0);
System.out.println("Closing shell...");
}
} finally {
System.out.println("Closing session...");
session.close(false);
}
} catch(Throwable t) {
t.printStackTrace();
} finally {
System.out.println("Stopping...");
client.stop();
System.out.println("Stopped");
}
}
}
{code}
h1. The results
h2. Using an off-the-shelf SSH command-line client to connect to the sample
server
h3. Good user, good password
{panel:title=Client}
{noformat}
C:\Projects\apache\mina-sshd>ssh -o StrictHostKeyChecking=no -o
UserKnownHostsFile=/dev/null -p 8000 foo@localhost
Warning: Permanently added '[localhost]:8000' (DSA) to the list of known hosts.
Password authentication
Password: ****
SSHD-473 issue example for JochenMicrosoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
{noformat}
{panel}
{panel:title=Server}
{noformat}
Reject public key authentication for foo from /127.0.0.1:58585
Accepted user=foo,password=bar from /127.0.0.1:58585
[sshd-SshServer[325bb9a6]-nio2-thread-1] INFO
org.apache.sshd.server.session.ServerUserAuthService - Session
foo@/127.0.0.1:58585 authenticated
[sshd-SshServer[325bb9a6]-nio2-thread-4] INFO
org.apache.sshd.server.shell.ProcessShellFactory - Starting shell with command:
'[cmd.exe ]' ...
{noformat}
{panel}
h3. Good user, bad password ('1234' instead of 'bar')
{panel:title=Client}
{noformat}
C:\Projects\apache\mina-sshd>ssh -o StrictHostKeyChecking=no -o
UserKnownHostsFile=/dev/null -p 8000 foo@localhost
Warning: Permanently added '[localhost]:8000' (DSA) to the list of known hosts.
Password authentication
Password: ****
Password authentication
Password: ****
Password authentication
Password: ****
foo@localhost's password: ****
Permission denied, please try again.
foo@localhost's password: ****
Permission denied, please try again.
foo@localhost's password: ****
Permission denied (password,keyboard-interactive,publickey).
{noformat}
{panel}
{panel:title=Server}
{noformat}
Reject public key authentication for foo from /127.0.0.1:59037
Rejected user=foo,password=1234 from /127.0.0.1:59037
Rejected user=foo,password=1234 from /127.0.0.1:59037
Rejected user=foo,password=1234 from /127.0.0.1:59037
Rejected user=foo,password=1234 from /127.0.0.1:59037
Rejected user=foo,password=1234 from /127.0.0.1:59037
Rejected user=foo,password=1234 from /127.0.0.1:59037{noformat}
{panel}
h3. Good password, bad user ('jochen' instead of 'foo')
{panel:title=Client}
{noformat}
C:\Projects\apache\mina-sshd>ssh -o StrictHostKeyChecking=no -o
UserKnownHostsFile=/dev/null -p 8000 jochen@localhost
Warning: Permanently added '[localhost]:8000' (DSA) to the list of known hosts.
Password authentication
Password: ****
Password authentication
Password: ****
Password authentication
Password: ****
jochen@localhost's password: ****
Permission denied, please try again.
jochen@localhost's password: ****
Permission denied, please try again.
jochen@localhost's password: ****
Permission denied (password,keyboard-interactive,publickey).
{noformat}
{panel}
{panel:title=Server}
{noformat}
Reject public key authentication for jochen from /127.0.0.1:54785
Rejected user=jochen,password=bar from /127.0.0.1:54785
Rejected user=jochen,password=bar from /127.0.0.1:54785
Rejected user=jochen,password=bar from /127.0.0.1:54785
Rejected user=jochen,password=bar from /127.0.0.1:54785
Rejected user=jochen,password=bar from /127.0.0.1:54785
Rejected user=jochen,password=bar from /127.0.0.1:54785
{noformat}
{panel}
h3. Bad user ('jochen' instead of 'foo'), bad password ('1234' instead of 'bar')
{panel:title=Client}
{noformat}
C:\Projects\apache\mina-sshd>ssh -o StrictHostKeyChecking=no -o
UserKnownHostsFile=/dev/null -p 8000 jochen@localhost
Warning: Permanently added '[localhost]:8000' (DSA) to the list of known hosts.
Password authentication
Password: ****
Password authentication
Password: ****
Password authentication
Password: ****
jochen@localhost's password: ****
Permission denied, please try again.
jochen@localhost's password: ****
Permission denied, please try again.
jochen@localhost's password: ****
Permission denied (password,keyboard-interactive,publickey).
{noformat}
{panel}
{panel:title=Server}
{noformat}
Reject public key authentication for jochen from /127.0.0.1:65228
Rejected user=jochen,password=1234 from /127.0.0.1:65228
Rejected user=jochen,password=1234 from /127.0.0.1:65228
Rejected user=jochen,password=1234 from /127.0.0.1:65228
Rejected user=jochen,password=1234 from /127.0.0.1:65228
Rejected user=jochen,password=1234 from /127.0.0.1:65228
Rejected user=jochen,password=1234 from /127.0.0.1:65228
{noformat}
{panel}
h2. Using the _SampleClient_ code
h3. Good user/password - no call to 'session.addPasswordIdentity(password)'}
{panel:title=Client}
{noformat}
[main] INFO org.apache.sshd.common.util.SecurityUtils - Trying to register
BouncyCastle as a JCE provider
[main] INFO org.apache.sshd.common.util.SecurityUtils - Registration
succeeded
Found C:\Users\lgoldstein\.ssh\id_rsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_dsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_ecdsa
Username: foo
Password: bar
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Client session created
Authenticating...
[main] INFO org.apache.sshd.client.session.ClientSessionImpl - Start
flagging packets as pending until key exchange is done
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.session.ClientSessionImpl - Server version string:
SSH-2.0-SSHD-CORE-0.14.0
[sshd-SshClient[4a7761b1]-nio2-thread-4] WARN
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at
localhost/127.0.0.1:8000 presented unverified DSA key:
2a:b8:38:3b:49:d5:e4:ce:07:dd:15:d3:82:13:72:bd
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.session.ClientSessionImpl - Dequeing pending packets
[sshd-SshClient[4a7761b1]-nio2-thread-2] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-2] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
Closing session...
org.apache.sshd.common.SshException: Authentication failed
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:44)
at
org.flowcontrol.uniselflow.web_services.ssh.SampleClient.main(SampleClient.java:121)
Stopping...
Stopped
{noformat}
{panel}
{panel:title=Server}
{noformat}
[sshd-SshServer[325bb9a6]-nio2-thread-1] INFO
org.apache.sshd.server.session.ServerSession - Server session created from
/127.0.0.1:59230
Reject public key authentication for foo from /127.0.0.1:59230
{noformat}
*NOTE*: the password authenticator is never invoked - as should be expected
since we did not provide a password
{panel}
h3. good user, good password - calling _session.addPasswordIdentity(password)_
before _session.auth().verify()_
{panel:title=Client}
{noformat}
Client:
[main] INFO org.apache.sshd.common.util.SecurityUtils - Trying to register
BouncyCastle as a JCE provider
[main] INFO org.apache.sshd.common.util.SecurityUtils - Registration
succeeded
Found C:\Users\lgoldstein\.ssh\id_rsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_dsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_ecdsa
Username: foo
Password: bar
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Client session created
Authenticating using password=bar ...
[main] INFO org.apache.sshd.client.session.ClientSessionImpl - Start
flagging packets as pending until key exchange is done
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.session.ClientSessionImpl - Server version string:
SSH-2.0-SSHD-CORE-0.14.0
[sshd-SshClient[4a7761b1]-nio2-thread-1] WARN
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at
localhost/127.0.0.1:8000 presented unverified DSA key:
2a:b8:38:3b:49:d5:e4:ce:07:dd:15:d3:82:13:72:bd
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.session.ClientSessionImpl - Dequeing pending packets
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-2] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_SUCCESS
Authenticated
Open shell...
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Projects\...>dir
dir
dir
Volume in drive C is ....
Volume Serial Number is F29B-038F
Directory of ....
04-Jun-15 07:52 <DIR> .
04-Jun-15 07:52 <DIR> ..
08-Apr-15 14:35 1,100 .classpath
26-Mar-15 12:28 734 .project
25-Mar-15 11:07 <DIR> .settings
08-Apr-15 14:34 489 .springBeans
01-Jun-15 09:58 761 build.xml
04-Jun-15 07:52 684 jochen.pem
02-Jun-15 16:03 1,675 pom.xml
24-Mar-15 17:07 <DIR> src
28-May-15 13:16 <DIR> target
6 File(s) 5,443 bytes
5 Dir(s) 353,275,584,512 bytes free
C:\Projects\...>
C:\Projects\...>exit
exit
exit
Closing shell...
Closing session...{noformat}
{panel}
{panel:title=Server}
{noformat}
[sshd-SshServer[325bb9a6]-nio2-thread-2] INFO
org.apache.sshd.server.session.ServerSession - Server session created from
/127.0.0.1:50410
Reject public key authentication for foo from /127.0.0.1:50410
Accepted user=foo,password=bar from /127.0.0.1:50410
[sshd-SshServer[325bb9a6]-nio2-thread-4] INFO
org.apache.sshd.server.session.ServerUserAuthService - Session
foo@/127.0.0.1:50410 authenticated
[sshd-SshServer[325bb9a6]-nio2-thread-2] INFO
org.apache.sshd.server.shell.ProcessShellFactory - Starting shell with command:
'[cmd.exe ]' ...
{noformat}
{panel}
h3. Good user, bad password('1234' instead of 'bar') - calling
_session.addPasswordIdentity(password)_ before _session.auth().verify()_
{panel:title=Client}
{noformat}
[main] INFO org.apache.sshd.common.util.SecurityUtils - Trying to register
BouncyCastle as a JCE provider
[main] INFO org.apache.sshd.common.util.SecurityUtils - Registration
succeeded
Found C:\Users\lgoldstein\.ssh\id_rsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_dsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_ecdsa
Username: foo
Password: 1234
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Client session created
Authenticating using password=1234 ...
[main] INFO org.apache.sshd.client.session.ClientSessionImpl - Start
flagging packets as pending until key exchange is done
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.session.ClientSessionImpl - Server version string:
SSH-2.0-SSHD-CORE-0.14.0
[sshd-SshClient[4a7761b1]-nio2-thread-1] WARN
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at
localhost/127.0.0.1:8000 presented unverified DSA key:
2a:b8:38:3b:49:d5:e4:ce:07:dd:15:d3:82:13:72:bd
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.session.ClientSessionImpl - Dequeing pending packets
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-3] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-2] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
Closing session...
org.apache.sshd.common.SshException: Authentication failed
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:44)
at
org.flowcontrol.uniselflow.web_services.ssh.SampleClient.main(SampleClient.java:101)
Stopping...
Stopped
{noformat}
{panel}
{panel:title=Server}
{noformat}
[sshd-SshServer[325bb9a6]-nio2-thread-4] INFO
org.apache.sshd.server.session.ServerSession - Server session created from
/127.0.0.1:50150
Reject public key authentication for foo from /127.0.0.1:50150
Rejected user=foo,password=1234 from /127.0.0.1:50150
Rejected user=foo,password=1234 from /127.0.0.1:50150
{noformat}
{panel}
h3. Bad user ('jochen' instead of 'foo'), good password - calling
_session.addPasswordIdentity(password)_ before _session.auth().verify()_
{panel:title=Client}
{noformat}
[main] INFO org.apache.sshd.common.util.SecurityUtils - Trying to register
BouncyCastle as a JCE provider
[main] INFO org.apache.sshd.common.util.SecurityUtils - Registration
succeeded
Found C:\Users\lgoldstein\.ssh\id_rsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_dsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_ecdsa
Username: jochen
Password: bar
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Client session created
Authenticating using password=bar ...
[main] INFO org.apache.sshd.client.session.ClientSessionImpl - Start
flagging packets as pending until key exchange is done
[sshd-SshClient[4a7761b1]-nio2-thread-3] INFO
org.apache.sshd.client.session.ClientSessionImpl - Server version string:
SSH-2.0-SSHD-CORE-0.14.0
[sshd-SshClient[4a7761b1]-nio2-thread-4] WARN
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at
localhost/127.0.0.1:8000 presented unverified DSA key:
2a:b8:38:3b:49:d5:e4:ce:07:dd:15:d3:82:13:72:bd
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.session.ClientSessionImpl - Dequeing pending packets
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-3] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-2] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-3] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-2] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
Closing session...
org.apache.sshd.common.SshException: Authentication failed
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:44)
at
org.flowcontrol.uniselflow.web_services.ssh.SampleClient.main(SampleClient.java:101)
Stopping...
Stopped
{noformat}
{panel}
{panel:title=Server}
{noformat}
[sshd-SshServer[325bb9a6]-nio2-thread-3] INFO
org.apache.sshd.server.session.ServerSession - Server session created from
/127.0.0.1:50292
Reject public key authentication for jochen from /127.0.0.1:50292
Rejected user=jochen,password=bar from /127.0.0.1:50292
Rejected user=jochen,password=bar from /127.0.0.1:50292
{noformat}
{panel}
h3. bad user ('jochen' instead of 'foo'), bad password ('1234' instead of
'bar') - calling _session.addPasswordIdentity(password)_ before
_session.auth().verify()_
{panel:title=Client}
{noformat}
[main] INFO org.apache.sshd.common.util.SecurityUtils - Trying to register
BouncyCastle as a JCE provider
[main] INFO org.apache.sshd.common.util.SecurityUtils - Registration
succeeded
Found C:\Users\lgoldstein\.ssh\id_rsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_dsa
Skip non-existing file: C:\Users\lgoldstein\.ssh\id_ecdsa
Username: jochen
Password: 1234
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Client session created
Authenticating using password=1234 ...
[main] INFO org.apache.sshd.client.session.ClientSessionImpl - Start
flagging packets as pending until key exchange is done
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.session.ClientSessionImpl - Server version string:
SSH-2.0-SSHD-CORE-0.14.0
[sshd-SshClient[4a7761b1]-nio2-thread-1] WARN
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at
localhost/127.0.0.1:8000 presented unverified DSA key:
2a:b8:38:3b:49:d5:e4:ce:07:dd:15:d3:82:13:72:bd
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.session.ClientSessionImpl - Dequeing pending packets
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-3] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
[sshd-SshClient[4a7761b1]-nio2-thread-5] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-1] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-2] INFO
org.apache.sshd.client.auth.UserAuthKeyboardInteractive - Received Password
authentication en-US
[sshd-SshClient[4a7761b1]-nio2-thread-4] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
Closing session...
org.apache.sshd.common.SshException: Authentication failed
at
org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:44)
at
org.flowcontrol.uniselflow.web_services.ssh.SampleClient.main(SampleClient.java:101)
Stopping...
Stopped
{noformat}
{panel}
{panel:title=Server}
{noformat}
[sshd-SshServer[325bb9a6]-nio2-thread-5] INFO
org.apache.sshd.server.session.ServerSession - Server session created from
/127.0.0.1:50628
Reject public key authentication for jochen from /127.0.0.1:50628
Rejected user=jochen,password=1234 from /127.0.0.1:50628
Rejected user=jochen,password=1234 from /127.0.0.1:50628
{noformat}
{panel}
> PasswordAuthentifikation
> ------------------------
>
> Key: SSHD-473
> URL: https://issues.apache.org/jira/browse/SSHD-473
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 0.14.0
> Environment: Windows 7, Java 8, Eclipse JUNO
> Reporter: Jochen Seliger
> Priority: Critical
> Attachments: SSHDPasswordAuthenticator.java, SSH_SERVER.java
>
>
> I run the sshd and the ssh client both on the windos mashine.
> The sshd I start on port 8000 and with password authentificator ans an own
> atthenicator class, which shall shoe a messagebox when envoced.
> The client I start aftercreating it as SshClient.setUpDefaultClient();
> without stting any factury with the statement ClientSession session =
> client.connect("Jochen","192.168.100.13",8000).await().getSession(); (Jochen
> is an existing user on the mashine).
> But till shellChannel I can proceed only when setting after session creation
> session.addPasswordIdentity("Jochen"); (it is tha same user as provided at
> session creation)
> There is no functionality to set the password.
> The method authPassword is depreciated.
> 1. My first question: How to proceed th use PasswordAuthentification?
> As stated I can proceesd til ssh-Shell, but the server is logging at a first
> run an autentification failure and at a second run authentification success:
> Mai 22, 2015 12:14:21 PM org.apache.sshd.client.session.ClientSessionImpl
> readIdentification
> INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier verifyServerKey
> WARNUNG: Server at /192.168.100.13:8000 presented unverified DSA key:
> e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35
> Mai 22, 2015 12:14:22 PM org.apache.sshd.common.session.AbstractSession
> doHandleMessage
> INFORMATION: Dequeing pending packets
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_FAILURE
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.auth.UserAuthKeyboardInteractive process
> INFORMATION: Received Password authentication en-US
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_SUCCESS
> ShellChannell opened
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten.
> C:\Users\Jochen\workspace\USF_SSH_WS>
> allthoug I did not provide an password.
> 2. Why thes two runs are processed?
> 3. Why the first run fails and the second one succedes?
> 4. How to proceede to get a functioning password and keypair authentication?
> Regards
> Jochen Seliger
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
