[jira] [Created] (SSHD-611) Servers rejecting keyboard-interactive authentication not handled

Tue, 08 Dec 2015 05:06:25 -0800 

Oliver Stöneberg created SSHD-611:
-------------------------------------

             Summary: Servers rejecting keyboard-interactive authentication not 
handled
                 Key: SSHD-611
                 URL: https://issues.apache.org/jira/browse/SSHD-611
             Project: MINA SSHD
          Issue Type: Bug
            Reporter: Oliver Stöneberg


I am trying to communicate with a server that advertises keyboard-interactive 
authentication but it fails with "Too many authentication failures". When the 
client sends the request it gets a failure and requests it again and again 
until it hits the maximum retries value. It also never reaches the 
UserInteraction object that was assigned to the client. It seems when the 
request fails it should move on to the next authentication method.

Here's the output of sshd-core:

DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] (ClientUserAuthService.java:234) 
tryNext(ClientSessionImpl[root@/10.48.43.215:22]) attempting 
method=keyboard-interactive
DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] 
(UserAuthKeyboardInteractive.java:110) 
process(root@ClientSessionImpl[root@/10.48.43.215:22])[ssh-connection] Send 
SSH_MSG_USERAUTH_REQUEST for keyboard-interactive
TRACE [sshd-SshClient[48c40605]-nio2-thread-1] (AbstractSession.java:862) 
encode(ClientSessionImpl[root@/10.48.43.215:22]) Sending packet #5: 32 00 00 00 
04 72 6f 6f 74 00 00 00 0e 73 73 68 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 
14 6b 65 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 00 00 00 00 00 
00 00 00
DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] (Nio2Session.java:114) Writing 
100 bytes
DEBUG [sshd-SshClient[48c40605]-nio2-thread-4] (Nio2Session.java:274) Finished 
writing
DEBUG [sshd-SshClient[48c40605]-nio2-thread-5] (Nio2Session.java:223) Read 84 
bytes
TRACE [sshd-SshClient[48c40605]-nio2-thread-5] (AbstractSession.java:1003) 
decode(ClientSessionImpl[root@/10.48.43.215:22]) Received packet #6: 33 00 00 
00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 73 73 77 6f 72 64 2c 6b 65 79 62 6f 
61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 00
TRACE [sshd-SshClient[48c40605]-nio2-thread-5] (AbstractSession.java:415) 
doHandleMessage(ClientSessionImpl[root@/10.48.43.215:22]) process 
SSH_MSG_USERAUTH_FAILURE
DEBUG [sshd-SshClient[48c40605]-nio2-thread-5] (ClientUserAuthService.java:181) 
processUserAuth(ClientSessionImpl[root@/10.48.43.215:22]) Received 
SSH_MSG_USERAUTH_FAILURE - partial=false, 
methods=publickey,password,keyboard-interactive

Here's the putty output:

Outgoing packet #0x4, type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
  00000000  00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68  ....ssh-userauth
Incoming packet #0x4, type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
  00000000  00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68  ....ssh-userauth
Outgoing packet #0x5, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
  00000000  00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d  ....root....ssh-
  00000010  63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 04 6e 6f  connection....no
  00000020  6e 65                                            ne
Incoming packet #0x5, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
  00000000  00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61  ...'publickey,pa
  00000010  73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d  ssword,keyboard-
  00000020  69 6e 74 65 72 61 63 74 69 76 65 00              interactive.
Outgoing packet #0x6, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
  00000000  00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d  ....root....ssh-
  00000010  63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 14 6b 65  connection....ke
  00000020  79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69  yboard-interacti
  00000030  76 65 00 00 00 00 00 00 00 00                    ve........
Event Log: Attempting keyboard-interactive authentication
Incoming packet #0x6, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
  00000000  00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61  ...'publickey,pa
  00000010  73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d  ssword,keyboard-
  00000020  69 6e 74 65 72 61 63 74 69 76 65 00              interactive.
Event Log: Server refused keyboard-interactive authentication
Outgoing packet #0x7, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
  00000000  00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d  ....root....ssh-
  00000010  63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 08 70 61  connection....pa
  00000020  73 73 77 6f 72 64 00 XX XX XX XX XX XX XX XX XX  ssword.XXXXXXXXX
  00000030  XX XX XX                                         XXX
Outgoing packet #0x8, type 2 / 0x02 (SSH2_MSG_IGNORE)
  00000000  00 00 00 a0 dd aa 67 0a 8d 42 d0 2a 5c 82 1e 5e  ......g..B.*\..^
  00000010  ef 3b 9f 2a c2 5d 71 8a 28 ff 5d ca 1f 28 94 20  .;.*.]q.(.]..(. 
  00000020  ec f4 2d dd 34 dc cf 99 94 da c1 40 7d a4 d9 09  ..-.4......@}...
  00000030  0e 7c 15 f6 01 56 6b e8 a4 3c 45 a6 c9 bd 00 e3  .|...Vk..<E.....
  00000040  73 e1 36 85 61 09 2f 8f d6 a9 61 ce 58 d6 3f dc  s.6.a./...a.X.?.
  00000050  39 be b2 fd 5b a8 2d a9 46 d8 86 dc 12 cf 0b 82  9...[.-.F.......
  00000060  43 37 4f bf 39 f7 90 e9 6f 52 4e 36 50 8d 9b 67  C7O.9...oRN6P..g
  00000070  b5 7a b3 c3 f5 f2 56 40 b4 75 de 71 1f 22 ff 2f  .z....V@.u.q."./
  00000080  00 0c 89 06 4f 20 44 fe 65 55 02 73 76 22 64 e2  ....O D.eU.sv"d.
  00000090  11 14 ef 34 24 6f 5f 3f 61 95 d3 d1 c1 68 11 5e  ...4$o_?a....h.^
  000000a0  ff 29 f9 31                                      .).1
Event Log: Sent password
Incoming packet #0x7, type 52 / 0x34 (SSH2_MSG_USERAUTH_SUCCESS)
Event Log: Access granted

I am using 28faad4 of master.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to