[jira] [Comment Edited] (SSHD-611) Servers rejecting keyboard-interactive authentication not handled

Wed, 09 Dec 2015 02:49:40 -0800 

    [ 
https://issues.apache.org/jira/browse/SSHD-611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15048462#comment-15048462
 ] 

Oliver Stöneberg edited comment on SSHD-611 at 12/9/15 10:48 AM:
-----------------------------------------------------------------

I attached the log but it doesn't seem the logging you added made any 
different. The problem is, that the SSH_MSG_USERAUTH_REQUEST prodcues a 
SSH_MSG_USERAUTH_FAILURE response leading it to always entering the "buffer == 
null" block in 
org.apache.sshd.client.auth.UserAuthKeyboardInteractive#process(). It never 
moves on since it requires a SSH_MSG_USERAUTH_REQUEST response for that.


was (Author: firewave):
DEBUG output when trying to connect to a server that rejects 
keyboard-interactive authentication

> Servers rejecting keyboard-interactive authentication not handled
> -----------------------------------------------------------------
>
>                 Key: SSHD-611
>                 URL: https://issues.apache.org/jira/browse/SSHD-611
>             Project: MINA SSHD
>          Issue Type: Bug
>            Reporter: Oliver Stöneberg
>         Attachments: sshd-core_keyboard-interactive_rejection.txt
>
>
> I am trying to communicate with a server that advertises keyboard-interactive 
> authentication but it fails with "Too many authentication failures". When the 
> client sends the request it gets a failure and requests it again and again 
> until it hits the maximum retries value. It also never reaches the 
> UserInteraction object that was assigned to the client. It seems when the 
> request fails it should move on to the next authentication method.
> Here's the output of sshd-core:
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] 
> (ClientUserAuthService.java:234) 
> tryNext(ClientSessionImpl[root@/10.48.43.215:22]) attempting 
> method=keyboard-interactive
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] 
> (UserAuthKeyboardInteractive.java:110) 
> process(root@ClientSessionImpl[root@/10.48.43.215:22])[ssh-connection] Send 
> SSH_MSG_USERAUTH_REQUEST for keyboard-interactive
> TRACE [sshd-SshClient[48c40605]-nio2-thread-1] (AbstractSession.java:862) 
> encode(ClientSessionImpl[root@/10.48.43.215:22]) Sending packet #5: 32 00 00 
> 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 
> 00 14 6b 65 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 00 00 00 00 
> 00 00 00 00
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] (Nio2Session.java:114) Writing 
> 100 bytes
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-4] (Nio2Session.java:274) 
> Finished writing
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-5] (Nio2Session.java:223) Read 84 
> bytes
> TRACE [sshd-SshClient[48c40605]-nio2-thread-5] (AbstractSession.java:1003) 
> decode(ClientSessionImpl[root@/10.48.43.215:22]) Received packet #6: 33 00 00 
> 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 73 73 77 6f 72 64 2c 6b 65 79 62 6f 
> 61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 00
> TRACE [sshd-SshClient[48c40605]-nio2-thread-5] (AbstractSession.java:415) 
> doHandleMessage(ClientSessionImpl[root@/10.48.43.215:22]) process 
> SSH_MSG_USERAUTH_FAILURE
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-5] 
> (ClientUserAuthService.java:181) 
> processUserAuth(ClientSessionImpl[root@/10.48.43.215:22]) Received 
> SSH_MSG_USERAUTH_FAILURE - partial=false, 
> methods=publickey,password,keyboard-interactive
> Here's the putty output:
> Outgoing packet #0x4, type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
>   00000000  00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68  ....ssh-userauth
> Incoming packet #0x4, type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
>   00000000  00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68  ....ssh-userauth
> Outgoing packet #0x5, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
>   00000000  00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d  ....root....ssh-
>   00000010  63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 04 6e 6f  connection....no
>   00000020  6e 65                                            ne
> Incoming packet #0x5, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
>   00000000  00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61  ...'publickey,pa
>   00000010  73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d  ssword,keyboard-
>   00000020  69 6e 74 65 72 61 63 74 69 76 65 00              interactive.
> Outgoing packet #0x6, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
>   00000000  00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d  ....root....ssh-
>   00000010  63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 14 6b 65  connection....ke
>   00000020  79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69  yboard-interacti
>   00000030  76 65 00 00 00 00 00 00 00 00                    ve........
> Event Log: Attempting keyboard-interactive authentication
> Incoming packet #0x6, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
>   00000000  00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61  ...'publickey,pa
>   00000010  73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d  ssword,keyboard-
>   00000020  69 6e 74 65 72 61 63 74 69 76 65 00              interactive.
> Event Log: Server refused keyboard-interactive authentication
> Outgoing packet #0x7, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
>   00000000  00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d  ....root....ssh-
>   00000010  63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 08 70 61  connection....pa
>   00000020  73 73 77 6f 72 64 00 XX XX XX XX XX XX XX XX XX  ssword.XXXXXXXXX
>   00000030  XX XX XX                                         XXX
> Outgoing packet #0x8, type 2 / 0x02 (SSH2_MSG_IGNORE)
>   00000000  00 00 00 a0 dd aa 67 0a 8d 42 d0 2a 5c 82 1e 5e  ......g..B.*\..^
>   00000010  ef 3b 9f 2a c2 5d 71 8a 28 ff 5d ca 1f 28 94 20  .;.*.]q.(.]..(. 
>   00000020  ec f4 2d dd 34 dc cf 99 94 da c1 40 7d a4 d9 09  ..-.4......@}...
>   00000030  0e 7c 15 f6 01 56 6b e8 a4 3c 45 a6 c9 bd 00 e3  .|...Vk..<E.....
>   00000040  73 e1 36 85 61 09 2f 8f d6 a9 61 ce 58 d6 3f dc  s.6.a./...a.X.?.
>   00000050  39 be b2 fd 5b a8 2d a9 46 d8 86 dc 12 cf 0b 82  9...[.-.F.......
>   00000060  43 37 4f bf 39 f7 90 e9 6f 52 4e 36 50 8d 9b 67  C7O.9...oRN6P..g
>   00000070  b5 7a b3 c3 f5 f2 56 40 b4 75 de 71 1f 22 ff 2f  .z....V@.u.q."./
>   00000080  00 0c 89 06 4f 20 44 fe 65 55 02 73 76 22 64 e2  ....O D.eU.sv"d.
>   00000090  11 14 ef 34 24 6f 5f 3f 61 95 d3 d1 c1 68 11 5e  ...4$o_?a....h.^
>   000000a0  ff 29 f9 31                                      .).1
> Event Log: Sent password
> Incoming packet #0x7, type 52 / 0x34 (SSH2_MSG_USERAUTH_SUCCESS)
> Event Log: Access granted
> I am using 28faad4 of master.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to