[
https://issues.apache.org/jira/browse/SSHD-700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15528735#comment-15528735
]
Goldstein Lyor commented on SSHD-700:
-------------------------------------
Hi Li,
I have not yet been able to set up the test environment (like I said, it will
take some time), but I do have a few preliminary remarks after reviewing the
code you posted.
# The code creates a new client instance every time {{startShell}} is called.
This is *wrong* (please read the documentation). The idea is to create *one*
client instance during the _main_ initialization and re-use it again and again
to create sessions. The client should be stopped when the application exits
(not really 100% necessary, but highly recommended). The code you posted
creates lots of thread, pools, etc. where they are not needed.
# The code does not register a {{ForwardingFilter}} at the client or the server
- this means that *no forwarding may occur* - again, please read the
documentation that was recently posted on the [Github MINA
site|https://github.com/apache/mina-sshd].
# The authentication process is *wrong*- if will always fail the 1st time and
require the password since you do not provide a key-pair identity - again,
please read the documentation how to properly execute the authentication.
# Please don't 2nd guess the API - if you need a {{ChannelShell}} call the
appropriate API:
{code:java}
ChannelShell channel = session.createShellChannel();
{code}
# Your code checks
{code:java}
if (env.getEnv().containsKey("SSH_AUTH_SOCK")) {
channel.setAgentForwarding(true);
}
{code}
you actually already checked this in:
{code:java}
if (env.getEnv().containsKey(SshAgent.SSH_AUTHSOCKET_ENV_NAME))
{code}
# you are setting up the server to use the {{ProxyAgentFactory}} - which
actually uses {{UnixAgentFactory}} and this requires the [Apache Portable
Runtime Library|https://apr.apache.org/] - have you installed it ? configured
it ? Made sure it is available for loading in the {{LD_LIBRARY_PATH}} (see
{{AprLibrary}} class) ?
In this context, I have never seen this kind of agent proxy run on _Windows_ -
it's not impossible, just much more complicated than _Unix_. I mention this
because _XShell_ and _XAgent_ are _Windows_ application and I am not clear as
to the set-up you are trying to test (see further below).
# Finally, in order to correctly debug this issue, please describe *exactly*
the setup your are trying to use - who is the client (_XShell_?) ? Who is the
server ? Who is the agent (_XAgent ?) ? How are they set up, etc... I recommend
you attach some text or PDF document that explains this - perhaps some drawing
of the set up environment
> SSHD does not suppot agent forwarding for XShell and XAgent
> -----------------------------------------------------------
>
> Key: SSHD-700
> URL: https://issues.apache.org/jira/browse/SSHD-700
> Project: MINA SSHD
> Issue Type: New Feature
> Affects Versions: 1.2.0
> Environment: Windows 10 and CentOS 7
> XShell 5.0
> Reporter: Li Fangning
> Priority: Minor
> Attachments: SshdTest2.java, SshdTest3.java, debug.log
>
>
> I use MINA SSHD for both server side and client side:
> SSH client --> MINA SSHD Server - MINA SSHD Client --> Target Linux Server
> I use XShell (http://www.netsarang.com/) as SSH client, and use XAgent with
> XShell for target server authentication (Public Key Access with Agent
> Forwarding).
> I have tried PuTTY (with pagent), SecureCRT, and openssh client in linux,
> they are all passed. But when I try XShell with XAgent, the agent forwarding
> phase is failed.
> When I check the debug log and source code of MINA SSHD, I find that SSHD
> only handle the "[email protected]" request type (in
> org.apache.sshd.server.channel.ChannelSession#handleInternalRequest), which
> is OK for PuTTY, SecureCRT and openssh client. But XShell send a
> "auth-agent-req" request (without "@openssh.com"), so SSHD not handle the
> request.
> I have try to change the source code, add "auth-agent-req" to the
> "switch-case" in handleInternalRequest, but the authentication is blocked.
> I have attached my code, please help me solve the problem.
> Thanks a lot.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
