[jira] [Commented] (SSHD-850) sshd client; encrypted private key identity file: FilePasswordProvider called only once; should be called NumberOfPasswordPrompts times

Tue, 16 Oct 2018 21:03:07 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16652912#comment-16652912
 ] 

Goldstein Lyor commented on SSHD-850:
-------------------------------------

These are 2 separate concerns:

* {{keyboard-interactive}} authentication - has nothing to do with decrypting 
key files.
* Key files decryption is relevant only for public key authentication.

The 2 are unrelated in any way. What you are describing is a way to allow the 
user to enter several times the password for a private key file. This is 
possible by providing your own {{KeyPairProvider}} that executes this 
functionality.



> sshd client; encrypted private key identity file: FilePasswordProvider called 
> only once; should be called NumberOfPasswordPrompts times
> ---------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SSHD-850
>                 URL: https://issues.apache.org/jira/browse/SSHD-850
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.0.0
>            Reporter: Thomas Wolf
>            Priority: Minor
>
> In openssh, the ssh config entry NumberOfPasswordPrompts controls the number 
> of times the ssh client keeps asking for a password if the one entered was 
> invalid in two cases:
>  # keyboard-interactive authentication, and
>  # asking for passwords for encrypted private keys in identity files in 
> pubkey authentication (see [openssh sources; 
> sshconnect2.c|https://github.com/openssh/openssh-portable/blob/1a4a9cf/sshconnect2.c#L1380]).
> sshd-core only has support for (1) through setting the property 
> {{ClientAuthenticationManager.PASSWORD_PROMPTS}} in the session's properties.
> There doesn't seem to be any support for FilePasswordProvider to make it 
> respect this value.
> {{AbstractPEMResourceKeyPairParser.extractkeyPairs()}} and also 
> {{BouncyCastleKeyPairResourceParser.loadKeyPair()}} call 
> {{FilePasswordProvider.getPassword()}} exactly once.
> So how can I write a ssh client using sshd that asks the user 
> NumberOfPasswordPrompts times? Either I'm missing something, or there is some 
> support for this missing in sshd.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to