[
https://issues.apache.org/jira/browse/SSHD-1291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17581987#comment-17581987
]
Evgeny Pasynkov edited comment on SSHD-1291 at 8/19/22 6:46 PM:
----------------------------------------------------------------
Thank you for initial investigations.
I use custom public key auth in my server implementation (which is set up via
SshServer::setPublickeyAuthenticator method). My implementation calls another
services to validate the SSH key, so the asynchronous approach looks quite
natural there - to not to occupy threads while waiting answer from remote
server. The same is why ChannelAsyncOutputStream/ChannelAsyncInputStream are
preferred over blocking i/o
was (Author: xvost):
Thank you for initial investigations.
I use custom public key auth in my server implementation (which is set up via
SshServer::setPublickeyAuthenticator method). My implementation calls another
services to validate the SSH key, so the asynchronous approach looks quite
natural there - to not to occupy threads while waiting answer from remote
server. The same is why ChannelAsyncOutputStream/ChannelAsyncInputStream are
preferred over sync i/o
> Protocol violation when using async PublicKey auth
> --------------------------------------------------
>
> Key: SSHD-1291
> URL: https://issues.apache.org/jira/browse/SSHD-1291
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.9.0
> Reporter: Evgeny Pasynkov
> Priority: Major
>
> Hi.
> I've noticed that SSHD server violates RFC 4252 section 7
> (https://www.rfc-editor.org/rfc/rfc4252#section-7) when using asynchronous
> public key auth (which means throwing AsyncAuthException() from
> PublickeyAuthenticator implementation.
> Part of the client log when using sync approach
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key:xxxxxxx RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 60
> debug1: Server accepts key: xxxxxxxx RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: using publickey with RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: signing using rsa-sha2-512
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> when using "async" approach:
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key: xxxxxxxxxx RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> Please note that mandatory packet SSH_MSG_USERAUTH_PK_OK is missing.
> Though standard client tolerates this difference (at least OpenSSH_9.0p1),
> not all of them do this. Jsch failed to establish session
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
