[
https://issues.apache.org/jira/browse/SSHD-1291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582020#comment-17582020
]
Thomas Wolf commented on SSHD-1291:
-----------------------------------
OK; I see where this is coming from. Off-loading the key/signature checks to a
background thread, and only then replying. Frees up an I/O thread for other
concurrent work for other sessions. Would probably have to have something to
cancel the background check if a new SSH_MSG_USERAUTH_REQUEST comes in for that
session before the asynch reply has been sent.
Do you have access to the server? What does its debug log tell? And can you
show the code of your PubkeyAuthenticator?
> Protocol violation when using async PublicKey auth
> --------------------------------------------------
>
> Key: SSHD-1291
> URL: https://issues.apache.org/jira/browse/SSHD-1291
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.9.0
> Reporter: Evgeny Pasynkov
> Priority: Major
>
> Hi.
> I've noticed that SSHD server violates RFC 4252 section 7
> (https://www.rfc-editor.org/rfc/rfc4252#section-7) when using asynchronous
> public key auth (which means throwing AsyncAuthException() from
> PublickeyAuthenticator implementation.
> Part of the client log when using sync approach
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key:xxxxxxx RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 60
> debug1: Server accepts key: xxxxxxxx RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: using publickey with RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: signing using rsa-sha2-512
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> when using "async" approach:
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key: xxxxxxxxxx RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> Please note that mandatory packet SSH_MSG_USERAUTH_PK_OK is missing.
> Though standard client tolerates this difference (at least OpenSSH_9.0p1),
> not all of them do this. Jsch failed to establish session
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
