[
https://issues.apache.org/jira/browse/SSHD-1291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582903#comment-17582903
]
Evgeny Pasynkov commented on SSHD-1291:
---------------------------------------
The very basic test which demonstrates this behaviour (The difference from
server ran in SSHD tests is using the AsyncAuthException, actually).
Just run the program and connect to it from console: "ssh -vvv
ssh://localhost:2220 abc"
{code:java}
package demo;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.digest.BuiltinDigests;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.server.ServerBuilder;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.AsyncAuthException;
import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;
import org.apache.sshd.server.shell.UnknownCommand;
import java.io.ByteArrayInputStream;
import java.security.KeyPair;
import java.security.PublicKey;
public class AsyncPublicKeyAuthServer {
public static void main(String[] args) throws Exception {
SshServer sshd = ServerBuilder.builder().build();
final KeyPair serverKey = SecurityUtils.loadKeyPairIdentities(
null,
NamedResource.ofName(""),
new ByteArrayInputStream(PrivateKey.getBytes()),
null).iterator().next();
sshd.setPort(2220);
sshd.setKeyPairProvider(KeyPairProvider.wrap(serverKey));
sshd.setCommandFactory((channel, command) -> new
UnknownCommand(command));
sshd.setPublickeyAuthenticator(new PublickeyAuthenticator() {
@Override
public boolean authenticate(String username, PublicKey key,
ServerSession session) throws AsyncAuthException {
String fingerprint =
KeyUtils.getFingerPrint(BuiltinDigests.md5, key);
AsyncAuthException ex = new AsyncAuthException();
new Thread(new Runnable() {
@Override
public void run() {
ex.setAuthed(true);
}
}).start();
throw ex;
}
});
sshd.start();
System.out.println("Server started on port " + sshd.getPort());
System.out.println("Press any key to exit");
System.in.read();
System.out.println("Finished");
sshd.stop();
}
private static String PrivateKey = "-----BEGIN OPENSSH PRIVATE KEY-----\n" +
"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n" +
"NhAAAAAwEAAQAAAYEA0+edBTXN8p9dK6+qlgdwaDi5bqk/w4GByf/Xv9VpgJmJzXb3IxYR\n" +
"mHKPs/390FGU50w1K/5TfoVeyM/8RXVsbNCNt06csF2fJlzC7FHyO39InSAFwnzywLSeGl\n" +
"nFsT3sNlpucg5GKjIh0afoc4xzDiNAFvZDR8/szMKET9YWCUyAFnZ5pScloPBFVFZjNfg2\n" +
"2CB2ohDrihcxdeuBPq5fAi3+aOlwyYBxhWkggKeEyUlbEXaRuvxgpoHlqUT4ebgzU8o8uP\n" +
"LfdJBP7WHX7D3DfCZtJrsQVTeJxR+gbpSb0EB6MJ+FTpjsdKa4dQ89GhzLpQJecjXYYwGd\n" +
"UZG3XC8RqNi4v7xmiT2uHCwdkx6IDx+5wTTsuz/luP1nqPxYOvRFYhgiXv0gjJoTXp94X3\n" +
"1cfuB87wG3YVcNfF9X44UdEkM251cf141b8GGFftrwwBO1OiqPZypUohXhthkrQ6cgToo5\n" +
"hx7F6/Hlax9To4R8tkNw65zh3XIfs0/DbGB9XEM1AAAFoBd6K2AXeitgAAAAB3NzaC1yc2\n" +
"EAAAGBANPnnQU1zfKfXSuvqpYHcGg4uW6pP8OBgcn/17/VaYCZic129yMWEZhyj7P9/dBR\n" +
"lOdMNSv+U36FXsjP/EV1bGzQjbdOnLBdnyZcwuxR8jt/SJ0gBcJ88sC0nhpZxbE97DZabn\n" +
"IORioyIdGn6HOMcw4jQBb2Q0fP7MzChE/WFglMgBZ2eaUnJaDwRVRWYzX4NtggdqIQ64oX\n" +
"MXXrgT6uXwIt/mjpcMmAcYVpIICnhMlJWxF2kbr8YKaB5alE+Hm4M1PKPLjy33SQT+1h1+\n" +
"w9w3wmbSa7EFU3icUfoG6Um9BAejCfhU6Y7HSmuHUPPRocy6UCXnI12GMBnVGRt1wvEajY\n" +
"uL+8Zok9rhwsHZMeiA8fucE07Ls/5bj9Z6j8WDr0RWIYIl79IIyaE16feF99XH7gfO8Bt2\n" +
"FXDXxfV+OFHRJDNudXH9eNW/BhhX7a8MATtToqj2cqVKIV4bYZK0OnIE6KOYcexevx5Wsf\n" +
"U6OEfLZDcOuc4d1yH7NPw2xgfVxDNQAAAAMBAAEAAAGAHCpyBYpESJaEJNVhoDV27HN1uk\n" +
"7Gye7B2J6oB7iPIGfIGEZSzRgW2KOJlEwTW4gseZ34h1Nzt6J0mc6DYpwcAE6sN4w8aXjY\n" +
"OZok0pKF1wCxHylteo9vGMwpI6mBDHEFn6fffEuHaf5l3l8qF4m4lU18LFEpWjc563GDcr\n" +
"UrEqtXbyTqQFh2uPCW1oHxB/BpIcsW2a3UEPPKQDlAYZt9x2VjpoA43J+09x2lE1Sw4qxc\n" +
"bXLMJgV7t0YWx6wCNvOTqMjApfSomAXFSiRyvsM0oVXFtLMCo4s8VBvpcBAyHw6h5PtPZq\n" +
"r6ZkAmvzhV0x6lKNbjJauW6Bh7eKOFBPVg9fbSwgYf6CeYC+kK4ggPo05zQhChaRhFL3Qm\n" +
"YJKrLbfErrvcppMznoyp+XdtPMHDdJRHhkDIkFCOuUUHscz92C9PIgpi6wGkxa6PXBkzx0\n" +
"s/YpxY4zOcHaa7UDfDTVg7wV0d8+oR/66i6fFOdhwbCS9ZiML6+JYRbdLHj9G9L8QVAAAA\n" +
"wQDo7aq42LcvdkNWKOa0R1bzaAxxFuHMou6DLYhVbYDn9m4hoIs0nX5wx3aXTGvY6xI4ol\n" +
"KMOco56HufQiKYyfhTob1F2i3xRTyGX6dR3HnP9QBYXMOc0UXyXciSpR7/9TxmV46T1EIA\n" +
"adA3v+4xCnvACS6mG42w7IumMDA6gXg/uLzn7NzkhV6oiaFeIZ+P/OHlvCPXvkXY6pg6hr\n" +
"8qIZGtufZQhcGvYE5tgyI/9iB/m90l2URJhGJ9gLAzeEUkpaIAAADBAP79AqJc8klHz0YD\n" +
"3/yz/C+sNyWE6ot5E6CWwygpQ+IsAe63XYWjQ3OxN29yw3Bk8nkHAHYgDqDDnuWa0p6u/n\n" +
"JF3TjaLVUrWjH1xz9KXhyc4RXBqmnsqaNNNQott5deid4MD4MpkRsad1+iCjFT307k5+/J\n" +
"5QRD3p81p5SZH9LGmyRJyv0A3a//nkjFaRybk2eCzXVMp6AXCZGOKFWZeYOI+zXlUDbGHF\n" +
"NhxFCsXxco+CEv8CBiBDBDCaXcsjoVIwAAAMEA1L7X6TsSUzYCHG19HdNxaSX7vlyi2QAH\n" +
"uKxR28fSjyndoOIendYJXFcDjZZzCYn+oJ88WSpBM40mF5dkY2J0Raf3ZC4EeQ9plqjAVA\n" +
"k/n/yVtVt4V1Rm6U1mWgIX6gAbEj2FyGe6xM41C6yBEk1WF1V6LeggYtxfgaBFVyjkUllz\n" +
"bl6eyF7UnReb1ztqLVQGBp8Szgb08Tgm9pPmmLlN/nAWDfvV33iluMfsB+rNYiQekN5U4J\n" +
"8UjNRvpBespKfHAAAAJnBhc3lua292QEV2Z2VueXMtTUJQLmxhYnMuaW50ZWxsaWoubmV0\n" +
"AQIDBA==\n" +
"-----END OPENSSH PRIVATE KEY-----\n";
}
{code}
> Protocol violation when using async PublicKey auth
> --------------------------------------------------
>
> Key: SSHD-1291
> URL: https://issues.apache.org/jira/browse/SSHD-1291
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.9.0
> Reporter: Evgeny Pasynkov
> Priority: Major
>
> Hi.
> I've noticed that SSHD server violates RFC 4252 section 7
> (https://www.rfc-editor.org/rfc/rfc4252#section-7) when using asynchronous
> public key auth (which means throwing AsyncAuthException() from
> PublickeyAuthenticator implementation.
> Part of the client log when using sync approach
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key:xxxxxxx RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 60
> debug1: Server accepts key: xxxxxxxx RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: using publickey with RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: signing using rsa-sha2-512
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> when using "async" approach:
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key: xxxxxxxxxx RSA
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> Please note that mandatory packet SSH_MSG_USERAUTH_PK_OK is missing.
> Though standard client tolerates this difference (at least OpenSSH_9.0p1),
> not all of them do this. Jsch failed to establish session
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
