Tobias Gierke created SSHD-1329: ----------------------------------- Summary: SSH Public key authentication works with 2.9.2 but fails with 2.10.0 Key: SSHD-1329 URL: https://issues.apache.org/jira/browse/SSHD-1329 Project: MINA SSHD Issue Type: Bug Affects Versions: 2.10.0 Reporter: Tobias Gierke Attachments: sshd-bug-test.tgz
After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key authentication stopped working. On 2.9.2 the handshake looks like this: {code:java} 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, methods=publickey,gssapi-keyex,gssapi-with-mic,password 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) starti ng authentication mechanisms: client=[publickey, keyboard-interactive, password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=publickey 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] - -----BEGIN RSA PRIVATE KEY----- [chunk #1](16/609) 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].........:%# ..... {code} while on 2.10.0 the key is not found/loaded: {code:java} 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientSessionImpl [] - doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) process #5 SSH_MSG_USERAUTH_FAILURE 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) Received SSH_MSG_USERAUTH_FAILURE - partial=false, methods=publickey,gssapi-keyex,gssapi-with-mic,password 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) starting authentication mechanisms: client=[publickey, keyboard-interactive, password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=publickey 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] no more keys to send 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no initial request sent by method=publickey 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) closing UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]] 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=password 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.password.UserAuthPassword [] - resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] no more passwords to send 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no initial request sent by method=password {code} I've created an almost-self-contained unit test that showcases the behaviour. For the test to work you'll need - to have some SSH server up & running - put the test's SSH public key (from src/test/resources/test_ssh_key.pub) into an authorized_keys file on the server - Adjust the test source code to use the right server name and user name (I used root) -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org