[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0

Tue, 20 Jun 2023 22:08:20 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17735530#comment-17735530
 ] 

Tobias Gierke commented on SSHD-1329:
-------------------------------------

Sorry, I probably didn't make myself very clear in the ticket description - the 
issues seems to be with the SSH key loading, *not* the actual 
connection/connection handshake.

- with 2.9.2 the SSH key is properly loaded and used to authenticate 
(successfully)
- with 2.10.0 the same SSH key is *not* loaded (but no error is shown in the 
logs) and thus unavailable for authentication

So for some reason, (on my machine) the same code that successfuly loads the 
SSH key and uses it works with 2.9.2 but fails to load/use the API key with 
2.10.0, which can be seen in those log lines I mentioned:
{code:java}
2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
attempting method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
 no more keys to send
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
initial request sent by method=publickey {code}

> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
> --------------------------------------------------------------------
>
>                 Key: SSHD-1329
>                 URL: https://issues.apache.org/jira/browse/SSHD-1329
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.10.0
>            Reporter: Tobias Gierke
>            Priority: Major
>         Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key 
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive, 
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE 
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] 
> - -----BEGIN RSA PRIVATE KEY----- [chunk #1](16/609) 
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23    0..].........:%#
> ..... {code}
> while on 2.10.0  the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientSessionImpl [] - 
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
>  process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
>  Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> starting authentication mechanisms: client=[publickey, keyboard-interactive, 
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
>  no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> closing 
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.password.UserAuthPassword [] - 
> resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
>  no more passwords to send
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
> initial request sent by method=password {code}
> I've attached a Maven project that contains an almost-self-contained unit 
> test that showcases the behaviour. For the test to work you'll need
>  - to have some SSH server up & running
>  - put the test's SSH public key (from src/test/resources/test_ssh_key.pub) 
> into an authorized_keys file on the server
>  - Adjust the test source code to use the right server name and user name (I 
> used root)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to