[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0

[Tobias Gierke (Jira)]

    [ 
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17741548#comment-17741548
 ] 

Tobias Gierke edited comment on SSHD-1329 at 7/10/23 10:47 AM:
---------------------------------------------------------------

This now raises the question: Why is the 
org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider  field 
on 2.9.2 NULL (which is being handled correctly by 
resolveEffectiveKeyProvider() while it is set to the "EMPTY" provider on 2.10. 
(which is *not* being handled correctly by resolveEffectiveKeyProvider) ?


was (Author: tgierke2342):
This now raises the question: Why does is the 
org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider  field 
on 2.9.2 NULL (which is being handled correctly by 
resolveEffectiveKeyProvider() while it is set to the "EMPTY" provider on 2.10. 
(which is *not* being handled correctly by resolveEffectiveKeyProvider) ?

> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
> --------------------------------------------------------------------
>
>                 Key: SSHD-1329
>                 URL: https://issues.apache.org/jira/browse/SSHD-1329
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.10.0
>            Reporter: Tobias Gierke
>            Priority: Major
>         Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, 
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, 
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, 
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, 
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, 
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, 
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, 
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, 
> image-2023-07-10-12-43-11-445.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key 
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive, 
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE 
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] 
> - -----BEGIN RSA PRIVATE KEY----- [chunk #1](16/609) 
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23    0..].........:%#
> ..... {code}
> while on 2.10.0  the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientSessionImpl [] - 
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
>  process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
>  Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> starting authentication mechanisms: client=[publickey, keyboard-interactive, 
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
>  no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> closing 
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.password.UserAuthPassword [] - 
> resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
>  no more passwords to send
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
> initial request sent by method=password {code}
> I've attached a Maven project that contains an almost-self-contained unit 
> test that showcases the behaviour. For the test to work you'll need
>  - to have some SSH server up & running
>  - put the test's SSH public key (from src/test/resources/test_ssh_key.pub) 
> into an authorized_keys file on the server
>  - Adjust the test source code to use the right server name and user name (I 
> used root)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org