[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0

Mon, 10 Jul 2023 04:12:39 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17741560#comment-17741560
 ] 

Tobias Gierke edited comment on SSHD-1329 at 7/10/23 11:11 AM:
---------------------------------------------------------------

The SshClient#onConnectOperationComplete methods are different in 2.10.0 and 
2.9.2

What's more interesting is the fact that on 2.9.2 the "useDefaultEntities" is 
set to "true" while on 2.10.0 it is set to "false".

+2.10.0+

!image-2023-07-10-13-08-54-869.png!

 

+2.9.2+

 

!image-2023-07-10-13-06-17-767.png!

 

So now the question is: Why does "hostConfig.isIdentitiesOnly()" yield 
different values on 2.9.2 and 2.10.0 ?


was (Author: tgierke2342):
The SshClient#onConnectOperationComplete methods are different in 2.10.0 and 
2.9.2

What's more interesting is the fact that on 2.9.2 the "useDefaultEntities" is 
set to "true" while on 2.10.0 it is set to "false".

+2.10.0+

!image-2023-07-10-13-08-54-869.png!

 

+2.9.2+

 

!image-2023-07-10-13-06-17-767.png!

> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
> --------------------------------------------------------------------
>
>                 Key: SSHD-1329
>                 URL: https://issues.apache.org/jira/browse/SSHD-1329
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.10.0
>            Reporter: Tobias Gierke
>            Priority: Major
>         Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, 
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, 
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, 
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, 
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, 
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, 
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, 
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, 
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png, 
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png, 
> image-2023-07-10-13-08-54-869.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key 
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive, 
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE 
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] 
> - -----BEGIN RSA PRIVATE KEY----- [chunk #1](16/609) 
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23    0..].........:%#
> ..... {code}
> while on 2.10.0  the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientSessionImpl [] - 
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
>  process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
>  Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> starting authentication mechanisms: client=[publickey, keyboard-interactive, 
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
>  no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> closing 
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.password.UserAuthPassword [] - 
> resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
>  no more passwords to send
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
> initial request sent by method=password {code}
> I've attached a Maven project that contains an almost-self-contained unit 
> test that showcases the behaviour. For the test to work you'll need
>  - to have some SSH server up & running
>  - put the test's SSH public key (from src/test/resources/test_ssh_key.pub) 
> into an authorized_keys file on the server
>  - Adjust the test source code to use the right server name and user name (I 
> used root)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to