cslgo commented on issue #436: URL: https://github.com/apache/mina-sshd/issues/436#issuecomment-1884053344
> @cslgo : yours is not the same problem as the original report. In the original report I don't see any proxy jump, but you are doing a proxy jump. > > Proxy jumps with password auth cannot work that way. The implementation in Apache MINA sshd has problems anyway (see #318), and I don't think it can work with password auth in this way at all. The point is that a proxy jump creates nested SSH sessions, but you get only access to the final, outermost session to connect to the target server. So any passwords you set on that session apply only to the final session connected to the target server. > > If you set the passwords on the SshClient, they are tried for any session, proxy and target. This _may_ work, but gives at least one failed log-in attempt at either the proxy or at the target before succeeding. > > If you set the passwords on the target session: the nested session for the proxy still has no password. Hence the connection fails. > > Proxy jumps work best if one uses publickey authentication configured via the HostConfigEntries. If you absolutely want to use passwords, try setting a `UserInteraction` on the `SshClient`. The `UserInteraction` has access to the `ClientSession` and can thus provide the appropriate password based on user name and session remote address, or it can prompt for the password. The explanation is very clear. I understood the problem through your explanation. Thank you very much! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
