[I] Not possible to enforce two different authentication methods on sshd server [mina-sshd]

Thu, 09 Jan 2025 08:00:48 -0800 


baiglin opened a new issue, #651:
URL: https://github.com/apache/mina-sshd/issues/651

   ### Version
   
   2.13.2
   
   ### Bug description
   
   Hi Thomas, 
   
   We encounter a problem today with one of our the sftp server that enforces 
two authentication methods on its side, both public key and password. 
   We use for our tests both mina for sftp client and sftp server (mock) in 
order to validate our different use cases, however I was not able to setup this 
in the server.
   
   ````java
       SshServer server;
   
     public void setUpPasswordAuthentication() {
       server.setPasswordAuthenticator(
           (username, password, session) -> (USER.equals(username) && 
PASSWORD.equals(password)));
     }
   
     public KeyPair setPublicKeyAuthent(KeyPair keyPair) {
       server.setPublickeyAuthenticator(
           new 
AuthorizedKeysAuthenticator(ClasspathResource.copyClasspathResourceToTargetFolder(keyPair.publicKey)));
       return keyPair;
     }
       
   ````
   
   And I setup my server with both... However the result is if one of the 
method works, I am authenticated, but not both, which makes sense of course, 
but I wonder how I can force both methods... 
   
   I am sorry to open a bug for that but think will be quick to answer. I 
managed to reproduce the case locally though setting up an openssh server with 
following sshd_config entries:
   
   # Authentication:
   
   
   AuthenticationMethods publickey,password
   PubkeyAuthentication yes
   PasswordAuthentication yes
   
   
   
   
   
   
   ### Actual behavior
   
   One method needs to work to connect
   
   ### Expected behavior
   
   Find a way to enforce several methods on server side
   
   ### Relevant log output
   
   _No response_
   
   ### Other information
   
   _No response_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to