[jira] [Created] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
Tobias Gierke created SSHD-1329:
---
Summary: SSH Public key authentication works with 2.9.2 but fails
with 2.10.0
Key: SSHD-1329
URL: https://issues.apache.org/jira/browse/SSHD-1329
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 2.10.0
Reporter: Tobias Gierke
Attachments: sshd-bug-test.tgz
After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
authentication stopped working.
On 2.9.2 the handshake looks like this:
{code:java}
2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
methods=publickey,gssapi-keyex,gssapi-with-mic,password
2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) starti
ng authentication mechanisms: client=[publickey, keyboard-interactive,
password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
attempting method=publickey
2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] -
-BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
. {code}
while on 2.10.0 the key is not found/loaded:
{code:java}
2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientSessionImpl [] -
doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
process #5 SSH_MSG_USERAUTH_FAILURE
2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
Received SSH_MSG_USERAUTH_FAILURE - partial=false,
methods=publickey,gssapi-keyex,gssapi-with-mic,password
2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
starting authentication mechanisms: client=[publickey, keyboard-interactive,
password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
attempting method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
no more keys to send
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
initial request sent by method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
closing
UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
attempting method=password
2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.auth.password.UserAuthPassword [] -
resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
no more passwords to send
2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
initial request sent by method=password {code}
I've created an almost-self-contained unit test that showcases the behaviour.
For the test to work you'll need
- to have some SSH server up & running
- put the test's SSH public
[jira] [Updated] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tobias Gierke updated SSHD-1329:
Attachment: sshd-bug-test.tgz
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.password.UserAuthPassword [] -
> resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more passwords to send
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-ni
[jira] [Updated] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tobias Gierke updated SSHD-1329:
Description:
After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
authentication stopped working.
On 2.9.2 the handshake looks like this:
{code:java}
2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
methods=publickey,gssapi-keyex,gssapi-with-mic,password
2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) starti
ng authentication mechanisms: client=[publickey, keyboard-interactive,
password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
attempting method=publickey
2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] -
-BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
. {code}
while on 2.10.0 the key is not found/loaded:
{code:java}
2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientSessionImpl [] -
doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
process #5 SSH_MSG_USERAUTH_FAILURE
2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
Received SSH_MSG_USERAUTH_FAILURE - partial=false,
methods=publickey,gssapi-keyex,gssapi-with-mic,password
2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
starting authentication mechanisms: client=[publickey, keyboard-interactive,
password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
attempting method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
no more keys to send
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
initial request sent by method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
closing
UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
attempting method=password
2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.auth.password.UserAuthPassword [] -
resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
no more passwords to send
2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
initial request sent by method=password {code}
I've attached a Maven project that contains an almost-self-contained unit test
that showcases the behaviour. For the test to work you'll need
- to have some SSH server up & running
- put the test's SSH public key (from src/test/resources/test_ssh_key.pub)
into an authorized_keys file on the server
- Adjust the test source code to use the right server name and user name (I
used root)
was:
