You should look for informations on keyboard-interactive authentication in
SSH.
I think that's exactly what you want. I suppose you'll need to implement
your own UserAuth implementation.
I think messages can be sent by the server using SSH_MSG_USERAUTH_BANNER
(for simply displaying a message) and SSH_MSG_USERAUTH_INFO_REQUEST
/ SSH_MSG_USERAUTH_INFO_RESPONSE for having the server requesting
information on the client side.
Note that the client side of sshd does not support that yet, but that part
could be included as it should be reusable (the server side might be less
reusable).
On Fri, Sep 7, 2012 at 2:48 PM, Khan, Farooq <farooq.k...@emc.com> wrote:
> Let me explain the problem a bit more.
>
> Within our MinaServer class we have the following code
>
> setPasswordAuthenticator(new PasswordAuthenticator() {
> public boolean authenticate(String username, String password,
> ServerSession session) {
>
> }
> }
>
> Our PasswordAuthenticator::authenticate() method further delegates the
> actually authentication task to a custom JAASLoginModule. We could have
> used the Mina provided JaasPasswordAuthenticator however we had our own
> class already written years ago so we decided to reuse that.
>
> There is one problem with all this approach the JAAS Framework depends on
> Callbacks which are used to prompt the user appropriately. However Mina SSH
> framework does all prompting in the background and simply provides you with
> a username and password. We then have to forward this to our JAAS Login
> Module.
>
> This works for most cases however sometimes our custom authentication
> system throws up a TextCallBack there is no way with Mina to achieve this.
> If you want to prompt the user to choose a "Domain Name" using a
> ChoiceCallback this is also not possible with Mina.
>
> Kanupriya was basically trying to use the ServerSession object within the
> authenticate method to send back a custom message to the user. A message
> that was being prompted by the TextCallBack
>
> In order to send this message she wrote a method similar to below
>
> private void sendMessage(ServerSession serverSession, SshConstants.Message
> cmd, String msg){
> Buffer buffer = serverSession.createBuffer(cmd, msg.length());
> buffer.putString(msg);
> log.info("Buffer created now");
> try {
> log.info("writing message now");
> WriteFuture writeFuture = serverSession.writePacket(buffer);
> log.info("message is written now waiting");
> writeFuture.awaitUninterruptibly(); // Wait until the message is
> completely written out to the O/S buffer.
> Thread.sleep(10000);
> log.info("waiting and sleeping done");
> } catch (Exception ioe) {
> ioe.printStackTrace();
> }
> }
>
> For the SshConstants.Message she tried the following:
> SshConstants.Message.SSH_MSG_DEBUG
> SshConstants.Message.SSH_MSG_USERAUTH_FAILURE
>
> But none of these reach the user.
>
> I think there is a workaround to this entire stuff but I was hoping we
> avoided that it would be quite a bit of coding to do that.
> 1. Somehow disable authentication the way it is expected.
> 2. Once the users session is established use the JAAS Login Module we
> have. We have full control on what to prompt the user with and how many
> prompts to do . We have a use case to inform user that the password will
> expire shortly would the user like to change it. Or if it's a first time
> login force the user to reset his password
> 3. On failure somehow send back a
> SshConstants.Message.SSH_MSG_USERAUTH_FAILURE
>
> Any better ideas?
>
> Thanks
> Farooq
>
> > -----Original Message-----
> > From: Kanupriya Dadariya [mailto:kanupriya.dadar...@gmail.com]
> > Sent: Thursday, September 06, 2012 7:56 PM
> > To: users@mina.apache.org
> > Subject: Re: how to display messages at client terminal
> >
> > Would like to know if there a proper way to communicate with the terminal
> > before the session actually starts.
> >
> >
> >
> > On Wed, Sep 5, 2012 at 7:47 PM, Kanupriya Dadariya <
> > kanupriya.dadar...@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > The requirement is not just display the message but also prompt for
> > > user input.
> > > For ex: If when the prompt to change the password comes from the
> > > Authentication service.
> > >
> > > I think , we should be using SSH_MSG_USERAUTH_FAILURE in this case.
> > >
> > > However, that doesn't help and I see the writeStatus as false without
> > > any exception.
> > >
> > >
> > > On Wed, Sep 5, 2012 at 12:50 PM, Kanupriya Dadariya <
> > > kanupriya.dadar...@gmail.com> wrote:
> > >
> > >> Thanks for the response . Will check with this.
> > >>
> > >>
> > >> On Tue, Sep 4, 2012 at 7:09 PM, Guillaume Nodet <gno...@gmail.com>
> > wrote:
> > >>
> > >>> There is the SSH_MSG_DEBUG message though which is logged by the
> > >>> client/server upon reception.
> > >>>
> > >>> On Fri, Aug 31, 2012 at 3:42 PM, Kanupriya Dadariya <
> > >>> kanupriya.dadar...@gmail.com> wrote:
> > >>>
> > >>> > Hi,
> > >>> >
> > >>> > I am using Apache Mina sshd . Do not have my own encoder/decoder.
> > >>> > Need
> > >>> to
> > >>> > display the message to client terminal during authentication .
> > >>> >
> > >>> > Probably making some obvious mistake , Can somebody please help
> > me
> > >>> > out
> > >>> ?
> > >>> >
> > >>> > Here is the code snippet : I get the writeStatus as false always
> > >>> > and
> > >>> don't
> > >>> > get the message displayed .
> > >>> >
> > >>> > =============================
> > >>> > IoBuffer buffer = IoBuffer.allocate(1024, true);
> > >>> > buffer.setAutoExpand(true);
> > >>> > try {
> > >>> > buffer.putString("small",
> > >>> > Charset.forName("UTF-8").newEncoder());
> > >>> >
> > >>> > } catch (CharacterCodingException e) {
> > >>> >
> > >>> > }
> > >>> >
> > >>> > WriteFuture future = ioSession.write(buffer,
> > >>> > ioSession.getRemoteAddress());
> > >>> > IoFutureListener iof = new MinaIOFutureListener();
> > >>> > future.addListener(iof);
> > >>> >
> > >>> > if(future.isWritten()){
> > >>> > writeStatus = true;
> > >>> > } else {
> > >>> > writeStatus = false;
> > >>> > }
> > >>> > future.removeListener(iof);
> > >>> > =================================
> > >>> > Appreciate any help .
> > >>> >
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> ------------------------
> > >>> Guillaume Nodet
> > >>> ------------------------
> > >>> Blog: http://gnodet.blogspot.com/
> > >>> ------------------------
> > >>> FuseSource, Integration everywhere
> > >>> http://fusesource.com
> > >>>
> > >>
> > >>
> > >
>
--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
FuseSource, Integration everywhere
http://fusesource.com
