But if you attempt to try to log in from the linux sftp client, it will say enter the password for root@localhost by default without even prompting for a user name. This is the same behavior I am seeing with my implementation...
-----Original Message----- From: Guillaume Nodet [mailto:gno...@gmail.com] Sent: Thursday, December 13, 2012 2:19 PM To: users Subject: Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0? I'm not sure to understand. The default implementation is not secured and any login = password will work by default. On Thu, Dec 13, 2012 at 6:36 PM, Wright, Omari <omari.wri...@solers.com>wrote: > Whatever changed also effected running the standalone version from the > command line with stock configuration. It also shows the same behavior. > > -----Original Message----- > From: Guillaume Nodet [mailto:gno...@gmail.com] > Sent: Thursday, December 13, 2012 12:32 PM > To: users > Subject: Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0? > > Maybe this change ? > > > https://github.com/apache/mina-sshd/commit/3932a1275f3a48d5a304dcfb151 > a3ca3ce6050ed > > > On Thu, Dec 13, 2012 at 5:53 PM, Wright, Omari > <omari.wri...@solers.com > >wrote: > > > Configuration is as follows... > > > > ---------------- > > > > server = new SshServer(); > > // DHG14 uses 2048 bits key which are not supported by the > > default JCE provider > > if (SecurityUtils.isBouncyCastleRegistered()) { > > > > server.setKeyExchangeFactories(Arrays.<NamedFactory<KeyExchange>>asList( > > new DHG14.Factory(), > > new DHG1.Factory())); > > server.setRandomFactory(new SingletonRandomFactory(new > > BouncyCastleRandom.Factory())); > > } else { > > > > server.setKeyExchangeFactories(Arrays.<NamedFactory<KeyExchange>>asList( > > new DHG1.Factory())); > > server.setRandomFactory(new SingletonRandomFactory(new > > JceRandom.Factory())); > > } > > > > List<NamedFactory<Cipher>> avail = new > > LinkedList<NamedFactory<Cipher>>(); > > avail.add(new AES128CTR.Factory()); > > avail.add(new AES256CTR.Factory()); > > avail.add(new ARCFOUR128.Factory()); > > avail.add(new ARCFOUR256.Factory()); > > avail.add(new AES128CBC.Factory()); > > avail.add(new TripleDESCBC.Factory()); > > avail.add(new BlowfishCBC.Factory()); > > avail.add(new AES192CBC.Factory()); > > avail.add(new AES256CBC.Factory()); > > > > for (Iterator<NamedFactory<Cipher>> i = avail.iterator(); > > i.hasNext();) { > > final NamedFactory<Cipher> f = i.next(); > > try { > > final Cipher c = f.create(); > > final byte[] key = new byte[c.getBlockSize()]; > > final byte[] iv = new byte[c.getIVSize()]; > > c.init(Cipher.Mode.Encrypt, key, iv); > > } catch (InvalidKeyException e) { > > i.remove(); > > } catch (Exception e) { > > i.remove(); > > } > > } > > server.setCipherFactories(avail); > > > > // Compression is not enabled by default > > // > > sshd.setCompressionFactories(Arrays.<NamedFactory<Compression>>asList( > > // new CompressionNone.Factory(), > > // new CompressionZlib.Factory(), > > // new CompressionDelayedZlib.Factory())); > > > > server.setCompressionFactories(Arrays.<NamedFactory<Compression>>asList( > > new CompressionNone.Factory())); > > server.setMacFactories(Arrays.<NamedFactory<Mac>>asList( > > new HMACMD5.Factory(), > > new HMACSHA1.Factory(), > > new HMACMD596.Factory(), > > new HMACSHA196.Factory())); > > server.setChannelFactories(Arrays.<NamedFactory<Channel>>asList( > > new PdaChannelSession.Factory(), > > new ChannelDirectTcpip.Factory())); > > > > server.setSignatureFactories(Arrays.<NamedFactory<Signature>>asList( > > new SignatureDSA.Factory(), > > new SignatureRSA.Factory())); > > server.setFileSystemFactory(new PdaFileSystemFactory()); > > > > ForwardingAcceptorFactory faf = new > > DefaultForwardingAcceptorFactory(); > > server.setTcpipForwardNioSocketAcceptorFactory(faf); > > server.setX11ForwardNioSocketAcceptorFactory(faf); > > > > server.setPort(2222); > > > > if (SecurityUtils.isBouncyCastleRegistered()) { > > server.setKeyPairProvider(new > > PEMGeneratorHostKeyProvider("key.pem")); > > } else { > > server.setKeyPairProvider(new > > SimpleGeneratorHostKeyProvider("key.ser")); > > } > > if (OsUtils.isUNIX()) { > > server.setShellFactory(new ProcessShellFactory(new > > String[] { "/bin/sh", "-i", "-l" }, > > > > EnumSet.of(ProcessShellFactory.TtyOptions.ONlCr))); > > } else { > > server.setShellFactory(new ProcessShellFactory(new > > String[] { "cmd.exe "}, > > > > EnumSet.of(ProcessShellFactory.TtyOptions.Echo, > > ProcessShellFactory.TtyOptions.ICrNl, > > ProcessShellFactory.TtyOptions.ONlCr))); > > } > > > > > > server.setSubsystemFactories(Arrays.<NamedFactory<Command>>asList(new > > PdaSftpSubsystem.Factory())); > > > > server.setCommandFactory(new PdaScpCommandFactory()); > > > > server.setPasswordAuthenticator(new PasswordAuthenticator() { > > public boolean authenticate(String username, String > > password, ServerSession session) { > > PdaUserManager userManager = new PdaUserManager(); > > Authentication auth = new > > UsernamePasswordAuthentication(username,password); > > > > try { > > User user = > > userManager.authenticate(auth); > > if (user.getTokenId() != null) { > > TokenId tokenId = > > new TokenId(user.getTokenId()); > > > > session.setAttribute(TOKEN_ID, tokenId); > > return true; > > } > > } catch > > (AuthenticationFailedException > e) { > > logException(e, "authenticate"); > > } > > > > return false; > > } > > }); > > > > ------------------------- > > > > UserManager is a modified version of Apache FtpServer's properties > > user manager. > > > > -----Original Message----- > > From: Guillaume Nodet [mailto:gno...@gmail.com] > > Sent: Thursday, December 13, 2012 11:33 AM > > To: users > > Subject: Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0? > > > > COuld you give a bit more details on your set up and authentication > > process ? > > > > > > On Thu, Dec 13, 2012 at 4:55 PM, Wright, Omari > > <omari.wri...@solers.com > > >wrote: > > > > > When I ported my project over to Apache SSHD 0.8.0, my > > > implementation for authentication stopped working. Now a user is > > > automatically logged in as root when they attempt to connect to > > > the > server. > > > > > > > > > > > -- > > ------------------------ > > Guillaume Nodet > > ------------------------ > > Blog: http://gnodet.blogspot.com/ > > ------------------------ > > FuseSource, Integration everywhere > > http://fusesource.com > > > > > > -- > ------------------------ > Guillaume Nodet > ------------------------ > Blog: http://gnodet.blogspot.com/ > ------------------------ > FuseSource, Integration everywhere > http://fusesource.com > -- ------------------------ Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ FuseSource, Integration everywhere http://fusesource.com
