maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Osipov (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (WAGON-564) SSH connection failure because 'preferredAuthentications' option is ignored if password isn't set
Date Fri, 26 Jul 2019 20:27:00 GMT

     [ https://issues.apache.org/jira/browse/WAGON-564?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Osipov closed WAGON-564.
--------------------------------
    Resolution: Fixed

Fixed with [184cdad07a78cedcfdce68b6d8b05040593f4176|https://gitbox.apache.org/repos/asf?p=maven-wagon.git;a=commit;h=184cdad07a78cedcfdce68b6d8b05040593f4176].


> SSH connection failure because 'preferredAuthentications' option is ignored if password
isn't set
> -------------------------------------------------------------------------------------------------
>
>                 Key: WAGON-564
>                 URL: https://issues.apache.org/jira/browse/WAGON-564
>             Project: Maven Wagon
>          Issue Type: Bug
>          Components: wagon-ssh
>    Affects Versions: 3.3.3
>            Reporter: Lucian Burja
>            Assignee: Michael Osipov
>            Priority: Major
>             Fix For: 3.3.4
>
>
> I am trying to upload a file via SSH with private key authentication, using the {{wagon-maven-plugin}}
plugin. The Linux server that is also integrated with Kerberos (which I don't use).
> Although I provide a valid {{privateKey}}, and I set {{<preferredAuthentications>publickey</preferredAuthentications>,}}
the Kerberos authentication is always triggered.
> While investigating, I have found the following root cause:
> In settings.xml, for a {{<server>}} you can decide to use SSH key based authentication
instead of username/password:
> {code:java}
> <server>
>    <id>myserver</id>
>    <username>bamboo</username>
>    <privateKey>...path to the file...</privateKey>
>    <configuration>
>       <preferredAuthentications>publickey</preferredAuthentications>    
 
>    </configuration>
> </server>
> {code}
> According to the documentation, this authentication option only works if you omit the
{{password}} element, otherwise {{privateKey}} is ignored.
> However, if {{password}} is omitted, then {{preferredAuthentications}} is ignored, as
can be seen in {{AbstractJschWagon.java :: openConnectionInternal  (line 254)}}
> {code:java}
> if ( authenticationInfo.getPassword() != null )
> {
>     config.setProperty( "PreferredAuthentications", preferredAuthentications );
> }
> {code}
>  
> Thus, in practice, if you use {{privateKey}} based authentication, you cannot control
the {{PreferredAuthentications}} parameter, and the default value is used: {{gssapi-with-mic,publickey,password,keyboard-interactive}}.
This triggers Kerberos based authentication as the first option.
> A simple patch to solve this issue is to add to the lines above an else branch, like
this:
> {code:java}
>         if ( authenticationInfo.getPassword() != null )
>         {
>             config.setProperty( "PreferredAuthentications", preferredAuthentications
);
>         }
>         else if ( !"gssapi-with-mic,publickey,password,keyboard-interactive".equals(
preferredAuthentications ) )
>         {
>             // if different then the default, always set
>             config.setProperty( "PreferredAuthentications", preferredAuthentications
);
>         }
> {code}
>  or to remove the the surrounding if-statement all-together 



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message