mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jochen Seliger (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-473) PasswordAuthentifikation
Date Wed, 03 Jun 2015 17:04:38 GMT

    [ https://issues.apache.org/jira/browse/SSHD-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14571320#comment-14571320

Jochen Seliger commented on SSHD-473:

Hi Guillaume,
of course there are several logics to be authenticated to get connected to a
remote system (user cerdentials, we are talking about; key pairs; chipcards
etc.) and you suddenly has to use different progremm logic for the diifferent
But in case of PassworAuthentication-better to be named
credentials-Authentication) there are used the same variables in all these test
cases at the mentioned git-direcory.
As the PasswordAuthentication is an specific way of authentication, there should
be a specific code, to handle those requests.
An here obviusly is residing the failure.
Your (unrelyable possitive) tests) and my tests are showing the same picture: In
all cases when user and password are eaqual the connection will be
You have used the same variable of the testuser and have got in all these cases
poitive Authentifikation results from the logically buggy logic.
I've tested cases with positive and with negative results.
The summary is: All connections for freely defined users will be authenticated
 while the parameter for the session.addPassWordAuthentikator will get the same
value as used as user-parameter prior at client.connect():. If there will be a
difference between these two parameters, the authentication by an unknown logic
will faile.
There will have to be implemented correections at the server side authentication
logic for PasswordAuthentication.
In that case the user name and the password will  have to be validated. The
session should be authenticated only if the user name was found in the list of
authorized users and the provided password is matching this users password
within this list.
May be the MINA-SHH shall work as wrapper, where the external users could be
approved there and the real Sheell will be established with an generalized user.
This user will have to be approved by the OS user management.
At UNIX and LINUX-systems there is an configuration file for SHHD,holding the
authorized users. The existing of these users and the correctness of the
provided password are  validated against the user management.
I do not know what is the concept for authentication in MINA, but in any case
the user who will try  to connect to the remote system via the remote shell,
will have to be authenticated  against the servers OS user management (in case
of Password (credential) Authentikation.

> PasswordAuthentifikation
> ------------------------
>                 Key: SSHD-473
>                 URL: https://issues.apache.org/jira/browse/SSHD-473
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.14.0
>         Environment: Windows 7, Java 8, Eclipse JUNO
>            Reporter: Jochen Seliger
>            Priority: Critical
>         Attachments: SSHDPasswordAuthenticator.java, SSH_SERVER.java
> I run the sshd and the ssh client both on the windos mashine.
> The sshd I start on port 8000 and with password authentificator ans an own atthenicator
class, which shall shoe a messagebox when envoced.
> The client I start aftercreating it as SshClient.setUpDefaultClient(); without stting
any factury with the statement ClientSession session = client.connect("Jochen","",8000).await().getSession();
(Jochen is an existing user on the mashine).
> But till shellChannel I can proceed only when setting after session creation session.addPasswordIdentity("Jochen");
(it is tha same user as provided at session creation)
> There is no functionality to set the password.
> The method authPassword is depreciated.
> 1. My first question: How to proceed th use PasswordAuthentification?
> As stated I can proceesd til ssh-Shell, but the server is logging at a first run an autentification
failure and at a second run authentification success:
> Mai 22, 2015 12:14:21 PM org.apache.sshd.client.session.ClientSessionImpl readIdentification
> INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier
> WARNUNG: Server at / presented unverified DSA key: e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35
> Mai 22, 2015 12:14:22 PM org.apache.sshd.common.session.AbstractSession doHandleMessage
> INFORMATION: Dequeing pending packets
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.auth.UserAuthKeyboardInteractive process
> INFORMATION: Received Password authentication  en-US
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> ShellChannell opened
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten.
> C:\Users\Jochen\workspace\USF_SSH_WS>
> allthoug I did not provide an password.
> 2. Why thes two runs are processed?
> 3. Why the first run fails and the second one succedes?
> 4. How to proceede to get a functioning password and keypair authentication?
> Regards
> Jochen Seliger

This message was sent by Atlassian JIRA

View raw message