mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jochen Seliger (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-473) PasswordAuthentifikation
Date Wed, 03 Jun 2015 17:04:38 GMT

    [ https://issues.apache.org/jira/browse/SSHD-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14571320#comment-14571320
] 

Jochen Seliger commented on SSHD-473:
-------------------------------------

Hi Guillaume,
of course there are several logics to be authenticated to get connected to a
remote system (user cerdentials, we are talking about; key pairs; chipcards
etc.) and you suddenly has to use different progremm logic for the diifferent
logics.
But in case of PassworAuthentication-better to be named
credentials-Authentication) there are used the same variables in all these test
cases at the mentioned git-direcory.
As the PasswordAuthentication is an specific way of authentication, there should
be a specific code, to handle those requests.
An here obviusly is residing the failure.
Your (unrelyable possitive) tests) and my tests are showing the same picture: In
all cases when user and password are eaqual the connection will be
authenticated.
You have used the same variable of the testuser and have got in all these cases
poitive Authentifikation results from the logically buggy logic.
I've tested cases with positive and with negative results.
The summary is: All connections for freely defined users will be authenticated
 while the parameter for the session.addPassWordAuthentikator will get the same
value as used as user-parameter prior at client.connect():. If there will be a
difference between these two parameters, the authentication by an unknown logic
will faile.
There will have to be implemented correections at the server side authentication
logic for PasswordAuthentication.
In that case the user name and the password will  have to be validated. The
session should be authenticated only if the user name was found in the list of
authorized users and the provided password is matching this users password
within this list.
May be the MINA-SHH shall work as wrapper, where the external users could be
approved there and the real Sheell will be established with an generalized user.
This user will have to be approved by the OS user management.
At UNIX and LINUX-systems there is an configuration file for SHHD,holding the
authorized users. The existing of these users and the correctness of the
provided password are  validated against the user management.
I do not know what is the concept for authentication in MINA, but in any case
the user who will try  to connect to the remote system via the remote shell,
will have to be authenticated  against the servers OS user management (in case
of Password (credential) Authentikation.
 
Regards
 
Jochen


> PasswordAuthentifikation
> ------------------------
>
>                 Key: SSHD-473
>                 URL: https://issues.apache.org/jira/browse/SSHD-473
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.14.0
>         Environment: Windows 7, Java 8, Eclipse JUNO
>            Reporter: Jochen Seliger
>            Priority: Critical
>         Attachments: SSHDPasswordAuthenticator.java, SSH_SERVER.java
>
>
> I run the sshd and the ssh client both on the windos mashine.
> The sshd I start on port 8000 and with password authentificator ans an own atthenicator
class, which shall shoe a messagebox when envoced.
> The client I start aftercreating it as SshClient.setUpDefaultClient(); without stting
any factury with the statement ClientSession session = client.connect("Jochen","192.168.100.13",8000).await().getSession();
(Jochen is an existing user on the mashine).
> But till shellChannel I can proceed only when setting after session creation session.addPasswordIdentity("Jochen");
(it is tha same user as provided at session creation)
> There is no functionality to set the password.
> The method authPassword is depreciated.
> 1. My first question: How to proceed th use PasswordAuthentification?
> As stated I can proceesd til ssh-Shell, but the server is logging at a first run an autentification
failure and at a second run authentification success:
> Mai 22, 2015 12:14:21 PM org.apache.sshd.client.session.ClientSessionImpl readIdentification
> INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier
verifyServerKey
> WARNUNG: Server at /192.168.100.13:8000 presented unverified DSA key: e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35
> Mai 22, 2015 12:14:22 PM org.apache.sshd.common.session.AbstractSession doHandleMessage
> INFORMATION: Dequeing pending packets
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_FAILURE
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.auth.UserAuthKeyboardInteractive process
> INFORMATION: Received Password authentication  en-US
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_SUCCESS
> ShellChannell opened
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten.
> C:\Users\Jochen\workspace\USF_SSH_WS>
> allthoug I did not provide an password.
> 2. Why thes two runs are processed?
> 3. Why the first run fails and the second one succedes?
> 4. How to proceede to get a functioning password and keypair authentication?
> Regards
> Jochen Seliger



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message