mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jochen Seliger (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-473) PasswordAuthentifikation
Date Wed, 03 Jun 2015 09:56:50 GMT

    [ https://issues.apache.org/jira/browse/SSHD-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14570565#comment-14570565
] 

Jochen Seliger commented on SSHD-473:
-------------------------------------

Hi Guillaume,
Please find attached to this mail a word documet with the code of my
createSSHDClient-method.
The session, created with the IP adresse 127.0.0.1. That means, you will have to
use a local user at the system to connect you start the server .
 
Here my unit test informations:
OS used: SLES12-Linux
Java-Version: 1.7.0.65
used libraries: I've send you allready
Local User, used tor connection tests: "jochen", password not "jochen"
 
Test parameters and corresponding authentification results:
1. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "jochen"
Password at session.addPasswordIdentity() = "jochenx" -> authenftification
failed. That could be correct, if the OS usermanagement was consulted, because
the real password is different
 
2. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "jochen"
The session logg reports that Jochen@linux-oh68 was authenticated.
Password at session.addPasswordIdentity() = "jochen" -> authenftification
succeedes. That is incorrect in different ways. My SSHDPasswordAuthenticator
should prevent any authentication. Even if the OS user management is consulted,
the result is false  too, because the user "jochen" has a different password at
the user management.
 
3. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "Jochen"
Password at session.addPasswordIdentity() = "jochenx" -> authenftification
failed. This seems to be correct, beause a) the SSHDPasswordAuthenticator should
preven any authentication. b) the OS user management does not contai an user
"Jochen"
 
4. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = Jjochen"
The session logg reports that Jochen@linux-oh68 was authenticated.
Password at session.addPasswordIdentity() = "Jochen" -> authenftification
succeedes. That is incorrect in different ways. My SSHDPasswordAuthenticator
should prevent any authentication. Even if the OS user management is consulted,
the result should be false  too, because the user "Jochen" doe not exist.
 
5. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "Jochenx"
Password at session.addPasswordIdentity() = "Jochen" -> authenftification
failed. This seems to be correct, beause a) the SSHDPasswordAuthenticator should
preven any authentication. b) the OS user management does not contai an user
"Jochen"
 
6. Test
The customer SSHDPasswordAuthenticator is permanetly returning 'false`
User (at session.connect() = "Jochenx"
Password at session.addPasswordIdentity() = "Jochenx -> authenftification
succeedes. This definitly wrong!!!!
 
Please have a look at these parametzers and corresponding results carefully. On
my oppinion they definitly describe errors at PasswordAuthentication.
 
 
Jochen



> PasswordAuthentifikation
> ------------------------
>
>                 Key: SSHD-473
>                 URL: https://issues.apache.org/jira/browse/SSHD-473
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.14.0
>         Environment: Windows 7, Java 8, Eclipse JUNO
>            Reporter: Jochen Seliger
>            Priority: Critical
>         Attachments: SSHDPasswordAuthenticator.java, SSH_SERVER.java
>
>
> I run the sshd and the ssh client both on the windos mashine.
> The sshd I start on port 8000 and with password authentificator ans an own atthenicator
class, which shall shoe a messagebox when envoced.
> The client I start aftercreating it as SshClient.setUpDefaultClient(); without stting
any factury with the statement ClientSession session = client.connect("Jochen","192.168.100.13",8000).await().getSession();
(Jochen is an existing user on the mashine).
> But till shellChannel I can proceed only when setting after session creation session.addPasswordIdentity("Jochen");
(it is tha same user as provided at session creation)
> There is no functionality to set the password.
> The method authPassword is depreciated.
> 1. My first question: How to proceed th use PasswordAuthentification?
> As stated I can proceesd til ssh-Shell, but the server is logging at a first run an autentification
failure and at a second run authentification success:
> Mai 22, 2015 12:14:21 PM org.apache.sshd.client.session.ClientSessionImpl readIdentification
> INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier
verifyServerKey
> WARNUNG: Server at /192.168.100.13:8000 presented unverified DSA key: e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35
> Mai 22, 2015 12:14:22 PM org.apache.sshd.common.session.AbstractSession doHandleMessage
> INFORMATION: Dequeing pending packets
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_FAILURE
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.auth.UserAuthKeyboardInteractive process
> INFORMATION: Received Password authentication  en-US
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_SUCCESS
> ShellChannell opened
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten.
> C:\Users\Jochen\workspace\USF_SSH_WS>
> allthoug I did not provide an password.
> 2. Why thes two runs are processed?
> 3. Why the first run fails and the second one succedes?
> 4. How to proceede to get a functioning password and keypair authentication?
> Regards
> Jochen Seliger



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message