mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jochen Seliger (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-473) PasswordAuthentifikation
Date Thu, 04 Jun 2015 07:35:38 GMT

    [ https://issues.apache.org/jira/browse/SSHD-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14572319#comment-14572319
] 

Jochen Seliger commented on SSHD-473:
-------------------------------------

Hi Lyor,
many thanks for your coments. I'll have a look at.
But anyway I may connect to he shell after been authenticated by some unknown
code, in any case, i use the same string as user and as password.
The accout I earn at the shell, is tis one who started the server,.
See below the logg. Even with user "bad_password" I'm athenticated as long as I
pass the same string to the addPasswordIdentity-method.

createSSHClient false entered
Jun 04, 2015 9:08:11 AM org.apache.sshd.common.util.SecurityUtils register
INFORMATION: BouncyCastle not registered, using the default JCE provider
after SSHClient creation + start
Jun 04, 2015 9:08:11 AM org.apache.sshd.client.session.ClientSessionImpl <init>
INFORMATION: Client session created
Jun 04, 2015 9:08:11 AM org.apache.sshd.common.session.AbstractSession
writePacket
INFORMATION: Start flagging packets as pending until key exchange is done
Jun 04, 2015 9:08:11 AM org.apache.sshd.client.session.ClientSessionImpl
readIdentification
INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0
ClientSesion established
Jun 04, 2015 9:08:12 AM
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier verifyServerKey
WARNUNG: Server at /127.0.0.1:8000 presented unverified DSA key:
e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35
Jun 04, 2015 9:08:12 AM org.apache.sshd.common.session.AbstractSession
doHandleMessage
INFORMATION: Dequeing pending packets
Jun 04, 2015 9:08:12 AM org.apache.sshd.client.session.ClientUserAuthServiceNew
processUserAuth
INFORMATION: Received SSH_MSG_USERAUTH_FAILURE
Jun 04, 2015 9:08:12 AM org.apache.sshd.client.auth.UserAuthKeyboardInteractive
process
INFORMATION: Received Password authentication  en-US
Jun 04, 2015 9:08:12 AM org.apache.sshd.client.session.ClientUserAuthServiceNew
processUserAuth
INFORMATION: Received SSH_MSG_USERAUTH_SUCCESS
ShellChannel established
ShellChannell opened
sh: no job control in this shell
bad_password@linux-0h68:/home/jochen/workspace/USF_SSH_WS> whoami
whoami
jochen
bad_password@linux-0h68:/home/jochen/workspace/USF_SSH_WS>
 
Beside the problems you have mentioned, there is not clear to me, what code does
athenticate me and how to force the server to run my SSHDPasswordAuthentikator.
Why the SSH_SEVER.Class is claiming a KeyPairAuthentikation, I can't see at the
moment. My class can be compiled without problems.
Due to the fact, that any (realy any)user may get a shell-session at the system,
where the MINA-SHHD was startetd,  at least the PasswordAuthentication procerure
s unaceptable for me until the reuired adaption will be implemented.
 
Hope for your help!!
 
Jochen 



> PasswordAuthentifikation
> ------------------------
>
>                 Key: SSHD-473
>                 URL: https://issues.apache.org/jira/browse/SSHD-473
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.14.0
>         Environment: Windows 7, Java 8, Eclipse JUNO
>            Reporter: Jochen Seliger
>            Priority: Critical
>         Attachments: SSHDPasswordAuthenticator.java, SSH_SERVER.java
>
>
> I run the sshd and the ssh client both on the windos mashine.
> The sshd I start on port 8000 and with password authentificator ans an own atthenicator
class, which shall shoe a messagebox when envoced.
> The client I start aftercreating it as SshClient.setUpDefaultClient(); without stting
any factury with the statement ClientSession session = client.connect("Jochen","192.168.100.13",8000).await().getSession();
(Jochen is an existing user on the mashine).
> But till shellChannel I can proceed only when setting after session creation session.addPasswordIdentity("Jochen");
(it is tha same user as provided at session creation)
> There is no functionality to set the password.
> The method authPassword is depreciated.
> 1. My first question: How to proceed th use PasswordAuthentification?
> As stated I can proceesd til ssh-Shell, but the server is logging at a first run an autentification
failure and at a second run authentification success:
> Mai 22, 2015 12:14:21 PM org.apache.sshd.client.session.ClientSessionImpl readIdentification
> INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier
verifyServerKey
> WARNUNG: Server at /192.168.100.13:8000 presented unverified DSA key: e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35
> Mai 22, 2015 12:14:22 PM org.apache.sshd.common.session.AbstractSession doHandleMessage
> INFORMATION: Dequeing pending packets
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_FAILURE
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.auth.UserAuthKeyboardInteractive process
> INFORMATION: Received Password authentication  en-US
> Mai 22, 2015 12:14:22 PM org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_SUCCESS
> ShellChannell opened
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten.
> C:\Users\Jochen\workspace\USF_SSH_WS>
> allthoug I did not provide an password.
> 2. Why thes two runs are processed?
> 3. Why the first run fails and the second one succedes?
> 4. How to proceede to get a functioning password and keypair authentication?
> Regards
> Jochen Seliger



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message