mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lyor Goldstein (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-1120) Taking considerable time before PublickeyAuthenticator being invoked
Date Thu, 21 Jan 2021 17:00:00 GMT

    [ https://issues.apache.org/jira/browse/SSHD-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17269439#comment-17269439

Lyor Goldstein commented on SSHD-1120:

{quote}if i use SSHPublicKeyAuthenticator it takes some time before it invokes the authenticate
How much is "some time" ? Hours, minutes, seconds ? How many ? Why is it "too much" ?
{quote}SSHDPasswordAuthenticator is pretty fast
Actually it all depends on the +order+ of the authentication methods that you or whoever is
using the client configure in the +client+. It depends which methods the client is trying
1st and how many times. If the client decides to use {{password}} or {{keyboard-interactive}}
first and only later {{publickey}} then the password authenticator will be called way before
the public key one. Furthermore, the client might decide to try several passwords or several
times before switching to public key. Each such attempt involves several packet exchanges
which take time. Furthermore, if the password authentication succeeds, the public key authenticator
is never called. In order for this to be an issue you have to make sure to capture the +exact+
authentication traffic from client and server and see what mechanism what used, +when+ was
it used, which side delayed the most and why.

It is very hard to provide any help for a "generic" claim of "too much time" if it is not
accompanied with hard numbers, logs, exact scenario description, etc. - for all we know the
client sleeps for 5 minutes between a password and a public key attempt, I can assure you
there are no delays in the server code other than ones either introduced by the client or
by your code....

> Taking considerable time before PublickeyAuthenticator being invoked
> --------------------------------------------------------------------
>                 Key: SSHD-1120
>                 URL: https://issues.apache.org/jira/browse/SSHD-1120
>             Project: MINA SSHD
>          Issue Type: Question
>            Reporter: Susmit Sarkar
>            Priority: Major
> {code:java}
> // code placeholder
> // Login via winscp
> final SSHDPasswordAuthenticator passwordAuthenticator = new SSHDPasswordAuthenticator(config,final
SSHDPasswordAuthenticator passwordAuthenticator = new SSHDPasswordAuthenticator(config, policyInterface);
> // Login via ssh terminal like PUTTY
> SSHDPublicKeyAuthenticator publicKeyAuthenticator = new SSHDPublicKeyAuthenticator(config,
policyInterface); sshdServer.setPublickeyAuthenticator(publicKeyAuthenticator); sshdServer.setPasswordAuthenticator(passwordAuthenticator);
> -------------------------------------------------------
> Case 1 // During winscp and filezilla
> public class SSHDPasswordAuthenticator extends UserAuthPassword implements PasswordAuthenticator
> public boolean authenticate(String username, String password, ServerSession session)public
boolean authenticate(String username, String password, ServerSession session) throws AsyncAuthException,
PasswordChangeRequiredException {
> }
> }
> -------------------------------------------------------
> Case 2 // During SSH TERMINAL like PUTTY
> public class SSHDPublicKeyAuthenticator implements PublickeyAuthenticator {
> public boolean authenticate(String username, PublicKey key, ServerSession session) throws
AsyncAuthException {public boolean authenticate(String username, PublicKey key, ServerSession
session) throws AsyncAuthException { 
> -------------------------------------------------------------------
> Case 2 is quite slow it gets stuck before the authenticate is being called.
> On debugging found that:
>     @Override
>     public void messageReceived(IoSession ioSession, Object message) throws Exception{
>         org.apache.sshd.common.io.IoSession session = getSession(ioSession);
>         Readable ioBuffer = MinaSupport.asReadable((IoBuffer) message);
>         handler.messageReceived(session, ioBuffer);
>     }
> is causing to delay/stuck state. Am i doing anything wrong ?{code}

This message was sent by Atlassian Jira

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org

View raw message