You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Tobias Gierke (Jira)" <ji...@apache.org> on 2023/06/21 05:06:00 UTC
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17735530#comment-17735530 ]
Tobias Gierke edited comment on SSHD-1329 at 6/21/23 5:05 AM:
--------------------------------------------------------------
Sorry, I probably didn't make myself very clear in the ticket description - the issue seems to be with the SSH key loading, *not* the actual connection/connection handshake.
- with 2.9.2 the SSH key is properly loaded and used to authenticate (successfully)
- with 2.10.0 the same SSH key is *not* loaded (but no error is shown in the logs) and thus unavailable for authentication
So for some reason, (on my machine) the same code that successfuly loads the SSH key and uses it works with 2.9.2 but fails to load/use the API key with 2.10.0, which can be seen in those log lines I mentioned:
{code:java}
2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - resolveAttemptedPublicKeyIdentity(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] no more keys to send
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) no initial request sent by method=publickey {code}
was (Author: tgierke2342):
Sorry, I probably didn't make myself very clear in the ticket description - the issues seems to be with the SSH key loading, *not* the actual connection/connection handshake.
- with 2.9.2 the SSH key is properly loaded and used to authenticate (successfully)
- with 2.10.0 the same SSH key is *not* loaded (but no error is shown in the logs) and thus unavailable for authentication
So for some reason, (on my machine) the same code that successfuly loads the SSH key and uses it works with 2.9.2 but fails to load/use the API key with 2.10.0, which can be seen in those log lines I mentioned:
{code:java}
2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - resolveAttemptedPublicKeyIdentity(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] no more keys to send
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) no initial request sent by method=publickey {code}
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
> --------------------------------------------------------------------
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.10.0
> Reporter: Tobias Gierke
> Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - processUserAuth(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive, password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] - -----BEGIN RSA PRIVATE KEY----- [chunk #1](16/609) 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].........:%#
> ..... {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientSessionImpl [] - doHandleMessage(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - processUserAuth(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) Received SSH_MSG_USERAUTH_FAILURE - partial=false, methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) starting authentication mechanisms: client=[publickey, keyboard-interactive, password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - resolveAttemptedPublicKeyIdentity(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) no initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - releaseKeys(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) closing UserAuthPublicKeyIterator[ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - destroy(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.password.UserAuthPassword [] - resolveAttemptedPassword(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] no more passwords to send
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[root@vmtobilocal.fritz.box/192.168.188.250:22]) no initial request sent by method=password {code}
> I've attached a Maven project that contains an almost-self-contained unit test that showcases the behaviour. For the test to work you'll need
> - to have some SSH server up & running
> - put the test's SSH public key (from src/test/resources/test_ssh_key.pub) into an authorized_keys file on the server
> - Adjust the test source code to use the right server name and user name (I used root)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org