You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Evgeny Pasynkov (Jira)" <ji...@apache.org> on 2022/08/19 18:47:00 UTC
[jira] [Comment Edited] (SSHD-1291) Protocol violation when using async PublicKey auth
[ https://issues.apache.org/jira/browse/SSHD-1291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17581987#comment-17581987 ]
Evgeny Pasynkov edited comment on SSHD-1291 at 8/19/22 6:46 PM:
----------------------------------------------------------------
Thank you for initial investigations.
I use custom public key auth in my server implementation (which is set up via SshServer::setPublickeyAuthenticator method). My implementation calls another services to validate the SSH key, so the asynchronous approach looks quite natural there - to not to occupy threads while waiting answer from remote server. The same is why ChannelAsyncOutputStream/ChannelAsyncInputStream are preferred over blocking i/o
was (Author: xvost):
Thank you for initial investigations.
I use custom public key auth in my server implementation (which is set up via SshServer::setPublickeyAuthenticator method). My implementation calls another services to validate the SSH key, so the asynchronous approach looks quite natural there - to not to occupy threads while waiting answer from remote server. The same is why ChannelAsyncOutputStream/ChannelAsyncInputStream are preferred over sync i/o
> Protocol violation when using async PublicKey auth
> --------------------------------------------------
>
> Key: SSHD-1291
> URL: https://issues.apache.org/jira/browse/SSHD-1291
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.9.0
> Reporter: Evgeny Pasynkov
> Priority: Major
>
> Hi.
> I've noticed that SSHD server violates RFC 4252 section 7 (https://www.rfc-editor.org/rfc/rfc4252#section-7) when using asynchronous public key auth (which means throwing AsyncAuthException() from PublickeyAuthenticator implementation.
> Part of the client log when using sync approach
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key:xxxxxxx RSA SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 60
> debug1: Server accepts key: xxxxxxxx RSA SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: using publickey with RSA SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> when using "async" approach:
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key: xxxxxxxxxx RSA SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> Please note that mandatory packet SSH_MSG_USERAUTH_PK_OK is missing.
> Though standard client tolerates this difference (at least OpenSSH_9.0p1), not all of them do this. Jsch failed to establish session
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org