You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Herr-Herner <wo...@gmx.de> on 2015/01/16 18:27:00 UTC
Authentication failed using instance:connect in Apache Karaf 3.0.2
Authentication failed using instance:connect in Apache Karaf 3.0.2
Can someone please help me and tell me why this call is no longer working in
Apache Karaf 3.0.2. I verified that it was working in version 3.0.1.
su - karaf -c " client -h localhost -a 8101 -u karaf -r 50 -d 2 \"
instance:connect -u karaf -p karaf test1 \\\" feature:repo-list \\\" \" "
Logging in as karaf
455 [sshd-SshClient[bea319b]-nio2-thread-1] WARN
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at
[localhost/127.0.0.1:8101, DSA,
b6:f6:d6:3f:8b:2f:ad:a4:0f:3f:3d:c3:7b:96:fd:ae] presented unverified {}
key: {}
Connecting to host localhost on port 8103
Connecting to unknown server. Automatically adding to known hosts.
Storing the server key in known_hosts.
Error executing command: Authentication failed
Is there any specific configuration required, that was not necessary in
3.0.1?
UPDATE #1:
I have added the verbose option... Does it give you any hints what to do?
client -v -h localhost -a 8101 -u karaf -r 50 -d 2 " instance:connect -u
karaf test1 \" feature:repo-list \" "
39 [main] INFO org.apache.sshd.common.util.SecurityUtils - BouncyCastle not
registered, using the default JCE provider
Logging in as karaf
367 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Client session created
380 [main] INFO org.apache.sshd.client.session.ClientSessionImpl - Start
flagging packets as pending until key exchange is done
383 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Server version string:
SSH-2.0-SSHD-CORE-0.12.0
384 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Kex: server->client
[aes128-ctr, hmac-sha1, none] {} {}
384 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Kex: client->server
[aes128-ctr, hmac-sha1, none] {} {}
444 [sshd-SshClient[bea319b]-nio2-thread-1] WARN
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at
[localhost/127.0.0.1:8101, DSA,
22:8b:f8:9d:bc:c6:40:d8:fe:52:aa:90:c0:f2:70:ec] presented unverified {}
key: {}
457 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientSessionImpl - Dequeing pending packets
524 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_FAILURE
568 [sshd-SshClient[bea319b]-nio2-thread-2] INFO
org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
SSH_MSG_USERAUTH_SUCCESS
Connecting to host localhost on port 8102
Error executing command: Authentication failed
UPDATE#2:
I have switched the logger to Debug... These exception seems to be the cause
of the problem:
2015-01-15 11:28:48,920 | DEBUG | 5]-nio2-thread-1 | ClientSessionImpl
| 28 - org.apache.sshd.core - 0.12.0 | Received SSH_MSG_SERVICE_ACCEPT
2015-01-15 11:28:48,920 | INFO | 5]-nio2-thread-1 |
ClientUserAuthServiceNew | 28 - org.apache.sshd.core - 0.12.0 |
Received SSH_MSG_USERAUTH_FAILURE
2015-01-15 11:28:48,920 | DEBUG | 5]-nio2-thread-1 |
ClientUserAuthServiceNew | 28 - org.apache.sshd.core - 0.12.0 |
Authentications that can continue: keyboard-interactive, password, publickey
2015-01-15 11:28:48,922 | DEBUG | 5]-nio2-thread-1 | Nio2Session
| 28 - org.apache.sshd.core - 0.12.0 | Caught exception, now calling handler
2015-01-15 11:28:48,922 | WARN | 5]-nio2-thread-1 | ClientSessionImpl
| 28 - org.apache.sshd.core - 0.12.0 | Exception caught
java.lang.IllegalStateException: No SSH_AUTH_SOCK environment variable set
at
org.apache.karaf.shell.ssh.KarafAgentFactory.createClient(KarafAgentFactory.java:71)
at
org.apache.sshd.client.auth.UserAuthPublicKey.init(UserAuthPublicKey.java:78)
at
org.apache.sshd.client.session.ClientUserAuthServiceNew.tryNext(ClientUserAuthServiceNew.java:212)
at
org.apache.sshd.client.session.ClientUserAuthServiceNew.processUserAuth(ClientUserAuthServiceNew.java:178)
at
org.apache.sshd.client.session.ClientUserAuthServiceNew.process(ClientUserAuthServiceNew.java:131)
at
org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:80)
at
org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:399)
at
org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)
at
org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256)
at
org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731)
at
org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)
at
org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native
Method)[:1.7.0_65]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_65]
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_65]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_65]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_65]
at
java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_65]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)[28:org.apache.sshd.core:0.12.0]
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native
Method)[:1.7.0_65]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_65]
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_65]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_65]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_65]
at
java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_65]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)[28:org.apache.sshd.core:0.12.0]
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native
Method)[:1.7.0_65]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_65]
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_65]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_65]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_65]
at
java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_65]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)[28:org.apache.sshd.core:0.12.0]
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native
Method)[:1.7.0_65]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_65]
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_65]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_65]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_65]
at
java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_65]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)[28:org.apache.sshd.core:0.12.0]
at
org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:53)[28:org.apache.sshd.core:0.12.0]
at
org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:46)[28:org.apache.sshd.core:0.12.0]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native
Method)[:1.7.0_65]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.7.0_65]
at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)[:1.7.0_65]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)[:1.7.0_65]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)[:1.7.0_65]
at java.lang.Thread.run(Thread.java:745)[:1.7.0_65]
--
View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Thanks for the update.
I gonna start the investigate in about 1 hour. I will try to reproduce
and create the corresponding Jira.
Regards
JB
On 01/20/2015 07:50 AM, Herr-Herner wrote:
> You don't have to apologize... I am happy that someone cares about my issue.
> I am afraid that (in the case that there are some bugs) they become part
> upcoming release 3.0.3.
>
> Maybe that helps you:
> I checked the code in the current 3.0.x branch. I found out that line 116 of
> SshAction is not called if the commands are combined:
> if (this.session.get(SshAgent.SSH_AUTHSOCKET_ENV_NAME) != null) {
> agentSocket =
> this.session.get(SshAgent.SSH_AUTHSOCKET_ENV_NAME).toString();
> client.getProperties().put(SshAgent.SSH_AUTHSOCKET_ENV_NAME,agentSocket);
> }
> The code part is nearly identical to 3.0.1. The only explanation is that the
> variable "SshAgent.SSH_AUTHSOCKET_ENV_NAME" of the Felix-CommandSession has
> not been set. Unfortunately, I am not sure if this is actually the source of
> the problem. I assumed that the variable was set by the client. That was the
> reason to check if the -k option together with an external key file causes
> the same issue.
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4037862.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
By the way, you said that you uncommented the key in etc/keys.properties
of the child instance, right ?
Regards
JB
On 02/01/2015 07:53 AM, Herr-Herner wrote:
> As I feared, this issue also appears in 3.0.3. I did some code injections,
> but I was unable to narrow down the problem. From my side, I would say that
> the CommandSession is not give the the value of the SSH_AUTH_SOCK
> environment variable, but I have no idea how to solve the problem.
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4038175.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Herr-Herner <wo...@gmx.de>.
Thanks!
Yes, the key is uncommented in the root as well as in the child instance. A
direct connect to the child instance using its ssh port is working but the
indirect way over the root via the single line command fails.
--
View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4038181.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
See my latest comment in:
https://issues.apache.org/jira/browse/KARAF-3492
Regards
JB
On 02/01/2015 07:53 AM, Herr-Herner wrote:
> As I feared, this issue also appears in 3.0.3. I did some code injections,
> but I was unable to narrow down the problem. From my side, I would say that
> the CommandSession is not give the the value of the SSH_AUTH_SOCK
> environment variable, but I have no idea how to solve the problem.
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4038175.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
By the way, I created a Jira to track it down:
https://issues.apache.org/jira/browse/KARAF-3492
Regards
JB
On 02/01/2015 07:53 AM, Herr-Herner wrote:
> As I feared, this issue also appears in 3.0.3. I did some code injections,
> but I was unable to narrow down the problem. From my side, I would say that
> the CommandSession is not give the the value of the SSH_AUTH_SOCK
> environment variable, but I have no idea how to solve the problem.
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4038175.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Herr,
I didn't fix it for 3.0.3: I already postponed the release for some
days, it's not possible to hold a release for non blocker issues.
I will fix this issue (I didn't reproduce the issue with the provided
key, maybe your "mykey" narrows an issue) for 3.0.4.
Regards
JB
On 02/01/2015 07:53 AM, Herr-Herner wrote:
> As I feared, this issue also appears in 3.0.3. I did some code injections,
> but I was unable to narrow down the problem. From my side, I would say that
> the CommandSession is not give the the value of the SSH_AUTH_SOCK
> environment variable, but I have no idea how to solve the problem.
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4038175.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Herr-Herner <wo...@gmx.de>.
As I feared, this issue also appears in 3.0.3. I did some code injections,
but I was unable to narrow down the problem. From my side, I would say that
the CommandSession is not give the the value of the SSH_AUTH_SOCK
environment variable, but I have no idea how to solve the problem.
--
View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4038175.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi,
I started to square the problem.
On the client side, we populate the certificate using:
try {
String user = (String) session.get("USER");
SshAgent agent = new AgentImpl();
URL url = bundleContext.getBundle().getResource("karaf.key");
InputStream is = url.openStream();
ObjectInputStream r = new ObjectInputStream(is);
KeyPair keyPair = (KeyPair) r.readObject();
agent.addIdentity(keyPair, "karaf");
String agentId = "local:" + user;
session.put(SshAgent.SSH_AUTHSOCKET_ENV_NAME, agentId);
locals.put(agentId, agent);
} catch (Throwable e) {
LOGGER.warn("Error starting ssh agent for local console", e);
}
So, you can see that we try to load a file karaf.key from the bundle
classloader.
This file is "embedded" in the Karaf client and the ssh client command.
In the client, we add the embedded key + the provided key (as argument):
SshAgent agent = new AgentImpl();
is = privateKeyUrl.openStream();
ObjectInputStream r = new ObjectInputStream(is);
KeyPair keyPair = (KeyPair) r.readObject();
is.close();
agent.addIdentity(keyPair, user);
if (keyFile != null) {
String[] keyFiles = new String[]{keyFile};
FileKeyPairProvider fileKeyPairProvider = new
FileKeyPairProvider(keyFiles);
for (KeyPair key : fileKeyPairProvider.loadKeys()) {
agent.addIdentity(key, user);
}
}
return agent;
So, I suspect some "conflict" or mismatch between the keys.
It's the behavior in Karaf 3.0.2, whereas 3.0.1 just loaded the
"embedded" key (it wasn't possible to provide an additional key).
I'm still digging. I keep you posted (tomorrow morning).
Regards
JB
On 01/20/2015 07:50 AM, Herr-Herner wrote:
> You don't have to apologize... I am happy that someone cares about my issue.
> I am afraid that (in the case that there are some bugs) they become part
> upcoming release 3.0.3.
>
> Maybe that helps you:
> I checked the code in the current 3.0.x branch. I found out that line 116 of
> SshAction is not called if the commands are combined:
> if (this.session.get(SshAgent.SSH_AUTHSOCKET_ENV_NAME) != null) {
> agentSocket =
> this.session.get(SshAgent.SSH_AUTHSOCKET_ENV_NAME).toString();
> client.getProperties().put(SshAgent.SSH_AUTHSOCKET_ENV_NAME,agentSocket);
> }
> The code part is nearly identical to 3.0.1. The only explanation is that the
> variable "SshAgent.SSH_AUTHSOCKET_ENV_NAME" of the Felix-CommandSession has
> not been set. Unfortunately, I am not sure if this is actually the source of
> the problem. I assumed that the variable was set by the client. That was the
> reason to check if the -k option together with an external key file causes
> the same issue.
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4037862.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Herr-Herner <wo...@gmx.de>.
You don't have to apologize... I am happy that someone cares about my issue.
I am afraid that (in the case that there are some bugs) they become part
upcoming release 3.0.3.
Maybe that helps you:
I checked the code in the current 3.0.x branch. I found out that line 116 of
SshAction is not called if the commands are combined:
if (this.session.get(SshAgent.SSH_AUTHSOCKET_ENV_NAME) != null) {
agentSocket =
this.session.get(SshAgent.SSH_AUTHSOCKET_ENV_NAME).toString();
client.getProperties().put(SshAgent.SSH_AUTHSOCKET_ENV_NAME,agentSocket);
}
The code part is nearly identical to 3.0.1. The only explanation is that the
variable "SshAgent.SSH_AUTHSOCKET_ENV_NAME" of the Felix-CommandSession has
not been set. Unfortunately, I am not sure if this is actually the source of
the problem. I assumed that the variable was set by the client. That was the
reason to check if the -k option together with an external key file causes
the same issue.
--
View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4037862.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi,
sorry I was on the Cellar releases today. I will tackle that tomorrow
morning.
Regards
JB
On 01/19/2015 08:47 PM, Herr-Herner wrote:
> Sorry, when I am a little bit impatient... Were you able to reproduce the two
> problems regarding "instance:connect" and the "-k [keyfile]" option on the
> client? Is there a configuration issue on my side or is there a problem in
> the current release?
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4037851.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Herr-Herner <wo...@gmx.de>.
Sorry, when I am a little bit impatient... Were you able to reproduce the two
problems regarding "instance:connect" and the "-k [keyfile]" option on the
client? Is there a configuration issue on my side or is there a problem in
the current release?
--
View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4037851.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
OK, let me try this.
Regards
JB
On 01/17/2015 11:28 AM, Herr-Herner wrote:
> Thanks. I had recognized this modification in 3.0.2. The default keys are
> already uncommented (even in the child instances), but it is still not
> working. Is there something more required? When I connect to child directly,
> everything is working. Could you check, if the single line command which I
> have posted is working in your case?
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4037814.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Herr-Herner <wo...@gmx.de>.
Thanks. I had recognized this modification in 3.0.2. The default keys are
already uncommented (even in the child instances), but it is still not
working. Is there something more required? When I connect to child directly,
everything is working. Could you check, if the single line command which I
have posted is working in your case?
--
View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803p4037814.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Authentication failed using instance:connect in Apache Karaf
3.0.2
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Yes, for security reason, we disabled the key authentication (as we
embed a default self signed key).
If you take a look in etc/keys.properties, you can see the key is
commented. Just comment out the key for karaf user (and the same in
child instances).
Regards
JB
On 01/16/2015 06:27 PM, Herr-Herner wrote:
> Authentication failed using instance:connect in Apache Karaf 3.0.2
>
> Can someone please help me and tell me why this call is no longer working in
> Apache Karaf 3.0.2. I verified that it was working in version 3.0.1.
>
> su - karaf -c " client -h localhost -a 8101 -u karaf -r 50 -d 2 \"
> instance:connect -u karaf -p karaf test1 \\\" feature:repo-list \\\" \" "
> Logging in as karaf
> 455 [sshd-SshClient[bea319b]-nio2-thread-1] WARN
> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at
> [localhost/127.0.0.1:8101, DSA,
> b6:f6:d6:3f:8b:2f:ad:a4:0f:3f:3d:c3:7b:96:fd:ae] presented unverified {}
> key: {}
> Connecting to host localhost on port 8103
> Connecting to unknown server. Automatically adding to known hosts.
> Storing the server key in known_hosts.
> Error executing command: Authentication failed
>
> Is there any specific configuration required, that was not necessary in
> 3.0.1?
>
> UPDATE #1:
> I have added the verbose option... Does it give you any hints what to do?
>
> client -v -h localhost -a 8101 -u karaf -r 50 -d 2 " instance:connect -u
> karaf test1 \" feature:repo-list \" "
> 39 [main] INFO org.apache.sshd.common.util.SecurityUtils - BouncyCastle not
> registered, using the default JCE provider
> Logging in as karaf
> 367 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
> org.apache.sshd.client.session.ClientSessionImpl - Client session created
> 380 [main] INFO org.apache.sshd.client.session.ClientSessionImpl - Start
> flagging packets as pending until key exchange is done
> 383 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
> org.apache.sshd.client.session.ClientSessionImpl - Server version string:
> SSH-2.0-SSHD-CORE-0.12.0
> 384 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
> org.apache.sshd.client.session.ClientSessionImpl - Kex: server->client
> [aes128-ctr, hmac-sha1, none] {} {}
> 384 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
> org.apache.sshd.client.session.ClientSessionImpl - Kex: client->server
> [aes128-ctr, hmac-sha1, none] {} {}
> 444 [sshd-SshClient[bea319b]-nio2-thread-1] WARN
> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at
> [localhost/127.0.0.1:8101, DSA,
> 22:8b:f8:9d:bc:c6:40:d8:fe:52:aa:90:c0:f2:70:ec] presented unverified {}
> key: {}
> 457 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
> org.apache.sshd.client.session.ClientSessionImpl - Dequeing pending packets
> 524 [sshd-SshClient[bea319b]-nio2-thread-1] INFO
> org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
> SSH_MSG_USERAUTH_FAILURE
> 568 [sshd-SshClient[bea319b]-nio2-thread-2] INFO
> org.apache.sshd.client.session.ClientUserAuthServiceNew - Received
> SSH_MSG_USERAUTH_SUCCESS
> Connecting to host localhost on port 8102
> Error executing command: Authentication failed
>
> UPDATE#2:
> I have switched the logger to Debug... These exception seems to be the cause
> of the problem:
>
> 2015-01-15 11:28:48,920 | DEBUG | 5]-nio2-thread-1 | ClientSessionImpl
> | 28 - org.apache.sshd.core - 0.12.0 | Received SSH_MSG_SERVICE_ACCEPT
> 2015-01-15 11:28:48,920 | INFO | 5]-nio2-thread-1 |
> ClientUserAuthServiceNew | 28 - org.apache.sshd.core - 0.12.0 |
> Received SSH_MSG_USERAUTH_FAILURE
> 2015-01-15 11:28:48,920 | DEBUG | 5]-nio2-thread-1 |
> ClientUserAuthServiceNew | 28 - org.apache.sshd.core - 0.12.0 |
> Authentications that can continue: keyboard-interactive, password, publickey
> 2015-01-15 11:28:48,922 | DEBUG | 5]-nio2-thread-1 | Nio2Session
> | 28 - org.apache.sshd.core - 0.12.0 | Caught exception, now calling handler
> 2015-01-15 11:28:48,922 | WARN | 5]-nio2-thread-1 | ClientSessionImpl
> | 28 - org.apache.sshd.core - 0.12.0 | Exception caught
> java.lang.IllegalStateException: No SSH_AUTH_SOCK environment variable set
> at
> org.apache.karaf.shell.ssh.KarafAgentFactory.createClient(KarafAgentFactory.java:71)
> at
> org.apache.sshd.client.auth.UserAuthPublicKey.init(UserAuthPublicKey.java:78)
> at
> org.apache.sshd.client.session.ClientUserAuthServiceNew.tryNext(ClientUserAuthServiceNew.java:212)
> at
> org.apache.sshd.client.session.ClientUserAuthServiceNew.processUserAuth(ClientUserAuthServiceNew.java:178)
> at
> org.apache.sshd.client.session.ClientUserAuthServiceNew.process(ClientUserAuthServiceNew.java:131)
> at
> org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:80)
> at
> org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:399)
> at
> org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)
> at
> org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256)
> at
> org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731)
> at
> org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)
> at
> org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
> at java.security.AccessController.doPrivileged(Native
> Method)[:1.7.0_65]
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
> at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_65]
> at
> sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_65]
> at
> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_65]
> at
> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_65]
> at
> java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_65]
> at
> org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)[28:org.apache.sshd.core:0.12.0]
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
> at java.security.AccessController.doPrivileged(Native
> Method)[:1.7.0_65]
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
> at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_65]
> at
> sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_65]
> at
> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_65]
> at
> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_65]
> at
> java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_65]
> at
> org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)[28:org.apache.sshd.core:0.12.0]
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
> at java.security.AccessController.doPrivileged(Native
> Method)[:1.7.0_65]
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
> at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_65]
> at
> sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_65]
> at
> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_65]
> at
> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_65]
> at
> java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_65]
> at
> org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)[28:org.apache.sshd.core:0.12.0]
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
> at
> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
> at java.security.AccessController.doPrivileged(Native
> Method)[:1.7.0_65]
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
> at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.7.0_65]
> at
> sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.7.0_65]
> at
> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)[:1.7.0_65]
> at
> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)[:1.7.0_65]
> at
> java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)[:1.7.0_65]
> at
> org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)[28:org.apache.sshd.core:0.12.0]
> at
> org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:53)[28:org.apache.sshd.core:0.12.0]
> at
> org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:46)[28:org.apache.sshd.core:0.12.0]
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
> at java.security.AccessController.doPrivileged(Native
> Method)[:1.7.0_65]
> at
> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[28:org.apache.sshd.core:0.12.0]
> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.7.0_65]
> at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.7.0_65]
> at
> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)[:1.7.0_65]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)[:1.7.0_65]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)[:1.7.0_65]
> at java.lang.Thread.run(Thread.java:745)[:1.7.0_65]
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Authentication-failed-using-instance-connect-in-Apache-Karaf-3-0-2-tp4037803.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com