[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741592#comment-17741592 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 1:17 PM: -- Ok, having now read through [https://github.com/apache/mina-sshd/issues/281] and [https://github.com/apache/mina-sshd/pull/353] I probably need to re-phrase my last comment: As I guess there is no "correct" way to skin this cat as processing order of ~/.ssh/config entries does not seem to be very well defined in any case - how do I initialiize my SSH client in 2.10.0 so that it completely (or as much as possible) *ignores* ~/.ssh/config , basically pretending the file does not exist ? I do not want my programmatically configured SSH client to be dependent on configuration that is specific to the host it is running on. was (Author: tgierke2342): Ok, having now read through [https://github.com/apache/mina-sshd/issues/281] and [https://github.com/apache/mina-sshd/pull/353] I probably need to re-phrase my last comment: As I guess there is no "correct" way to skin this cat as processing order of ~/.ssh/config entries does not seem to be very well defined in any case - how do I initialiize my SSH client in 2.10.0 so that it completely (or as much as possible) *ignores* ~/.ssh/config , basically pretending the file does not exist ? I do not want my programatically configured SSH client to be dependent on configuration that is specific to the host it is running on. > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, > image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, > image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png, > image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png, > image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png, > image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png, > image-2023-07-10-13-55-03-270.png, sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741585#comment-17741585 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 12:15 PM: --- Putting a field breakpoint on the HostConfigEntry#exclusiveIdentities field shows that in 2.10.0, the field value on the specific host entry ("vmtobi.fritzbox.local") is getting assigned from the wildcard ("*") host configuration which I think is correct. !image-2023-07-10-13-55-03-270.png! On 2.9.2 there is no HostConfigEntry#collate() method at all. was (Author: tgierke2342): Putting a field breakpoint on the HostConfigEntry#exclusiveIdentities field shows that in 2.10.0, the field value on the specific host entry ("vmtobi.fritzbox.local") is getting assigned from the wildcard ("*") host configuration which I think is correct. !image-2023-07-10-13-55-03-270.png! On 2.9.2 there is no HostConfigEntry#collate() method at all. This lead me to [https://github.com/apache/mina-sshd/commit/c11bfccaa39d5c89c3f3059f976dd1e4d0947cb6] which seems to have introduced this difference in behavior. Whether it was a concious decision to keep the old (IMHO buggy) behavior of 2.9.2 and change 2.10.0 only I do not know but the "Host *" setting not being applied looks like a bug in 2.9.2 to me. > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, > image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, > image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png, > image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png, > image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png, > image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png, > image-2023-07-10-13-55-03-270.png, sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741567#comment-17741567 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 11:20 AM: --- HostConfigEntry#isIdentitiesOnly(): +2.9.2+ !image-2023-07-10-13-16-35-068.png! +2.10.0+ !image-2023-07-10-13-19-06-606.png! So... on 2.10.0 , the org.apache.sshd.client.config.hosts.HostConfigEntry#exclusiveIdentites field is set to "true" while on 2.9.2 it is set to "false". was (Author: tgierke2342): HostConfigEntry#isIdentitiesOnly(): +2.9.2+ !image-2023-07-10-13-16-35-068.png! +2.10.0+ !image-2023-07-10-13-19-06-606.png! > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, > image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, > image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png, > image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png, > image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png, > image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png, > sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] > no more keys
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741560#comment-17741560 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 11:11 AM: --- The SshClient#onConnectOperationComplete methods are different in 2.10.0 and 2.9.2 What's more interesting is the fact that on 2.9.2 the "useDefaultEntities" is set to "true" while on 2.10.0 it is set to "false". +2.10.0+ !image-2023-07-10-13-08-54-869.png! +2.9.2+ !image-2023-07-10-13-06-17-767.png! So now the question is: Why does "hostConfig.isIdentitiesOnly()" yield different values on 2.9.2 and 2.10.0 ? was (Author: tgierke2342): The SshClient#onConnectOperationComplete methods are different in 2.10.0 and 2.9.2 What's more interesting is the fact that on 2.9.2 the "useDefaultEntities" is set to "true" while on 2.10.0 it is set to "false". +2.10.0+ !image-2023-07-10-13-08-54-869.png! +2.9.2+ !image-2023-07-10-13-06-17-767.png! > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, > image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, > image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png, > image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png, > image-2023-07-10-13-08-54-869.png, sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741551#comment-17741551 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 11:04 AM: --- +2.9.2+ The org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider field is never assigned so stays at its initial value which is NULL. +2.10.0+ The field value is set to the "EMPTY" provider by org.apache.sshd.client.SshClient#onConnectOperationComplete !image-2023-07-10-12-53-51-624.png! which gets called by !image-2023-07-10-13-04-05-241.png! was (Author: tgierke2342): +2.9.2+ The org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider field is never assigned so stays at its initial value which is NULL. +2.10.0+ The field value is set to the "EMPTY" provider by org.apache.sshd.client.SshClient#onConnectOperationComplete !image-2023-07-10-12-53-51-624.png! > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, > image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, > image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png, > image-2023-07-10-13-04-05-241.png, sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741548#comment-17741548 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 10:48 AM: --- This now raises the question: Why is the org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider field on 2.9.2 NULL (which is being handled correctly by resolveEffectiveKeyProvider() while it is set to the "EMPTY" provider on 2.10.0 (which is *not* being handled correctly by resolveEffectiveKeyProvider) ? was (Author: tgierke2342): This now raises the question: Why is the org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider field on 2.9.2 NULL (which is being handled correctly by resolveEffectiveKeyProvider() while it is set to the "EMPTY" provider on 2.10. (which is *not* being handled correctly by resolveEffectiveKeyProvider) ? > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, > image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, > image-2023-07-10-12-43-11-445.png, sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] > no more keys to send >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741548#comment-17741548 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 10:47 AM: --- This now raises the question: Why is the org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider field on 2.9.2 NULL (which is being handled correctly by resolveEffectiveKeyProvider() while it is set to the "EMPTY" provider on 2.10. (which is *not* being handled correctly by resolveEffectiveKeyProvider) ? was (Author: tgierke2342): This now raises the question: Why does is the org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider field on 2.9.2 NULL (which is being handled correctly by resolveEffectiveKeyProvider() while it is set to the "EMPTY" provider on 2.10. (which is *not* being handled correctly by resolveEffectiveKeyProvider) ? > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, > image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, > image-2023-07-10-12-43-11-445.png, sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] > no more keys to send >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741544#comment-17741544 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 10:45 AM: --- This question leads to org.apache.sshd.client.session.AbstractClientSession#getKeyIdentityProvider +2.10.0+ getKeyIdentityProvider() is being called with "keyIdentityProvider" being the "EMPTY" provider !image-2023-07-10-12-39-26-768.png! and since resolveEffectiveProvider is just a checking for NULL but not the "EMPTY" provider, it returns the "EMPTY" provider. !image-2023-07-10-12-40-44-093.png! +2.9.2+ When getKeyIdentityProvider() is being called, the "keyIdentityProvider" field is set to NULL (not the "EMPTY" provider as in 2.10.0) so resolveEffectiveProvider() returns the "inherited" argument which happens to be the org.apache.sshd.common.keyprovider.FileKeyPairProvider that's gone missing in 2.10.0 !image-2023-07-10-12-43-11-445.png! was (Author: tgierke2342): This question leads to org.apache.sshd.client.session.AbstractClientSession#getKeyIdentityProvider 2.10.0 getKeyIdentityProvider() is being called with "keyIdentityProvider" being the "EMPTY" provider !image-2023-07-10-12-39-26-768.png! and since resolveEffectiveProvider is just a checking for NULL but not the "EMPTY" provider, it returns the "EMPTY" provider. !image-2023-07-10-12-40-44-093.png! 2.9.2 When getKeyIdentityProvider() is being called, the "keyIdentityProvider" field is set to NULL (not the "EMPTY" provider as in 2.10.0) so resolveEffectiveProvider() returns the "inherited" argument which happens to be the org.apache.sshd.common.keyprovider.FileKeyPairProvider that's gone missing in 2.10.0 !image-2023-07-10-12-43-11-445.png! > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png, > image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png, > image-2023-07-10-12-43-11-445.png, sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741536#comment-17741536 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 10:34 AM: --- 2.9.2 Call stack of *first* invocation of KeyIdentityProvider#resolveKeyIdentityProvider is this: !image-2023-07-10-12-25-51-220.png! Call stack of *second* invocation of KeyIdentityProvider#resolveKeyIdentityProvider() is this: !image-2023-07-10-12-24-22-392.png! 2.10.0 Call stack of only KeyIdentityProvider#resolveKeyIdentityProvider() is this: !image-2023-07-10-12-28-40-339.png! So while on 2.9.2 the second resolveIdentityProvider() call (triggered by the messageReceived() method) does have a non-empty KeyIdentityProvider, 2.10.0 only calls resolveIdentityProvider() once (also from messageReceived()) but in this case the KeyIdentityProvider is still empty. So the question is: Why does org.apache.sshd.client.session.ClientSession#getKeyIdentityProvider return an empty provider on 2.10.0 but not on 2.9.2 ? was (Author: tgierke2342): 2.9.2 Call stack of *first* invocation of KeyIdentityProvider#resolveKeyIdentityProvider is this: !image-2023-07-10-12-25-51-220.png! Call stack of *second* invocation of KeyIdentityProvider#resolveKeyIdentityProvider() is this: !image-2023-07-10-12-24-22-392.png! 2.10.0 Call stack of only KeyIdentityProvider#resolveKeyIdentityProvider() is this: !image-2023-07-10-12-28-40-339.png! So while on 2.9.2 the second resolveIdentityProvider() call (triggered by the messageReceived() method) does have a non-empty KeyIdentityProvider, 2.10.0 only calls resolveIdentityProvider() once (also from messageReceived()) but in this case the KeyIdentityProvider is still empty. So the question is now: Why does org.apache.sshd.client.session.ClientSession#getKeyIdentityProvider return an empty provider on 2.10.0 but not on 2.9.2 ? > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741536#comment-17741536 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 10:33 AM: --- 2.9.2 Call stack of *first* invocation of KeyIdentityProvider#resolveKeyIdentityProvider is this: !image-2023-07-10-12-25-51-220.png! Call stack of *second* invocation of KeyIdentityProvider#resolveKeyIdentityProvider() is this: !image-2023-07-10-12-24-22-392.png! 2.10.0 Call stack of only KeyIdentityProvider#resolveKeyIdentityProvider() is this: !image-2023-07-10-12-28-40-339.png! So while on 2.9.2 the second resolveIdentityProvider() call (triggered by the messageReceived() method) does have a non-empty KeyIdentityProvider, 2.10.0 only calls resolveIdentityProvider() once (also from messageReceived()) but in this case the KeyIdentityProvider is still empty. So the question is now: Why does org.apache.sshd.client.session.ClientSession#getKeyIdentityProvider return an empty provider on 2.10.0 but not on 2.9.2 ? was (Author: tgierke2342): 2.9.2 Call stack of *first* invocation of KeyIdentityProvider#resolveKeyIdentityProvider is this: !image-2023-07-10-12-25-51-220.png! Call stack of *second* invocation of KeyIdentityProvider#resolveKeyIdentityProvider() is this: !image-2023-07-10-12-24-22-392.png! 2.10.0 Call stack of only KeyIdentityProvider#resolveKeyIdentityProvider() is this: !image-2023-07-10-12-28-40-339.png! So while on 2.9.2 the second resolveIdentityProvider() call (triggered by the messageReceived() method) does have a non-empty KeyIdentityProvider, 2.10.0 only calls resolveIdentityProvider() once (also from messageReceived()) but in this case the KeyIdentityProvider is still empty. So the questionnow is: Why does org.apache.sshd.client.session.ClientSession#getKeyIdentityProvider return an empty provider on 2.10.0 but not on 2.9.2 ? > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png, > image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png, > image-2023-07-10-12-28-40-339.png, sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741530#comment-17741530 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 10:05 AM: --- The empty iterator on 2.10.0 is of type org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator. Stepping through the constructor of this class , I can see that on both 2.9.2 and 2.10.0 the initializeSessionIdentities() returns an Iterable that will yield Iterators based on ClientSession.providerOf(session).loadKeys(session) !image-2023-07-10-12-04-00-532.png! +2.9.2+ ClientSession.providerOf() returns a *MultiKeyIdentityProvider* with !image-2023-07-10-11-56-35-508.png! and the FileKeyPairProvider successfully loads the keys. +2.10.0+ ClientSession.providerOf() returns a *AuthenticationIdentitiesProvider* only. ... so now the question is: Why doesn't return 2.10.0 return a MultiKeyIdentityProvider as well ? More debugging... was (Author: tgierke2342): The empty iterator on 2.10.0 is of type org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator. Stepping through the constructor of this class , I can see that on both 2.9.2 and 2.10.0 the initializeSessionIdentities() returns an Iterable that will yield Iterators based on ClientSession.providerOf(session).loadKeys(session) !image-2023-07-10-12-04-00-532.png! +2.9.2+ ClientSession.providerOf() returns a *MultiKeyIdentityProvider* with !image-2023-07-10-11-56-35-508.png! and the FileKeyPairProvider successfully loads the keys. +2.10.0+ ClientSession.providerOf() returns a {*}AuthenticationIdentitiesProvider{*}{*}{*} ... so now the question is: Why doesn't return 2.10.0 return a MultiKeyIdentityProvider as well ? More debugging... > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png, > image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png, > sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex,
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741507#comment-17741507 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 9:33 AM: -- Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I've tried putting a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs() but this method is never hit, neither on 2.9.2 nor on 2.10.0 - any advice where I could put a breakpoint instead ? Ok, I've put method-level breakpoints on all KeyPairResourceLoader interface methods instead. +2.9.2+ When stepping through the 2.9.2 code I can see that org.apache.sshd.common.config.keys.loader.KeyPairResourceParser#loadKeyPairs is being hit and inside it, only two parser instances registered: - PEMResourceParserUtils#PROXY - org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser The OpenSSHKeyPairResourceParser is the one being used on 2.9.2 and this is what it returns: !image-2023-07-10-11-16-03-470.png! +2.10.0+ None of the KeyPairResourceLoader interface methods are being hit. I've gone up the 2.9.2 call stack and the first method that was hit on both 2.9.2 and 2.10.0 was org.apache.sshd.client.auth.pubkey.UserAuthPublicKey#resolveAttemptedPublicKeyIdentity Stepping through that code shows that on 2.9.2, the "keys" iterator returns elements while on 2.10.0 the iterator is empty so the while body is never executed. !image-2023-07-10-11-31-54-206.png! Now I remember that this was what actually led me to filing this ticket in the first place ... I was not able to debug where this iterator was coming from (too many indirections for my tiny brain). was (Author: tgierke2342): Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I've tried putting a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs() but this method is never hit, neither on 2.9.2 nor on 2.10.0 - any advice where I could put a breakpoint instead ? I've put method-level breakpoints on all KeyPairResourceLoader interface methods instead. +2.9.2+ When stepping through the 2.9.2 code I can see that org.apache.sshd.common.config.keys.loader.KeyPairResourceParser#loadKeyPairs is being hit and inside it, only two parser instances registered: - PEMResourceParserUtils#PROXY - org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser The OpenSSHKeyPairResourceParser is the one being used on 2.9.2 and this is what it returns: !image-2023-07-10-11-16-03-470.png! +2.10.0+ None of the KeyPairResourceLoader interface methods are being hit. I've gone up the 2.9.2 call stack and the first method that was hit on both 2.9.2 and 2.10.0 was org.apache.sshd.client.auth.pubkey.UserAuthPublicKey#resolveAttemptedPublicKeyIdentity Stepping through that code shows that on 2.9.2, the "keys" iterator returns elements while on 2.10.0 the iterator is empty so the while body is never executed. !image-2023-07-10-11-31-54-206.png! Now I remember that this was what actually led me to filing this ticket in the first place ... I was not able to debug where this iterator was coming from (too many indirections for my tiny brain). > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741507#comment-17741507 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 9:33 AM: -- Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I've tried putting a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs() but this method is never hit, neither on 2.9.2 nor on 2.10.0 - any advice where I could put a breakpoint instead ? I've put method-level breakpoints on all KeyPairResourceLoader interface methods instead. +2.9.2+ When stepping through the 2.9.2 code I can see that org.apache.sshd.common.config.keys.loader.KeyPairResourceParser#loadKeyPairs is being hit and inside it, only two parser instances registered: - PEMResourceParserUtils#PROXY - org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser The OpenSSHKeyPairResourceParser is the one being used on 2.9.2 and this is what it returns: !image-2023-07-10-11-16-03-470.png! +2.10.0+ None of the KeyPairResourceLoader interface methods are being hit. I've gone up the 2.9.2 call stack and the first method that was hit on both 2.9.2 and 2.10.0 was org.apache.sshd.client.auth.pubkey.UserAuthPublicKey#resolveAttemptedPublicKeyIdentity Stepping through that code shows that on 2.9.2, the "keys" iterator returns elements while on 2.10.0 the iterator is empty so the while body is never executed. !image-2023-07-10-11-31-54-206.png! Now I remember that this was what actually led me to filing this ticket in the first place ... I was not able to debug where this iterator was coming from (too many indirections for my tiny brain). was (Author: tgierke2342): Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I've tried putting a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs() but this method is never hit, neither on 2.9.2 nor on 2.10.0 - any advice where I could put a breakpoint instead ? > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png, > sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741507#comment-17741507 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 9:10 AM: -- Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I've tried putting a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs() but this method is never hit, neither on 2.9.2 nor on 2.10.0 - any advice where I could put a breakpoint instead ? was (Author: tgierke2342): Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I've tried putting a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs() but this method is never hit, neither on 2.9.2 nor on 2.10.0 > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] > no more keys to send > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no > initial request sent by method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > closing > UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]] > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741507#comment-17741507 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 9:09 AM: -- Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I've tried putting a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs() but this method is never hit, neither on 2.9.2 nor on 2.10.0 was (Author: tgierke2342): Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I'll tried putting a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs() but this method is never hit, neither on 2.9.2 nor on 2.10.0 > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] > no more keys to send > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no > initial request sent by method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > closing > UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]] > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741507#comment-17741507 ] Tobias Gierke edited comment on SSHD-1329 at 7/10/23 9:09 AM: -- Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I'll tried putting a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs() but this method is never hit, neither on 2.9.2 nor on 2.10.0 was (Author: tgierke2342): Ok, back from vacation ... thanks for spending the time to try reproducing it with Ubuntu 22.04.2 LTS .. I'll step through the code and set a breakpoint in RSAPEMResourceKeyPairParser.extractKeyPairs(). > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] > no more keys to send > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no > initial request sent by method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > closing > UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]] > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17737199#comment-17737199 ] Tobias Gierke edited comment on SSHD-1329 at 6/26/23 3:53 PM: -- Very interesting, test passes with both versions on my Ubuntu 20.04.4 LTS machine at work but fails on my Ubuntu 22.04.2 LTS (both are on OpenJDK 17.0.7) machine at home... is Apache SSHD (maybe indirectly through the JDK itself) relying on any OS native libraries ? FWIW, I did some more experiments and this is my tally so far: {code:java} CentOS Linux release 8.5.2111: PASS openssl-1.1.1k-5.el8_5.x86_64{code} {code:java} Ubuntu 20.04 LTS: PASS ii openssl 1.1.1f-1ubuntu2.19 {code} {code:java} Ubuntu 22.04.2 LTS: FAIL ii openssl 3.0.2-0ubuntu1.10 {code} So either the issue depends on OS version/some specific native library OR my local machine is broken in some interesting way and the others I tested on are not the JDK itself does not rely on OpenSSL, don't know about BouncyCastle / Apache SSHD ... but I don't think those do, right ? was (Author: tgierke2342): Very interesting, test passes with both versions on my Ubuntu 20.04.4 LTS machine at work but fails on my Ubuntu 22.04.2 LTS (both are on OpenJDK 17.0.7) machine at home... is Apache SSHD (maybe indirectly through the JDK itself) relying on any OS native libraries ? > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] > no more
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17737199#comment-17737199 ] Tobias Gierke edited comment on SSHD-1329 at 6/26/23 3:34 PM: -- Very interesting, test passes with both versions on my Ubuntu 20.04.4 LTS machine at work but fails on my Ubuntu 22.04.2 LTS (both are on OpenJDK 17.0.7) machine at home... is Apache SSHD (maybe indirectly through the JDK itself) relying on any OS native libraries ? was (Author: tgierke2342): Very interesting, test passes with both versions on my Ubuntu 20.04.4 LTS machine at work but fails on my Ubuntu 22.04.2 LTS (both are on OpenJDK 17.0.7) machine at home... > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, > sshd-bug-test.tgz, success_2.9.2.log > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientSessionImpl [] - > doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > process #5 SSH_MSG_USERAUTH_FAILURE > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starting authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] > no more keys to send > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no > initial request sent by method=publickey > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - > releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > closing > UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]] > 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG > org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - >
[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[ https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17735530#comment-17735530 ] Tobias Gierke edited comment on SSHD-1329 at 6/21/23 5:05 AM: -- Sorry, I probably didn't make myself very clear in the ticket description - the issue seems to be with the SSH key loading, *not* the actual connection/connection handshake. - with 2.9.2 the SSH key is properly loaded and used to authenticate (successfully) - with 2.10.0 the same SSH key is *not* loaded (but no error is shown in the logs) and thus unavailable for authentication So for some reason, (on my machine) the same code that successfuly loads the SSH key and uses it works with 2.9.2 but fails to load/use the API key with 2.10.0, which can be seen in those log lines I mentioned: {code:java} 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=publickey 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] no more keys to send 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no initial request sent by method=publickey {code} was (Author: tgierke2342): Sorry, I probably didn't make myself very clear in the ticket description - the issues seems to be with the SSH key loading, *not* the actual connection/connection handshake. - with 2.9.2 the SSH key is properly loaded and used to authenticate (successfully) - with 2.10.0 the same SSH key is *not* loaded (but no error is shown in the logs) and thus unavailable for authentication So for some reason, (on my machine) the same code that successfuly loads the SSH key and uses it works with 2.9.2 but fails to load/use the API key with 2.10.0, which can be seen in those log lines I mentioned: {code:java} 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) attempting method=publickey 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection] no more keys to send 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG org.apache.sshd.client.session.ClientUserAuthService [] - tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no initial request sent by method=publickey {code} > SSH Public key authentication works with 2.9.2 but fails with 2.10.0 > > > Key: SSHD-1329 > URL: https://issues.apache.org/jira/browse/SSHD-1329 > Project: MINA SSHD > Issue Type: Bug >Affects Versions: 2.10.0 >Reporter: Tobias Gierke >Priority: Major > Attachments: sshd-bug-test.tgz > > > After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key > authentication stopped working. > On 2.9.2 the handshake looks like this: > {code:java} > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22] > ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, > methods=publickey,gssapi-keyex,gssapi-with-mic,password > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > starti > ng authentication mechanisms: client=[publickey, keyboard-interactive, > password], server=[publickey, gssapi-keyex, gssapi-with-mic, password] > 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG > org.apache.sshd.client.session.ClientUserAuthService [] - > tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) > attempting method=publickey > 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE > org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] > - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609) > 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%# > . {code} > while on 2.10.0 the key is not found/loaded: > {code:java} >