[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17750651#comment-17750651
]
Tobias Gierke commented on SSHD-1329:
-
To answer my own question: One can simply do
{code:java}
sshClient.setHostConfigEntryResolver( (host, port, localAddress, username,
proxyJump, context) -> null ); {code}
to completely disable the ~/.ssh/config file.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png,
> image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png,
> image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png,
> image-2023-07-10-13-55-03-270.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17750632#comment-17750632
]
Tobias Gierke commented on SSHD-1329:
-
I feel tempted to close this ticket as it seems the breakage observed by me
(introduced by
[https://github.com/apache/mina-sshd/commit/c11bfccaa39d5c89c3f3059f976dd1e4d0947cb6])
was done deliberately so nothing will be changed about it (which is fine with
me).
Is there a way to configure the client so that it completely ignores any local
~/.ssh/config file ? If yes, how to do so ?
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png,
> image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png,
> image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png,
> image-2023-07-10-13-55-03-270.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|]
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741592#comment-17741592
]
Tobias Gierke commented on SSHD-1329:
-
Ok, having now read through [https://github.com/apache/mina-sshd/issues/281]
and [https://github.com/apache/mina-sshd/pull/353] I probably need to re-phrase
my last comment:
As I guess there is no "correct" way to skin this cat as processing order of
~/.ssh/config entries does not seem to be very well defined in any case - how
do I initialiize my SSH client in 2.10.0 so that it completely (or as much as
possible) *ignores* ~/.ssh/config , basically pretending the file does not
exist ? I do not want my programatically configured SSH client to be dependent
on configuration that is specific to the host it is running on.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png,
> image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png,
> image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png,
> image-2023-07-10-13-55-03-270.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741587#comment-17741587
]
Tobias Gierke commented on SSHD-1329:
-
This all lead me to
[https://github.com/apache/mina-sshd/commit/c11bfccaa39d5c89c3f3059f976dd1e4d0947cb6]
which seems to have introduced this difference in behavior.
Whether it was a concious decision to keep the old (IMHO buggy) behavior of
2.9.2 and change 2.10.0 only I do not know but the "Host *" setting not being
applied looks like a bug in 2.9.2 to me.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png,
> image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png,
> image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png,
> image-2023-07-10-13-55-03-270.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741585#comment-17741585
]
Tobias Gierke commented on SSHD-1329:
-
Putting a field breakpoint on the HostConfigEntry#exclusiveIdentities field
shows that in 2.10.0, the field value on the specific host entry
("vmtobi.fritzbox.local") is getting assigned from the wildcard ("*") host
configuration which I think is correct.
!image-2023-07-10-13-55-03-270.png!
On 2.9.2 there is no HostConfigEntry#collate() method at all.
This lead me to
[https://github.com/apache/mina-sshd/commit/c11bfccaa39d5c89c3f3059f976dd1e4d0947cb6]
which seems to have introduced this difference in behavior.
Whether it was a concious decision to keep the old (IMHO buggy) behavior of
2.9.2 and change 2.10.0 only I do not know but the "Host *" setting not being
applied looks like a bug in 2.9.2 to me.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png,
> image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png,
> image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png,
> image-2023-07-10-13-55-03-270.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741572#comment-17741572
]
Tobias Gierke commented on SSHD-1329:
-
Ok, I've narrowed the issue down to this ~/.ssh/config:
{code:java}
Host *
ForwardAgent yes
IdentitiesOnly yes{code}
On 2.9.2 , the unit test in my example project completes sucessfully while on
2.10.0 the unit test fails.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png,
> image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png,
> image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741571#comment-17741571
]
Tobias Gierke commented on SSHD-1329:
-
Seems my test case is incomplete without my ~/.ssh/config file which is rather
large (organic growth over a couple of years) and contains confidential
settings from work so I unfortunately cannot simply attach it to this ticket.
This also explains why the test fails on my Ubuntu 22.04.2 LTS but not on yours.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png,
> image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png,
> image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741567#comment-17741567
]
Tobias Gierke commented on SSHD-1329:
-
HostConfigEntry#isIdentitiesOnly():
+2.9.2+
!image-2023-07-10-13-16-35-068.png!
+2.10.0+
!image-2023-07-10-13-19-06-606.png!
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png,
> image-2023-07-10-13-08-54-869.png, image-2023-07-10-13-12-39-566.png,
> image-2023-07-10-13-16-35-068.png, image-2023-07-10-13-19-06-606.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741560#comment-17741560
]
Tobias Gierke commented on SSHD-1329:
-
The SshClient#onConnectOperationComplete methods are different in 2.10.0 and
2.9.2
What's more interesting is the fact that on 2.9.2 the "useDefaultEntities" is
set to "true" while on 2.10.0 it is set to "false".
+2.10.0+
!image-2023-07-10-13-08-54-869.png!
+2.9.2+
!image-2023-07-10-13-06-17-767.png!
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> image-2023-07-10-13-04-05-241.png, image-2023-07-10-13-06-17-767.png,
> image-2023-07-10-13-08-54-869.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741551#comment-17741551
]
Tobias Gierke commented on SSHD-1329:
-
+2.9.2+
The org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider
field is never assigned so stays at its initial value which is NULL.
+2.10.0+
The field value is set to the "EMPTY" provider by
org.apache.sshd.client.SshClient#onConnectOperationComplete
!image-2023-07-10-12-53-51-624.png!
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, image-2023-07-10-12-53-51-624.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741548#comment-17741548
]
Tobias Gierke commented on SSHD-1329:
-
This now raises the question: Why does is the
org.apache.sshd.client.session.AbstractClientSession#keyIdentityProvider field
on 2.9.2 NULL (which is being handled correctly by
resolveEffectiveKeyProvider() while it is set to the "EMPTY" provider on 2.10.
(which is *not* being handled correctly by resolveEffectiveKeyProvider) ?
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741544#comment-17741544
]
Tobias Gierke commented on SSHD-1329:
-
This question leads to
org.apache.sshd.client.session.AbstractClientSession#getKeyIdentityProvider
2.10.0
getKeyIdentityProvider() is being called with "keyIdentityProvider" being the
"EMPTY" provider
!image-2023-07-10-12-39-26-768.png!
and since resolveEffectiveProvider is just a checking for NULL but not the
"EMPTY" provider, it returns the "EMPTY" provider.
!image-2023-07-10-12-40-44-093.png!
2.9.2
When getKeyIdentityProvider() is being called, the "keyIdentityProvider" field
is set to NULL (not the "EMPTY" provider as in 2.10.0) so
resolveEffectiveProvider() returns the "inherited" argument which happens to be
the org.apache.sshd.common.keyprovider.FileKeyPairProvider that's gone missing
in 2.10.0
!image-2023-07-10-12-43-11-445.png!
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, image-2023-07-10-12-38-23-160.png,
> image-2023-07-10-12-39-26-768.png, image-2023-07-10-12-40-44-093.png,
> image-2023-07-10-12-43-11-445.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741536#comment-17741536
]
Tobias Gierke commented on SSHD-1329:
-
2.9.2
Call stack of *first* invocation of
KeyIdentityProvider#resolveKeyIdentityProvider is this:
!image-2023-07-10-12-25-51-220.png!
Call stack of *second* invocation of
KeyIdentityProvider#resolveKeyIdentityProvider() is this:
!image-2023-07-10-12-24-22-392.png!
2.10.0
Call stack of only KeyIdentityProvider#resolveKeyIdentityProvider() is this:
!image-2023-07-10-12-28-40-339.png!
So while on 2.9.2 the second resolveIdentityProvider() call (triggered by the
messageReceived() method) does have a non-empty KeyIdentityProvider, 2.10.0
only calls resolveIdentityProvider() once (also from messageReceived()) but in
this case the KeyIdentityProvider is still empty.
So the questionnow is: Why does
org.apache.sshd.client.session.ClientSession#getKeyIdentityProvider return an
empty provider on 2.10.0 but not on 2.9.2 ?
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> image-2023-07-10-12-24-22-392.png, image-2023-07-10-12-25-51-220.png,
> image-2023-07-10-12-28-40-339.png, sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741535#comment-17741535
]
Tobias Gierke commented on SSHD-1329:
-
+2.9.2+
The MultiKeyIdentityProvider is created on the SECOND invocation of this method
in MultiKeyIdentityProvider (the first invocation has the
KeyIdentityProvider#EMPTY_KEYS_PROVIDER as "keys").
!image-2023-07-10-12-08-39-123.png!
+2.10.0+
The resolveKeyIdentityProvider() method is only called once (not twice as in
2.9.2) and just like on 2.9.2, the first invocation has
KeyIdentityProvider#EMPTY_KEYS_PROVIDER as "keys
So now the question is: Why is 2.10.0 not doing the second
resolveKeyIdentitiyProvider() call as 2.9.2 does ?
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> image-2023-07-10-12-08-39-123.png, image-2023-07-10-12-12-02-825.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741530#comment-17741530
]
Tobias Gierke commented on SSHD-1329:
-
The empty iterator on 2.10.0 is of type
org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator.
Stepping through the constructor of this class , I can see that on both 2.9.2
and 2.10.0 the initializeSessionIdentities() returns an Iterable that will
yield Iterators based on
ClientSession.providerOf(session).loadKeys(session)
!image-2023-07-10-12-04-00-532.png!
+2.9.2+
ClientSession.providerOf() returns a *MultiKeyIdentityProvider* with
!image-2023-07-10-11-56-35-508.png!
and the FileKeyPairProvider successfully loads the keys.
+2.10.0+
ClientSession.providerOf() returns a
{*}AuthenticationIdentitiesProvider{*}{*}{*}
... so now the question is: Why doesn't return 2.10.0 return a
MultiKeyIdentityProvider as well ? More debugging...
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> image-2023-07-10-11-16-03-470.png, image-2023-07-10-11-31-54-206.png,
> image-2023-07-10-11-48-25-736.png, image-2023-07-10-11-54-05-391.png,
> image-2023-07-10-11-56-35-508.png, image-2023-07-10-12-04-00-532.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17741507#comment-17741507
]
Tobias Gierke commented on SSHD-1329:
-
Ok, back from vacation ... thanks for spending the time to try reproducing it
with Ubuntu 22.04.2 LTS .. I'll step through the code and set a breakpoint in
RSAPEMResourceKeyPairParser.extractKeyPairs().
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=password
> 2023-06-19T13:13:41,534
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17739291#comment-17739291
]
Thomas Wolf commented on SSHD-1329:
---
I just spent some two hours to set up a VirtualBox VM with Ubuntu 22.04.2 LTS
from scratch to test this.
Your test works perfectly for me out of the box, using Apache MINA sshd 2.10.0,
Java 17, on Ubuntu 22.04.2 and an Apache MINA sshd test server. The client can
authenticate just fine at the server.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17739277#comment-17739277
]
Thomas Wolf commented on SSHD-1329:
---
Maybe this a red herring, but... perhaps check the crypto policies on your
Ubuntu 22.04. AFAIK Ubuntu 22.04 disables SHA1 signatures with RSA keys via
crypto policies, and that may affect also the JDK. See
[https://manpages.ubuntu.com/manpages/jammy/en/man8/update-crypto-policies.8.html]
. I don't quite see how that could lead to not being able to find or load the
key in the first place, but it's still something to check.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17738272#comment-17738272
]
Thomas Wolf commented on SSHD-1329:
---
Interesting indeed. I have no Ubuntu 22.04 readily available; I would have to
set up a VM, then set up a development environment, then see if I could
reproduce in that VM, then debug.
I see two possibilities:
* the file is found, but the key cannot be read and somehow no exception is
thrown, or it isn't being logged. Try setting a breakpoint in
RSAPEMResourceKeyPairParser.extractKeyPairs(). If you do get there, then step
through starting at that location.
* or the file isn't found in the first place -- in that case, check the umask
and make sure the file is readable. Set a breakpoint at
SecurityUtils.loadKeyPairIdentities(), then verify that the file exists and is
readable, and step through from there.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17737199#comment-17737199
]
Tobias Gierke commented on SSHD-1329:
-
Very interesting, test passes with both versions on my Ubuntu 20.04.4 LTS
machine at work but fails on my Ubuntu 22.04.2 LTS (both are on OpenJDK 17.0.7)
machine at home...
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|]
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17737193#comment-17737193
]
Tobias Gierke commented on SSHD-1329:
-
I've attached the log output (level TRACE) for both the successful 2.9.2 and
the failed 2.01.0 run. The key difference IMHO is that 2.10.0 does not find the
key (and subsequently fails authentication) while 2.9.2 finds the key just fine.
!image-2023-06-26-17-10-43-547.png!
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png,
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17736432#comment-17736432
]
Tobias Gierke commented on SSHD-1329:
-
Sorry, I'm kind of busy right now as I'll go on vacation next week... can you
leave this ticket open for ~2 more weeks so I can investigate further once I'm
back ?
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.password.UserAuthPassword [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17735544#comment-17735544
]
Thomas Wolf commented on SSHD-1329:
---
{quote}the issue seems to be with the SSH key loading{quote}
That was clear. But still: I cannot reproduce the problem.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.password.UserAuthPassword [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17735533#comment-17735533
]
Tobias Gierke commented on SSHD-1329:
-
I've already spent quite some time stepping through the Apache SSHD client code
but the only thing I've found so far is that on 2.10.0, inside
_org.apache.sshd.client.auth.pubkey.UserAuthPublicKey#init_ the iterator
returned by _createPublicKeyIterator()_ is empty ... but I don't understand why
this is the case.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17735530#comment-17735530
]
Tobias Gierke commented on SSHD-1329:
-
Sorry, I probably didn't make myself very clear in the ticket description - the
issues seems to be with the SSH key loading, *not* the actual
connection/connection handshake.
- with 2.9.2 the SSH key is properly loaded and used to authenticate
(successfully)
- with 2.10.0 the same SSH key is *not* loaded (but no error is shown in the
logs) and thus unavailable for authentication
So for some reason, (on my machine) the same code that successfuly loads the
SSH key and uses it works with 2.9.2 but fails to load/use the API key with
2.10.0, which can be seen in those log lines I mentioned:
{code:java}
2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
attempting method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
no more keys to send
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
org.apache.sshd.client.session.ClientUserAuthService [] -
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
initial request sent by method=publickey {code}
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17735464#comment-17735464
]
Thomas Wolf commented on SSHD-1329:
---
{quote}Client is running Ubuntu 22.04.2 LTS on x86.{quote}
So not a Windows-specific problem.
I've tried by now Java 8, Java 17, with or without BouncyCastle. No problems so
far.
Do you have a {{~/.ssh/config file}} with a host entry for that Fritzbox?
(And of course I don't have a Fritzbox. I'm testing against against an Apache
MINA sshd server. But given your log excerpt, it doesn't look like the kind of
server should have any impact.)
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17735361#comment-17735361
]
Thomas Wolf commented on SSHD-1329:
---
{quote}... works fine regardless of putting 2.10.0 or 2.9.2 in the pom.xml
?{quote}
Yes. The client can authenticate successfully.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.password.UserAuthPassword [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17735174#comment-17735174
]
Tobias Gierke commented on SSHD-1329:
-
Client is running Ubuntu 22.04.2 LTS on x86.
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.password.UserAuthPassword [] -
> resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more passwords to send
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17735172#comment-17735172
]
Tobias Gierke commented on SSHD-1329:
-
Hm, so the Maven project I provided works fine regardless of putting 2.10.0 or
2.9.2 in the pom.xml ?
{code:java}
2.10.0
{code}
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.password.UserAuthPassword [] -
>
[jira] [Commented] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0
[
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17735164#comment-17735164
]
Thomas Wolf commented on SSHD-1329:
---
Cannot reproduce so far. I'll keep looking, though. What OS is the client on?
> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
>
>
> Key: SSHD-1329
> URL: https://issues.apache.org/jira/browse/SSHD-1329
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.10.0
>Reporter: Tobias Gierke
>Priority: Major
> Attachments: sshd-bug-test.tgz
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser []
> - -BEGIN RSA PRIVATE KEY- [chunk #1](16/609)
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23 0..].:%#
> . {code}
> while on 2.10.0 the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientSessionImpl [] -
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> Received SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> starting authentication mechanisms: client=[publickey, keyboard-interactive,
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> closing
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] -
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.session.ClientUserAuthService [] -
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG
> org.apache.sshd.client.auth.password.UserAuthPassword [] -
> resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
>
