[jira] [Commented] (NIFI-1956) Add "keyboard-interactive" option to SFTPTransfer

Mon, 06 Jun 2016 14:09:37 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-1956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15317245#comment-15317245
 ] 

Michael Moser commented on NIFI-1956:
-------------------------------------

So I learned that "password" authentication requires "PasswordAuthentication 
yes" in /etc/ssh/sshd_config, and "keyboard-interactive" authentication 
requires "ChallengeResponseAuthentication yes" in /etc/ssh/sshd_config.

If a sysadmin configures sshd with "PasswordAuthentication no" and 
"ChallengeResponseAuthentication yes", then the old NiFi code will not allow a 
password login but after this change to SFTPTransfer, password login works.

+1 (after the fact) to make NiFi more tolerant of possible sshd configurations.

> Add "keyboard-interactive" option to SFTPTransfer
> -------------------------------------------------
>
>                 Key: NIFI-1956
>                 URL: https://issues.apache.org/jira/browse/NIFI-1956
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.0.0, 0.7.0
>            Reporter: Oleg Zhurakousky
>            Assignee: Oleg Zhurakousky
>             Fix For: 1.0.0, 0.7.0
>
>
> With RFC-4256 some SSH servers may no longer support or enable "password" as 
> a valid authentication option in favor of "keyboard-interactive". 
> This results in 
> {code}
> Exception in thread "main" com.jcraft.jsch.JSchException: Auth fail
> {code}
> And even though the spec discusses the authentication mechanism where user 
> will be prompted for a password, JSch provides an authentication provider 
> which handles such prompt behind the scenes as long as user sets password in 
> a session.
> Belo code shows how to reproduce the issue (at least in osx):
> {code}
> public static void main(String[] args) throws Exception {
>         JSch jsch = new JSch();
>         Session session = jsch.getSession("<user>", "localhost", 22);
>         session.setPassword("<password>");
>         Properties properties = new Properties();
>         properties.setProperty("StrictHostKeyChecking", "no");
>         //properties.setProperty("PreferredAuthentications", 
> "publickey,password,keyboard-interactive");
>         properties.setProperty("PreferredAuthentications", 
> "publickey,password");
>         session.setConfig(properties);
>         session.connect();
>         System.out.println("connected");
>     }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to