I'm writing a userauthgss for sshd. Is there any way to get the session id from the client session? I see that the serversession class has sessionid field but not the clientsession. Anybody know where I could get that?
On Thu, Apr 17, 2014 at 12:34 PM, Guillaume Nodet <[email protected]> wrote: > To be honest, the GSS support has been contributed a long time ago and has > no unit / integration test. > In addition, I have no clue how to set up such a test, so GSS support may > be slightly broken. > > You're a bit on your own, unless you can set up a small test that I could > use to debug (with instructions how to set up the needed environment). > > > 2014-04-17 17:40 GMT+02:00 Josh Clum <[email protected]>: > > > Maybe I will :) but for now I giving JSch a try.I'm setting up a test > with > > the jsch client and an apache mina server to use gss authentication. It > > looks like there is some protocol confusion with the messages being sent. > > Are the versioning problems(kerberos, gssapi) that I might incur when > > trying to use the jsch client to connect via userauthgss? > > > > On the client side I'm getting: > > > > java.net.SocketTimeoutException: Read timed out > > > > On the server side this is my session start to finish: > > > > 11:08:08,876 DEBUG [KerberosProtocolHandler] > > (KerberosProtocolHandler.java:91) /10.128.88.132:55448 CREATED: socket > > 11:08:08,877 DEBUG [KERBEROS_LOG] (KerberosProtocolHandler.java:96) / > > 10.128.88.132:55448 CREATED: socket > > 11:08:08,877 DEBUG [KerberosProtocolHandler] > > (KerberosProtocolHandler.java:108) /10.128.88.132:55448 OPENED > > 11:08:08,877 DEBUG [KERBEROS_LOG] (KerberosProtocolHandler.java:113) / > > 10.128.88.132:55448 OPENED > > 11:08:08,877 DEBUG [ProtocolCodecFilter] (ProtocolCodecFilter.java:211) > > Processing a MESSAGE_RECEIVED for session 6 > > 11:08:54,898 DEBUG [Asn1Decoder] (Asn1Decoder.java:671) > > >>>========================================== > > 11:08:54,899 DEBUG [Asn1Decoder] (Asn1Decoder.java:672) --> Decoding a > PDU > > 11:08:54,899 DEBUG [Asn1Decoder] (Asn1Decoder.java:673) > > >>>------------------------------------------ > > 11:08:54,900 DEBUG [Asn1Decoder] (Asn1Decoder.java:680) --- State = > > TAG_STATE_START --- > > 11:08:54,901 DEBUG [Asn1Decoder] (Asn1Decoder.java:686) current byte : > > 0x32 > > 11:08:54,901 DEBUG [Asn1Decoder] (Asn1Decoder.java:108) Tag 0x32 has been > > decoded > > 11:08:54,901 DEBUG [Asn1Decoder] (Asn1Decoder.java:680) --- State = > > LENGTH_STATE_START --- > > 11:08:54,902 DEBUG [Asn1Decoder] (Asn1Decoder.java:686) current byte : > > 0x2E > > 11:08:54,902 DEBUG [Asn1Decoder] (Asn1Decoder.java:680) --- State = > > LENGTH_STATE_END --- > > 11:08:54,902 DEBUG [Asn1Decoder] (Asn1Decoder.java:686) current byte : > > 0x30 > > 11:08:54,903 DEBUG [Asn1Decoder] (Asn1Decoder.java:360) Parent length : > TLV > > expected length stack : - null > > 11:08:54,903 DEBUG [Asn1Decoder] (Asn1Decoder.java:372) Root TLV[46] > > 11:08:54,903 DEBUG [Asn1Decoder] (Asn1Decoder.java:480) Length 46 has > been > > decoded > > 11:08:54,903 DEBUG [Asn1Decoder] (Asn1Decoder.java:680) --- State = > > VALUE_STATE_START --- > > 11:08:54,904 DEBUG [Asn1Decoder] (Asn1Decoder.java:686) current byte : > > 0x30 > > 11:08:54,904 DEBUG [Asn1Decoder] (Asn1Decoder.java:758) > > <<<------------------------------------------ > > 11:08:54,905 DEBUG [Asn1Decoder] (Asn1Decoder.java:775) <-- End decoding > : > > TLV[ 0x32, 46, DATA[0x30 0x2D 0x4A 0x53 0x43 0x48 0x2D 0x30 0x2E 0x31 > 0x2E > > 0x35 0x31 0x0A 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 > 0x00 > > 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 > 0x00 > > 0x00 0x00 0x00 0x00 0x00 ]] > > 11:08:54,905 DEBUG [Asn1Decoder] (Asn1Decoder.java:783) > > <<<========================================== > > 11:10:23,724 ERROR [KerberosProtocolHandler] > > (KerberosProtocolHandler.java:157) /10.128.88.132:55448 EXCEPTION > > org.apache.mina.filter.codec.ProtocolDecoderException: > > java.lang.IllegalArgumentException: message (Hexdump: 53 53 48 2D 32 2E > 30 > > 2D 4A 53 43 48 2D 30 2E 31 2E 35 31 0A) > > at > > > > > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:242) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > > at > > > > > org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:410) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:710) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:664) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:653) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1124) > > at > > > > > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > > at > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) > > at > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) > > at java.lang.Thread.run(Thread.java:695) > > Caused by: java.lang.IllegalArgumentException: message > > at > > > > > org.apache.mina.filter.codec.AbstractProtocolDecoderOutput.write(AbstractProtocolDecoderOutput.java:43) > > at > > > > > org.apache.directory.server.kerberos.protocol.codec.MinaKerberosDecoder.decode(MinaKerberosDecoder.java:65) > > at > > > > > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:232) > > ... 15 more > > 11:10:23,726 ERROR [KERBEROS_LOG] (KerberosProtocolHandler.java:158) / > > 10.128.88.132:55448 EXCEPTION > > org.apache.mina.filter.codec.ProtocolDecoderException: > > java.lang.IllegalArgumentException: message (Hexdump: 53 53 48 2D 32 2E > 30 > > 2D 4A 53 43 48 2D 30 2E 31 2E 35 31 0A) > > at > > > > > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:242) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) > > at > > > > > org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) > > at > > > > > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:410) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:710) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:664) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:653) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67) > > at > > > > > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1124) > > at > > > > > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > > at > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) > > at > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) > > at java.lang.Thread.run(Thread.java:695) > > Caused by: java.lang.IllegalArgumentException: message > > at > > > > > org.apache.mina.filter.codec.AbstractProtocolDecoderOutput.write(AbstractProtocolDecoderOutput.java:43) > > at > > > > > org.apache.directory.server.kerberos.protocol.codec.MinaKerberosDecoder.decode(MinaKerberosDecoder.java:65) > > at > > > > > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:232) > > ... 15 more > > 11:10:23,727 DEBUG [KerberosProtocolHandler] > > (KerberosProtocolHandler.java:125) /10.128.88.132:55448 CLOSED > > 11:10:23,727 DEBUG [KERBEROS_LOG] (KerberosProtocolHandler.java:130) / > > 10.128.88.132:55448 CLOSED > > > > Thanks, > > Josh > > > > > > On Tue, Apr 15, 2014 at 4:08 PM, Guillaume Nodet <[email protected]> > > wrote: > > > > > Yes, GSS client side is currently not supported, so you need to write > > your > > > own org.apache.sshd.client.UserAuth implementation for GSS. > > > Contributions are welcomed ;-) > > > > > > > > > 2014-04-15 20:41 GMT+02:00 Josh Clum <[email protected]>: > > > > > > > I have a SSHServer set up with the GSSAuthenticator. I want to > > > authenticate > > > > a java SSHClient with that server. Is there any way to do that? > Looking > > > at > > > > the api I only see ways to specify a public key, password, or > > interactive > > > > mode. Do I have to write my own implementation of UserAuth.java or > > > > AbstractUserAuth.java? > > > > > > > > > >
