[
https://issues.apache.org/jira/browse/SSHD-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14572319#comment-14572319
]
Jochen Seliger commented on SSHD-473:
-------------------------------------
Hi Lyor,
many thanks for your coments. I'll have a look at.
But anyway I may connect to he shell after been authenticated by some unknown
code, in any case, i use the same string as user and as password.
The accout I earn at the shell, is tis one who started the server,.
See below the logg. Even with user "bad_password" I'm athenticated as long as I
pass the same string to the addPasswordIdentity-method.
createSSHClient false entered
Jun 04, 2015 9:08:11 AM org.apache.sshd.common.util.SecurityUtils register
INFORMATION: BouncyCastle not registered, using the default JCE provider
after SSHClient creation + start
Jun 04, 2015 9:08:11 AM org.apache.sshd.client.session.ClientSessionImpl <init>
INFORMATION: Client session created
Jun 04, 2015 9:08:11 AM org.apache.sshd.common.session.AbstractSession
writePacket
INFORMATION: Start flagging packets as pending until key exchange is done
Jun 04, 2015 9:08:11 AM org.apache.sshd.client.session.ClientSessionImpl
readIdentification
INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0
ClientSesion established
Jun 04, 2015 9:08:12 AM
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier verifyServerKey
WARNUNG: Server at /127.0.0.1:8000 presented unverified DSA key:
e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35
Jun 04, 2015 9:08:12 AM org.apache.sshd.common.session.AbstractSession
doHandleMessage
INFORMATION: Dequeing pending packets
Jun 04, 2015 9:08:12 AM org.apache.sshd.client.session.ClientUserAuthServiceNew
processUserAuth
INFORMATION: Received SSH_MSG_USERAUTH_FAILURE
Jun 04, 2015 9:08:12 AM org.apache.sshd.client.auth.UserAuthKeyboardInteractive
process
INFORMATION: Received Password authentication en-US
Jun 04, 2015 9:08:12 AM org.apache.sshd.client.session.ClientUserAuthServiceNew
processUserAuth
INFORMATION: Received SSH_MSG_USERAUTH_SUCCESS
ShellChannel established
ShellChannell opened
sh: no job control in this shell
bad_password@linux-0h68:/home/jochen/workspace/USF_SSH_WS> whoami
whoami
jochen
bad_password@linux-0h68:/home/jochen/workspace/USF_SSH_WS>
Beside the problems you have mentioned, there is not clear to me, what code does
athenticate me and how to force the server to run my SSHDPasswordAuthentikator.
Why the SSH_SEVER.Class is claiming a KeyPairAuthentikation, I can't see at the
moment. My class can be compiled without problems.
Due to the fact, that any (realy any)user may get a shell-session at the system,
where the MINA-SHHD was startetd, at least the PasswordAuthentication procerure
s unaceptable for me until the reuired adaption will be implemented.
Hope for your help!!
Jochen
> PasswordAuthentifikation
> ------------------------
>
> Key: SSHD-473
> URL: https://issues.apache.org/jira/browse/SSHD-473
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 0.14.0
> Environment: Windows 7, Java 8, Eclipse JUNO
> Reporter: Jochen Seliger
> Priority: Critical
> Attachments: SSHDPasswordAuthenticator.java, SSH_SERVER.java
>
>
> I run the sshd and the ssh client both on the windos mashine.
> The sshd I start on port 8000 and with password authentificator ans an own
> atthenicator class, which shall shoe a messagebox when envoced.
> The client I start aftercreating it as SshClient.setUpDefaultClient();
> without stting any factury with the statement ClientSession session =
> client.connect("Jochen","192.168.100.13",8000).await().getSession(); (Jochen
> is an existing user on the mashine).
> But till shellChannel I can proceed only when setting after session creation
> session.addPasswordIdentity("Jochen"); (it is tha same user as provided at
> session creation)
> There is no functionality to set the password.
> The method authPassword is depreciated.
> 1. My first question: How to proceed th use PasswordAuthentification?
> As stated I can proceesd til ssh-Shell, but the server is logging at a first
> run an autentification failure and at a second run authentification success:
> Mai 22, 2015 12:14:21 PM org.apache.sshd.client.session.ClientSessionImpl
> readIdentification
> INFORMATION: Server version string: SSH-2.0-SSHD-CORE-0.14.0
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier verifyServerKey
> WARNUNG: Server at /192.168.100.13:8000 presented unverified DSA key:
> e4:76:f3:c2:15:64:7f:e4:5f:b7:86:35:a5:3e:85:35
> Mai 22, 2015 12:14:22 PM org.apache.sshd.common.session.AbstractSession
> doHandleMessage
> INFORMATION: Dequeing pending packets
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_FAILURE
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.auth.UserAuthKeyboardInteractive process
> INFORMATION: Received Password authentication en-US
> Mai 22, 2015 12:14:22 PM
> org.apache.sshd.client.session.ClientUserAuthServiceNew processUserAuth
> INFORMATION: Received SSH_MSG_USERAUTH_SUCCESS
> ShellChannell opened
> Microsoft Windows [Version 6.0.6001]
> Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten.
> C:\Users\Jochen\workspace\USF_SSH_WS>
> allthoug I did not provide an password.
> 2. Why thes two runs are processed?
> 3. Why the first run fails and the second one succedes?
> 4. How to proceede to get a functioning password and keypair authentication?
> Regards
> Jochen Seliger
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
