[
https://issues.apache.org/jira/browse/SSHD-611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15057611#comment-15057611
]
Oliver Stöneberg commented on SSHD-611:
---------------------------------------
Great! Thanks!
> Client incorrectly handles rejected keyboard-interactive authentication by
> server
> ---------------------------------------------------------------------------------
>
> Key: SSHD-611
> URL: https://issues.apache.org/jira/browse/SSHD-611
> Project: MINA SSHD
> Issue Type: Bug
> Reporter: Oliver Stöneberg
> Assignee: Goldstein Lyor
> Fix For: 1.1.0
>
> Attachments: putty_core_keyboard-interactive_rejection.log,
> sshd-core_keyboard-interactive_rejection.txt
>
>
> I am trying to communicate with a server that advertises keyboard-interactive
> authentication but it fails with "Too many authentication failures". When the
> client sends the request it gets a failure and requests it again and again
> until it hits the maximum retries value. It also never reaches the
> UserInteraction object that was assigned to the client. It seems when the
> request fails it should move on to the next authentication method.
> Here's the output of sshd-core:
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-1]
> (ClientUserAuthService.java:234)
> tryNext(ClientSessionImpl[root@/10.48.43.215:22]) attempting
> method=keyboard-interactive
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-1]
> (UserAuthKeyboardInteractive.java:110)
> process(root@ClientSessionImpl[root@/10.48.43.215:22])[ssh-connection] Send
> SSH_MSG_USERAUTH_REQUEST for keyboard-interactive
> TRACE [sshd-SshClient[48c40605]-nio2-thread-1] (AbstractSession.java:862)
> encode(ClientSessionImpl[root@/10.48.43.215:22]) Sending packet #5: 32 00 00
> 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00
> 00 14 6b 65 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 00 00 00 00
> 00 00 00 00
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] (Nio2Session.java:114) Writing
> 100 bytes
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-4] (Nio2Session.java:274)
> Finished writing
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-5] (Nio2Session.java:223) Read 84
> bytes
> TRACE [sshd-SshClient[48c40605]-nio2-thread-5] (AbstractSession.java:1003)
> decode(ClientSessionImpl[root@/10.48.43.215:22]) Received packet #6: 33 00 00
> 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 73 73 77 6f 72 64 2c 6b 65 79 62 6f
> 61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 00
> TRACE [sshd-SshClient[48c40605]-nio2-thread-5] (AbstractSession.java:415)
> doHandleMessage(ClientSessionImpl[root@/10.48.43.215:22]) process
> SSH_MSG_USERAUTH_FAILURE
> DEBUG [sshd-SshClient[48c40605]-nio2-thread-5]
> (ClientUserAuthService.java:181)
> processUserAuth(ClientSessionImpl[root@/10.48.43.215:22]) Received
> SSH_MSG_USERAUTH_FAILURE - partial=false,
> methods=publickey,password,keyboard-interactive
> Here's the putty output:
> Outgoing packet #0x4, type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
> 00000000 00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68 ....ssh-userauth
> Incoming packet #0x4, type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
> 00000000 00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68 ....ssh-userauth
> Outgoing packet #0x5, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
> 00000000 00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d ....root....ssh-
> 00000010 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 04 6e 6f connection....no
> 00000020 6e 65 ne
> Incoming packet #0x5, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
> 00000000 00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 ...'publickey,pa
> 00000010 73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d ssword,keyboard-
> 00000020 69 6e 74 65 72 61 63 74 69 76 65 00 interactive.
> Outgoing packet #0x6, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
> 00000000 00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d ....root....ssh-
> 00000010 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 14 6b 65 connection....ke
> 00000020 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 yboard-interacti
> 00000030 76 65 00 00 00 00 00 00 00 00 ve........
> Event Log: Attempting keyboard-interactive authentication
> Incoming packet #0x6, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
> 00000000 00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 ...'publickey,pa
> 00000010 73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d ssword,keyboard-
> 00000020 69 6e 74 65 72 61 63 74 69 76 65 00 interactive.
> Event Log: Server refused keyboard-interactive authentication
> Outgoing packet #0x7, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
> 00000000 00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d ....root....ssh-
> 00000010 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 08 70 61 connection....pa
> 00000020 73 73 77 6f 72 64 00 XX XX XX XX XX XX XX XX XX ssword.XXXXXXXXX
> 00000030 XX XX XX XXX
> Outgoing packet #0x8, type 2 / 0x02 (SSH2_MSG_IGNORE)
> 00000000 00 00 00 a0 dd aa 67 0a 8d 42 d0 2a 5c 82 1e 5e ......g..B.*\..^
> 00000010 ef 3b 9f 2a c2 5d 71 8a 28 ff 5d ca 1f 28 94 20 .;.*.]q.(.]..(.
> 00000020 ec f4 2d dd 34 dc cf 99 94 da c1 40 7d a4 d9 09 ..-.4......@}...
> 00000030 0e 7c 15 f6 01 56 6b e8 a4 3c 45 a6 c9 bd 00 e3 .|...Vk..<E.....
> 00000040 73 e1 36 85 61 09 2f 8f d6 a9 61 ce 58 d6 3f dc s.6.a./...a.X.?.
> 00000050 39 be b2 fd 5b a8 2d a9 46 d8 86 dc 12 cf 0b 82 9...[.-.F.......
> 00000060 43 37 4f bf 39 f7 90 e9 6f 52 4e 36 50 8d 9b 67 C7O.9...oRN6P..g
> 00000070 b5 7a b3 c3 f5 f2 56 40 b4 75 de 71 1f 22 ff 2f [email protected]."./
> 00000080 00 0c 89 06 4f 20 44 fe 65 55 02 73 76 22 64 e2 ....O D.eU.sv"d.
> 00000090 11 14 ef 34 24 6f 5f 3f 61 95 d3 d1 c1 68 11 5e ...4$o_?a....h.^
> 000000a0 ff 29 f9 31 .).1
> Event Log: Sent password
> Incoming packet #0x7, type 52 / 0x34 (SSH2_MSG_USERAUTH_SUCCESS)
> Event Log: Access granted
> I am using 28faad4 of master.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
