Hi Thomas Wolf,
Thank you for reply.
Have implemented both ServerUserAuthService and Factory too.
But session.getUsername() is always null. So I am not able to set this property
to different values for different users.
Could you please show me a way to get the username.
Thank you for your suggestions.
public abstract class ECGServerUserAuthService extends ServerUserAuthService {
protected static final String PASSWORD_AUTHENTICATION =
"password";
protected static final String PUBLICKEY_AUTHENTICATION =
"publickey";
public ECGServerUserAuthService(Session s) throws IOException {
super(s);
String username = s.getUsername();
log.info("username: "+username);
}
@Override
public Map<String, Object> getProperties() {
ServerSession serverSession =
super.getServerSession();
Map<String, Object> properties =
super.getProperties();
properties.put("auth-methods", String.join(",
",getRequiredAuthentications()));
return properties;
}
public abstract String[] getRequiredAuthentications();
}
From: Thomas Wolf <[email protected]>
Date: Saturday, 31 July 2021 at 8:33 PM
To: [email protected] <[email protected]>
Subject: Re: Dual Authentication
On 30.07.21 15:20 , Sheshu Vadrevu wrote:
> We are using apache mina sftp library to implement sftp server.
> We need your help in understanding how we can support DUAL
> Authentication(both public key and password).
>
> I noticed,
>
> public interface ServerAuthenticationManager has
[...]
> String AUTH_METHODS = "auth-methods";
>
> But I couldn’t find the right place to set this.
In sshd 2.7.0, this is CoreModuleProperties.AUTH_METHODS.
>
> We need to set this flag on user to user basis.
Look at how and where it is used. You'll find ServerUserAuthService.
From looking at that code: it does not out of the box support different
settings per user.
If I had to do this, I'd install my own implementation of
ServerUserAuthService (which would require having my own
ServerUserAuthServiceFactory, too) and implement it to use the username
from the SSH_MSG_USERAUTH_REQUEST to figure out which authentication
mechanisms to allow or require.
HTH,
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
