[ https://issues.apache.org/jira/browse/SSHD-1291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17581967#comment-17581967 ]
Thomas Wolf commented on SSHD-1291: ----------------------------------- That is an interesting find. * I have no idea what "asynchronous authentication" should be. * I don't see any place in the Apache MINA sshd code that would throw an {{AsyncAuthException}} except in a test. So what {{PublickeyAuthenticator}} is used? * The feature was added via SSHD-821, where apparently it was also unclear to another committer what this was about. * The [commit|https://github.com/apache/mina-sshd/commit/5c1c8a9830ad] that added the feature says it was about "asynchronous keyboard authentication", not public key authentication. So why did it even add this exception to {{{}PublickeyAuthenticator{}}}? * Your second trace seems to indicate that the server authenticated the user without having gotten a signature?? I do wonder whether this (mis-)feature is needed at all, or whether it could simply be removed completely. > Protocol violation when using async PublicKey auth > -------------------------------------------------- > > Key: SSHD-1291 > URL: https://issues.apache.org/jira/browse/SSHD-1291 > Project: MINA SSHD > Issue Type: Bug > Affects Versions: 2.9.0 > Reporter: Evgeny Pasynkov > Priority: Major > > Hi. > I've noticed that SSHD server violates RFC 4252 section 7 > (https://www.rfc-editor.org/rfc/rfc4252#section-7) when using asynchronous > public key auth (which means throwing AsyncAuthException() from > PublickeyAuthenticator implementation. > Part of the client log when using sync approach > {code} > debug1: Next authentication method: publickey > debug1: Offering public key:xxxxxxx RSA > SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0 > debug3: send packet: type 50 > debug2: we sent a publickey packet, wait for reply > debug3: receive packet: type 60 > debug1: Server accepts key: xxxxxxxx RSA > SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0 > debug3: sign_and_send_pubkey: using publickey with RSA > SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0 > debug3: sign_and_send_pubkey: signing using rsa-sha2-512 > SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0 > debug3: send packet: type 50 > debug3: receive packet: type 52 > Authenticated to localhost ([::1]:2224) using "publickey". > {code} > when using "async" approach: > {code} > debug1: Next authentication method: publickey > debug1: Offering public key: xxxxxxxxxx RSA > SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0 > debug3: send packet: type 50 > debug2: we sent a publickey packet, wait for reply > debug3: receive packet: type 52 > Authenticated to localhost ([::1]:2224) using "publickey". > {code} > Please note that mandatory packet SSH_MSG_USERAUTH_PK_OK is missing. > Though standard client tolerates this difference (at least OpenSSH_9.0p1), > not all of them do this. Jsch failed to establish session -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org