[jira] [Created] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0

[Tobias Gierke (Jira)]

Tobias Gierke created SSHD-1329:
-----------------------------------

             Summary: SSH Public key authentication works with 2.9.2 but fails 
with 2.10.0
                 Key: SSHD-1329
                 URL: https://issues.apache.org/jira/browse/SSHD-1329
             Project: MINA SSHD
          Issue Type: Bug
    Affects Versions: 2.10.0
            Reporter: Tobias Gierke
         Attachments: sshd-bug-test.tgz

After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key 
authentication stopped working. 

On 2.9.2 the handshake looks like this:
{code:java}
2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
) Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
methods=publickey,gssapi-keyex,gssapi-with-mic,password
2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) starti
ng authentication mechanisms: client=[publickey, keyboard-interactive, 
password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
attempting method=publickey
2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE 
org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] - 
-----BEGIN RSA PRIVATE KEY----- [chunk #1](16/609) 
30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23    0..].........:%#
..... {code}
while on 2.10.0  the key is not found/loaded:
{code:java}
2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.session.ClientSessionImpl [] - 
doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
 process #5 SSH_MSG_USERAUTH_FAILURE
2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
 Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
methods=publickey,gssapi-keyex,gssapi-with-mic,password
2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
starting authentication mechanisms: client=[publickey, keyboard-interactive, 
password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
attempting method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
 no more keys to send
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
initial request sent by method=publickey
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE 
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
closing 
UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
attempting method=password
2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.auth.password.UserAuthPassword [] - 
resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
 no more passwords to send
2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
org.apache.sshd.client.session.ClientUserAuthService [] - 
tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
initial request sent by method=password {code}

I've created an almost-self-contained unit test that showcases the behaviour. 
For the test to work you'll need 

- to have some SSH server up & running 
- put the test's SSH public key (from src/test/resources/test_ssh_key.pub) into 
an authorized_keys file on the server
- Adjust the test source code to use the right server name and user name (I 
used root)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org