[jira] [Comment Edited] (SSHD-1329) SSH Public key authentication works with 2.9.2 but fails with 2.10.0

Mon, 26 Jun 2023 08:35:26 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17737199#comment-17737199
 ] 

Tobias Gierke edited comment on SSHD-1329 at 6/26/23 3:34 PM:
--------------------------------------------------------------

Very interesting, test passes with both versions on my Ubuntu 20.04.4 LTS 
machine at work but fails on my Ubuntu 22.04.2 LTS (both are on OpenJDK 17.0.7) 
machine at home... is Apache SSHD (maybe indirectly through the JDK itself) 
relying on any OS native libraries ?


was (Author: tgierke2342):
Very interesting, test passes with both versions on my Ubuntu 20.04.4 LTS 
machine at work but fails on my Ubuntu 22.04.2 LTS (both are on OpenJDK 17.0.7) 
machine at home...

> SSH Public key authentication works with 2.9.2 but fails with 2.10.0
> --------------------------------------------------------------------
>
>                 Key: SSHD-1329
>                 URL: https://issues.apache.org/jira/browse/SSHD-1329
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.10.0
>            Reporter: Tobias Gierke
>            Priority: Major
>         Attachments: failure_2.10.0.log, image-2023-06-26-17-10-43-547.png, 
> sshd-bug-test.tgz, success_2.9.2.log
>
>
> After upgrading to Apache SSHD 2.10.0 we noticed that SSH public key 
> authentication stopped working.
> On 2.9.2 the handshake looks like this:
> {code:java}
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]
> ) Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> starti
> ng authentication mechanisms: client=[publickey, keyboard-interactive, 
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:12:18,405 [sshd-SshClient[1255b1d1]-nio2-thread-4|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=publickey
> 2023-06-19T13:12:18,416 [sshd-SshClient[1255b1d1]-nio2-thread-4|] TRACE 
> org.apache.sshd.common.config.keys.loader.pem.RSAPEMResourceKeyPairParser [] 
> - -----BEGIN RSA PRIVATE KEY----- [chunk #1](16/609) 
> 30:82:02:5d:02:01:00:02:81:81:00:c1:a3:3a:25:23    0..].........:%#
> ..... {code}
> while on 2.10.0  the key is not found/loaded:
> {code:java}
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientSessionImpl [] - 
> doHandleMessage(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
>  process #5 SSH_MSG_USERAUTH_FAILURE
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> processUserAuth(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])
>  Received SSH_MSG_USERAUTH_FAILURE - partial=false, 
> methods=publickey,gssapi-keyex,gssapi-with-mic,password
> 2023-06-19T13:13:41,529 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> starting authentication mechanisms: client=[publickey, keyboard-interactive, 
> password], server=[publickey, gssapi-keyex, gssapi-with-mic, password]
> 2023-06-19T13:13:41,530 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> resolveAttemptedPublicKeyIdentity(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
>  no more keys to send
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
> initial request sent by method=publickey
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] TRACE 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> releaseKeys(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> closing 
> UserAuthPublicKeyIterator[ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]]
> 2023-06-19T13:13:41,532 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.pubkey.UserAuthPublicKey [] - 
> destroy(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
> 2023-06-19T13:13:41,533 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) 
> attempting method=password
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.auth.password.UserAuthPassword [] - 
> resolveAttemptedPassword(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22])[ssh-connection]
>  no more passwords to send
> 2023-06-19T13:13:41,534 [sshd-SshClient[495083a0]-nio2-thread-6|] DEBUG 
> org.apache.sshd.client.session.ClientUserAuthService [] - 
> tryNext(ClientSessionImpl[r...@vmtobilocal.fritz.box/192.168.188.250:22]) no 
> initial request sent by method=password {code}
> I've attached a Maven project that contains an almost-self-contained unit 
> test that showcases the behaviour. For the test to work you'll need
>  - to have some SSH server up & running
>  - put the test's SSH public key (from src/test/resources/test_ssh_key.pub) 
> into an authorized_keys file on the server
>  - Adjust the test source code to use the right server name and user name (I 
> used root)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to