[
https://issues.apache.org/jira/browse/GUACAMOLE-547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16881903#comment-16881903
]
Federico Giuba edited comment on GUACAMOLE-547 at 7/10/19 9:52 AM:
-------------------------------------------------------------------
Debugging the code you can see that in
[guac_common_ssh_authenticate|https://github.com/apache/guacamole-server/blob/e149fd4f7041f7c1f1d89931aea85577fcbb5d84/src/common-ssh/ssh.c#L362]
the user's password is NULL even if specified as connection parameters. This
results in Guacamole prompting for the password. Before the changes made in
GUACAMOLE-547 the password was imported in
[guac_ssh_get_user|[https://github.com/apache/guacamole-server/blob/0ffda8aaf0d4cd94f452a242f8a509e4bc86fea0/src/protocols/ssh/ssh.c#L133]],
but that piece of code has been dropped and in the new code I can't see where
the password should be loaded. That's what I tried to fix in the PR.
was (Author: shishax):
Debugging the code you can see that in
[guac_common_ssh_authenticate|https://github.com/apache/guacamole-server/blob/e149fd4f7041f7c1f1d89931aea85577fcbb5d84/src/common-ssh/ssh.c#L362]
the user's password is NULL even if specified as connection parameters. This
results in Guacamole prompting for the password. Before the changes made in
GUACAMOLE-547 the password was imported in
[guac_ssh_get_user|[https://github.com/apache/guacamole-server/blob/0ffda8aaf0d4cd94f452a242f8a509e4bc86fea0/src/protocols/ssh/ssh.c#L133]],
but that piece of code has been dropped and in the new code I can't see where
the password should be loaded. That's what I tried to fix in the PR.
> Add support for the "none" SSH authentication method
> ----------------------------------------------------
>
> Key: GUACAMOLE-547
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-547
> Project: Guacamole
> Issue Type: New Feature
> Components: Documentation, SSH
> Environment: Linux 4.13.0-1012-azure #15-Ubuntu SMP Thu Mar 8
> 10:47:27 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
> Reporter: David Hauk
> Assignee: Michael Jumper
> Priority: Minor
> Fix For: 1.1.0
>
> Attachments: guacd-1.0.0.log, guacd-master.log, guacd_debug_fail.txt,
> openssh_verbose_successful connection.txt, sshd_config
>
>
> When connecting to embedded devices that implicitly allow SSH access guacd
> fails when the authentication method is (none). The devices permit any SSH
> user with no password access to the console, and then provide authentication
> internally via their interactive shell.
> Test cases:
> # no username and no password configured: Guacamole requests both, then
> fails to connect.
> # username but no password: Guacamole requests password, and then fails to
> connect.
> # username and password: Guacamole asks for no input, and then fails to
> connect.
> I've attached guacd debug logs from the failed connection attempts, plus
> OpenSSH (-vv) logs from a successful connection. (Files have been suitably
> redacted). The bit they share in common is they both state "Authentication
> (none)" but OpenSSH proceeds with the connection, while guacd terminates the
> connection:
> Guacd:
> {code:java}
> guacd[100079]: DEBUG: Successfully connected to host 192.168.233.20, port 22
> guacd[100079]: DEBUG: Supported authentication methods: (null)
> guacd[100066]: INFO: Connection "$abc52848-a11c-4397-a657-7c2d4bfdb5e9"
> removed.{code}
> OpenSSH:
> {code:java}
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentication succeeded (none).
> Authenticated to 192.168.233.20 ([192.168.233.20]:22).
> debug1: channel 0: new [client-session]
> debug2: channel 0: send open
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
