Hi,
+-From: Mick McLaughlin <[email protected]> --
|_Date: Fri, 23 Apr 2010 12:21:26 -0400 ______________
|
|I don't see how I can return null a 2nd time after getPassword() is called
|unless I "hack" it to detect if it's already been asked for.
That hack will be needed for such a broken sshd implementation.
The correctly implemented sshds(including OpenSSH) will not
accept such dozens auth failure trials. In fact, OpenSSH will
drop the TCP connections with a few auth error trials, and in some setting,
the user account will be locked. I can not understand why your sshd
allows such DOS attacks. Which sshd you are connecting to?
As for timeout for Session#connect, that timeout value is
for TCP connection establishment and read operations for socket,
and must not include the period for the success of authentication.
So, your approach is right.
> Has anyone had similar problems such as this? Currently I have to wrap the
> connect method in my own thread that uses a Timer to keep track of my
> timeout...
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Skype callto://jcraft/
Twitter: @ymnk
------------------------------------------------------------------------------
_______________________________________________
JSch-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jsch-users
