subject:"\[JSch\-users\] session.connect\(int timeout\) not working\?"

Re: [JSch-users] session.connect(int timeout) not working?

2010-04-24 Thread Atsuhiko Yamanaka

Hi,

   +-From: Mick McLaughlin mclaughlin.m...@gmail.com --
   |_Date: Fri, 23 Apr 2010 12:21:26 -0400 __
   |
   |I don't see how I can return null a 2nd time after getPassword() is called
   |unless I hack it to detect if it's already been asked for.

That hack will be needed for such a broken sshd implementation.
The correctly implemented sshds(including OpenSSH) will not 
accept such dozens auth failure trials.  In fact, OpenSSH will 
drop the TCP connections with a few auth error trials, and in some setting,
the user account will be locked.  I can not understand why your sshd
allows such DOS attacks.  Which sshd you are connecting to?

As for timeout for Session#connect, that timeout value is
for TCP connection establishment and read operations for socket,
and must not include the period for the success of authentication.

So, your approach is right.
   Has anyone had similar problems such as this?  Currently I have to wrap the
   connect method in my own thread that uses a Timer to keep track of my
   timeout...


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Skype callto://jcraft/
Twitter: @ymnk

--
___
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Re: [JSch-users] session.connect(int timeout) not working?

2010-04-23 Thread Mick McLaughlin

well actually no its not being invoked infinitely, however it is invoked
approx 35-40 times.  FYI, in the testcase, the pass is correct but the user
is not...

On Fri, Apr 23, 2010 at 11:15 AM, Mick McLaughlin mclaughlin.m...@gmail.com
 wrote:

 yes it is!  Should I be doing something to keep this from happening?
 thanks,
 Mick


 On Thu, Apr 22, 2010 at 9:48 PM, Atsuhiko Yamanaka y...@jcraft.comwrote:

 Hi,

   +-From: Mick McLaughlin mclaughlin.m...@gmail.com --
   |_Date: Thu, 22 Apr 2010 16:58:04 -0400 __
|
   |I am attempting to implement a timeout using session.connect(3).
  If a
   |user adds the wrong credentials, I want the connection to return an
 auth
   |fail JschException however, it seems to be ignoring this and finally
 returns
   |the exception after many minutes.

 How about the implementation of UserInfo?
 Is UserInfo#getPassword invoked infinitely?


 Sincerely,
 --
 Atsuhiko Yamanaka
 JCraft,Inc.
 1-14-20 HONCHO AOBA-KU,
 SENDAI, MIYAGI 980-0014 Japan.
 Tel +81-22-723-2150
+1-415-578-3454
 Skype callto://jcraft/



--
___
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Re: [JSch-users] session.connect(int timeout) not working?

2010-04-23 Thread Atsuhiko Yamanaka

Hi,

   +-From: Mick McLaughlin mclaughlin.m...@gmail.com --
   |_Date: Fri, 23 Apr 2010 11:20:33 -0400 __
   |
   |well actually no its not being invoked infinitely, however it is invoked
   |approx 35-40 times.  FYI, in the testcase, the pass is correct but the user
   |is not...

What do you mean 'the pass is correct but the user is not...'?
Anyway, how about returning null in the second time?


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Skype callto://jcraft/

--
___
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Re: [JSch-users] session.connect(int timeout) not working?

2010-04-23 Thread Mick McLaughlin

well my UserInfo implementation is just a stub class with setters and
getters for the hostname, user  pass.  The user does not receive a separate
prompt for the password. I.E. MyUserInfo info = new MyUserInfo(some
hostname, some user, some pass)

the method getPassword() returns this.pass which was set in the constructor.

My testcase is written with the correct hostname, incorrect username,
correct password.

I don't see how I can return null a 2nd time after getPassword() is called
unless I hack it to detect if it's already been asked for.

How exactly is the repetitive call to getPassword() related to the timeout
when JSch is creating the connection socket, and is this somehow overriding
the timeout imposed on it?

On Fri, Apr 23, 2010 at 11:34 AM, Atsuhiko Yamanaka y...@jcraft.com wrote:

 Hi,

   +-From: Mick McLaughlin mclaughlin.m...@gmail.com --
|_Date: Fri, 23 Apr 2010 11:20:33 -0400 __
|
   |well actually no its not being invoked infinitely, however it is invoked
   |approx 35-40 times.  FYI, in the testcase, the pass is correct but the
 user
   |is not...

 What do you mean 'the pass is correct but the user is not...'?
 Anyway, how about returning null in the second time?


 Sincerely,
 --
 Atsuhiko Yamanaka
 JCraft,Inc.
 1-14-20 HONCHO AOBA-KU,
 SENDAI, MIYAGI 980-0014 Japan.
 Tel +81-22-723-2150
+1-415-578-3454
 Skype callto://jcraft/

--
___
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

[JSch-users] session.connect(int timeout) not working?

2010-04-22 Thread Mick McLaughlin

Hello,

I am attempting to implement a timeout using session.connect(3).  If a
user adds the wrong credentials, I want the connection to return an auth
fail JschException however, it seems to be ignoring this and finally returns
the exception after many minutes.

Part of my testcase looks like this:

code
 try {
System.out.println(attempting to connect);
session.connect(3);
success = true;
System.out.println(successfully connected);

} catch(JSchException e) {
System.out.println(exception here... can be a bad login or
connection failure);
e.printStackTrace();
long endTime = System.currentTimeMillis();
System.out.println(exception occurred after:  + (endTime -
startTime) +  ms);

}

assert(success);

/code

When the exception is finally caught, almost 5 minutes have passed.  If I
lower the timeout to session.connect(30), it immediately comes back in 57
milliseconds, session.connect(300) comes back in 1294 ms,
session.connect(3000) which should only be 3 sec. takes just as long as
session.connect(3).

Has anyone had similar problems such as this?  Currently I have to wrap the
connect method in my own thread that uses a Timer to keep track of my
timeout...
--
___
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Re: [JSch-users] session.connect(int timeout) not working?

2010-04-22 Thread Atsuhiko Yamanaka

Hi,

   +-From: Mick McLaughlin mclaughlin.m...@gmail.com --
   |_Date: Thu, 22 Apr 2010 16:58:04 -0400 __
   |
   |I am attempting to implement a timeout using session.connect(3).  If a
   |user adds the wrong credentials, I want the connection to return an auth
   |fail JschException however, it seems to be ignoring this and finally returns
   |the exception after many minutes.

How about the implementation of UserInfo?
Is UserInfo#getPassword invoked infinitely?


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Skype callto://jcraft/

--
___
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Re: [JSch-users] session.connect(int timeout) not working?

Re: [JSch-users] session.connect(int timeout) not working?

Re: [JSch-users] session.connect(int timeout) not working?

Re: [JSch-users] session.connect(int timeout) not working?

[JSch-users] session.connect(int timeout) not working?

Re: [JSch-users] session.connect(int timeout) not working?

6 matches

Site Navigation

Mail list logo

Footer information