[prev in list] [next in list] [prev in thread] [next in thread]
List: mina-dev
Subject: [jira] [Created] (SSHD-1291) Protocol violation when using async PublicKey auth
From: "Evgeny Pasynkov (Jira)" <jira () apache ! org>
Date: 2022-08-19 13:58:30
Message-ID: JIRA.13477610.1660917767000.177459.1660917780037 () Atlassian ! JIRA
[Download RAW message or body]
Evgeny Pasynkov created SSHD-1291:
-------------------------------------
Summary: Protocol violation when using async PublicKey auth
Key: SSHD-1291
URL: https://issues.apache.org/jira/browse/SSHD-1291
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 2.9.0
Reporter: Evgeny Pasynkov
Hi.
I've noticed that SSHD server violates RFC 4252 section 7 \
(https://www.rfc-editor.org/rfc/rfc4252#section-7) when using asynchronous public key \
auth (which means throwing AsyncAuthException() from PublickeyAuthenticator \
implementation.
Part of the client log when using sync approach
{code}
debug1: Next authentication method: publickey
debug1: Offering public key:xxxxxxx RSA \
SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: xxxxxxxx RSA \
SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
debug3: sign_and_send_pubkey: using publickey with RSA \
SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 \
SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to localhost ([::1]:2224) using "publickey".
{code}
when using "async" approach:
{code}
debug1: Next authentication method: publickey
debug1: Offering public key: xxxxxxxxxx RSA \
SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 52
Authenticated to localhost ([::1]:2224) using "publickey".
{code}
Please note that mandatory packet SSH_MSG_USERAUTH_PK_OK is missing.
Though standard client tolerates this difference (at least OpenSSH_9.0p1), not all of \
them do this. Jsch failed to establish session
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic