[prev in list] [next in list] [prev in thread] [next in thread]
List: mina-dev
Subject: [jira] [Commented] (SSHD-1291) Protocol violation when using async PublicKey auth
From: "Evgeny Pasynkov (Jira)" <jira () apache ! org>
Date: 2022-08-22 10:54:00
Message-ID: JIRA.13477610.1660917767000.185009.1661165640050 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/SSHD-1291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582903#comment-17582903 \
]
Evgeny Pasynkov commented on SSHD-1291:
---------------------------------------
The very basic test which demonstrates this behaviour (The difference from server ran \
in SSHD tests is using the AsyncAuthException, actually). Just run the program and \
connect to it from console: "ssh -vvv ssh://localhost:2220 abc"
{code:java}
package demo;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.digest.BuiltinDigests;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.server.ServerBuilder;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.AsyncAuthException;
import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;
import org.apache.sshd.server.shell.UnknownCommand;
import java.io.ByteArrayInputStream;
import java.security.KeyPair;
import java.security.PublicKey;
public class AsyncPublicKeyAuthServer {
public static void main(String[] args) throws Exception {
SshServer sshd = ServerBuilder.builder().build();
final KeyPair serverKey = SecurityUtils.loadKeyPairIdentities(
null,
NamedResource.ofName(""),
new ByteArrayInputStream(PrivateKey.getBytes()),
null).iterator().next();
sshd.setPort(2220);
sshd.setKeyPairProvider(KeyPairProvider.wrap(serverKey));
sshd.setCommandFactory((channel, command) -> new UnknownCommand(command));
sshd.setPublickeyAuthenticator(new PublickeyAuthenticator() {
@Override
public boolean authenticate(String username, PublicKey key, ServerSession \
session) throws AsyncAuthException {
String fingerprint = KeyUtils.getFingerPrint(BuiltinDigests.md5, \
key); AsyncAuthException ex = new AsyncAuthException();
new Thread(new Runnable() {
@Override
public void run() {
ex.setAuthed(true);
}
}).start();
throw ex;
}
});
sshd.start();
System.out.println("Server started on port " + sshd.getPort());
System.out.println("Press any key to exit");
System.in.read();
System.out.println("Finished");
sshd.stop();
}
private static String PrivateKey = "-----BEGIN OPENSSH PRIVATE KEY-----\n" +
"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n" \
+
"NhAAAAAwEAAQAAAYEA0+edBTXN8p9dK6+qlgdwaDi5bqk/w4GByf/Xv9VpgJmJzXb3IxYR\n" \
+
"mHKPs/390FGU50w1K/5TfoVeyM/8RXVsbNCNt06csF2fJlzC7FHyO39InSAFwnzywLSeGl\n" \
+
"nFsT3sNlpucg5GKjIh0afoc4xzDiNAFvZDR8/szMKET9YWCUyAFnZ5pScloPBFVFZjNfg2\n" \
+
"2CB2ohDrihcxdeuBPq5fAi3+aOlwyYBxhWkggKeEyUlbEXaRuvxgpoHlqUT4ebgzU8o8uP\n" \
+
"LfdJBP7WHX7D3DfCZtJrsQVTeJxR+gbpSb0EB6MJ+FTpjsdKa4dQ89GhzLpQJecjXYYwGd\n" \
+
"UZG3XC8RqNi4v7xmiT2uHCwdkx6IDx+5wTTsuz/luP1nqPxYOvRFYhgiXv0gjJoTXp94X3\n" \
+
"1cfuB87wG3YVcNfF9X44UdEkM251cf141b8GGFftrwwBO1OiqPZypUohXhthkrQ6cgToo5\n" \
+
"hx7F6/Hlax9To4R8tkNw65zh3XIfs0/DbGB9XEM1AAAFoBd6K2AXeitgAAAAB3NzaC1yc2\n" \
+
"EAAAGBANPnnQU1zfKfXSuvqpYHcGg4uW6pP8OBgcn/17/VaYCZic129yMWEZhyj7P9/dBR\n" \
+
"lOdMNSv+U36FXsjP/EV1bGzQjbdOnLBdnyZcwuxR8jt/SJ0gBcJ88sC0nhpZxbE97DZabn\n" \
+
"IORioyIdGn6HOMcw4jQBb2Q0fP7MzChE/WFglMgBZ2eaUnJaDwRVRWYzX4NtggdqIQ64oX\n" \
+
"MXXrgT6uXwIt/mjpcMmAcYVpIICnhMlJWxF2kbr8YKaB5alE+Hm4M1PKPLjy33SQT+1h1+\n" \
+
"w9w3wmbSa7EFU3icUfoG6Um9BAejCfhU6Y7HSmuHUPPRocy6UCXnI12GMBnVGRt1wvEajY\n" \
+
"uL+8Zok9rhwsHZMeiA8fucE07Ls/5bj9Z6j8WDr0RWIYIl79IIyaE16feF99XH7gfO8Bt2\n" \
+
"FXDXxfV+OFHRJDNudXH9eNW/BhhX7a8MATtToqj2cqVKIV4bYZK0OnIE6KOYcexevx5Wsf\n" \
+
"U6OEfLZDcOuc4d1yH7NPw2xgfVxDNQAAAAMBAAEAAAGAHCpyBYpESJaEJNVhoDV27HN1uk\n" \
+
"7Gye7B2J6oB7iPIGfIGEZSzRgW2KOJlEwTW4gseZ34h1Nzt6J0mc6DYpwcAE6sN4w8aXjY\n" \
+
"OZok0pKF1wCxHylteo9vGMwpI6mBDHEFn6fffEuHaf5l3l8qF4m4lU18LFEpWjc563GDcr\n" \
+
"UrEqtXbyTqQFh2uPCW1oHxB/BpIcsW2a3UEPPKQDlAYZt9x2VjpoA43J+09x2lE1Sw4qxc\n" \
+
"bXLMJgV7t0YWx6wCNvOTqMjApfSomAXFSiRyvsM0oVXFtLMCo4s8VBvpcBAyHw6h5PtPZq\n" \
+
"r6ZkAmvzhV0x6lKNbjJauW6Bh7eKOFBPVg9fbSwgYf6CeYC+kK4ggPo05zQhChaRhFL3Qm\n" \
+
"YJKrLbfErrvcppMznoyp+XdtPMHDdJRHhkDIkFCOuUUHscz92C9PIgpi6wGkxa6PXBkzx0\n" \
+
"s/YpxY4zOcHaa7UDfDTVg7wV0d8+oR/66i6fFOdhwbCS9ZiML6+JYRbdLHj9G9L8QVAAAA\n" \
+
"wQDo7aq42LcvdkNWKOa0R1bzaAxxFuHMou6DLYhVbYDn9m4hoIs0nX5wx3aXTGvY6xI4ol\n" \
+
"KMOco56HufQiKYyfhTob1F2i3xRTyGX6dR3HnP9QBYXMOc0UXyXciSpR7/9TxmV46T1EIA\n" \
+
"adA3v+4xCnvACS6mG42w7IumMDA6gXg/uLzn7NzkhV6oiaFeIZ+P/OHlvCPXvkXY6pg6hr\n" \
+
"8qIZGtufZQhcGvYE5tgyI/9iB/m90l2URJhGJ9gLAzeEUkpaIAAADBAP79AqJc8klHz0YD\n" \
+
"3/yz/C+sNyWE6ot5E6CWwygpQ+IsAe63XYWjQ3OxN29yw3Bk8nkHAHYgDqDDnuWa0p6u/n\n" \
+
"JF3TjaLVUrWjH1xz9KXhyc4RXBqmnsqaNNNQott5deid4MD4MpkRsad1+iCjFT307k5+/J\n" \
+
"5QRD3p81p5SZH9LGmyRJyv0A3a//nkjFaRybk2eCzXVMp6AXCZGOKFWZeYOI+zXlUDbGHF\n" \
+
"NhxFCsXxco+CEv8CBiBDBDCaXcsjoVIwAAAMEA1L7X6TsSUzYCHG19HdNxaSX7vlyi2QAH\n" \
+
"uKxR28fSjyndoOIendYJXFcDjZZzCYn+oJ88WSpBM40mF5dkY2J0Raf3ZC4EeQ9plqjAVA\n" \
+
"k/n/yVtVt4V1Rm6U1mWgIX6gAbEj2FyGe6xM41C6yBEk1WF1V6LeggYtxfgaBFVyjkUllz\n" \
+
"bl6eyF7UnReb1ztqLVQGBp8Szgb08Tgm9pPmmLlN/nAWDfvV33iluMfsB+rNYiQekN5U4J\n" \
+
"8UjNRvpBespKfHAAAAJnBhc3lua292QEV2Z2VueXMtTUJQLmxhYnMuaW50ZWxsaWoubmV0\n" \
+ "AQIDBA==\n" +
"-----END OPENSSH PRIVATE KEY-----\n";
}
{code}
> Protocol violation when using async PublicKey auth
> --------------------------------------------------
>
> Key: SSHD-1291
> URL: https://issues.apache.org/jira/browse/SSHD-1291
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.9.0
> Reporter: Evgeny Pasynkov
> Priority: Major
>
> Hi.
> I've noticed that SSHD server violates RFC 4252 section 7 \
> (https://www.rfc-editor.org/rfc/rfc4252#section-7) when using asynchronous public \
> key auth (which means throwing AsyncAuthException() from PublickeyAuthenticator \
> implementation. Part of the client log when using sync approach
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key:xxxxxxx RSA \
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 60
> debug1: Server accepts key: xxxxxxxx RSA \
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: using publickey with RSA \
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: sign_and_send_pubkey: signing using rsa-sha2-512 \
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> when using "async" approach:
> {code}
> debug1: Next authentication method: publickey
> debug1: Offering public key: xxxxxxxxxx RSA \
> SHA256:yCES5R3fRyROO6W3GRfte9EelwXcM29IM3zOzsvwuv0
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 52
> Authenticated to localhost ([::1]:2224) using "publickey".
> {code}
> Please note that mandatory packet SSH_MSG_USERAUTH_PK_OK is missing.
> Though standard client tolerates this difference (at least OpenSSH_9.0p1), not all \
> of them do this. Jsch failed to establish session
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic