mina-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wright, Omari" <Omari.Wri...@solers.com>
Subject RE: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?
Date Fri, 14 Dec 2012 18:16:08 GMT
Actually nevermind, I found out what the person was doing wrong.

Thanks

-----Original Message-----
From: Wright, Omari [mailto:Omari.Wright@solers.com] 
Sent: Thursday, December 13, 2012 2:32 PM
To: 'users@mina.apache.org'
Subject: RE: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?

But if you attempt to try to log in from the linux sftp client, it will say enter the password
for root@localhost by default without even prompting for a user name. This is the same behavior
I am seeing with my implementation...

-----Original Message-----
From: Guillaume Nodet [mailto:gnodet@gmail.com]
Sent: Thursday, December 13, 2012 2:19 PM
To: users
Subject: Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?

I'm not sure to understand.  The default implementation is not secured and any login = password
will work by default.


On Thu, Dec 13, 2012 at 6:36 PM, Wright, Omari <Omari.Wright@solers.com>wrote:

> Whatever changed also effected running the standalone version from the 
> command line with stock configuration. It also shows the same behavior.
>
> -----Original Message-----
> From: Guillaume Nodet [mailto:gnodet@gmail.com]
> Sent: Thursday, December 13, 2012 12:32 PM
> To: users
> Subject: Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?
>
> Maybe this change ?
>
>
> https://github.com/apache/mina-sshd/commit/3932a1275f3a48d5a304dcfb151
> a3ca3ce6050ed
>
>
> On Thu, Dec 13, 2012 at 5:53 PM, Wright, Omari 
> <Omari.Wright@solers.com
> >wrote:
>
> > Configuration is as follows...
> >
> > ----------------
> >
> > server = new SshServer();
> >         // DHG14 uses 2048 bits key which are not supported by the 
> > default JCE provider
> >         if (SecurityUtils.isBouncyCastleRegistered()) {
> >
> > server.setKeyExchangeFactories(Arrays.<NamedFactory<KeyExchange>>asList(
> >                     new DHG14.Factory(),
> >                     new DHG1.Factory()));
> >             server.setRandomFactory(new SingletonRandomFactory(new 
> > BouncyCastleRandom.Factory()));
> >         } else {
> >
> > server.setKeyExchangeFactories(Arrays.<NamedFactory<KeyExchange>>asList(
> >                     new DHG1.Factory()));
> >             server.setRandomFactory(new SingletonRandomFactory(new 
> > JceRandom.Factory()));
> >         }
> >
> >         List<NamedFactory<Cipher>> avail = new 
> > LinkedList<NamedFactory<Cipher>>();
> >         avail.add(new AES128CTR.Factory());
> >         avail.add(new AES256CTR.Factory());
> >         avail.add(new ARCFOUR128.Factory());
> >         avail.add(new ARCFOUR256.Factory());
> >         avail.add(new AES128CBC.Factory());
> >         avail.add(new TripleDESCBC.Factory());
> >         avail.add(new BlowfishCBC.Factory());
> >         avail.add(new AES192CBC.Factory());
> >         avail.add(new AES256CBC.Factory());
> >
> >         for (Iterator<NamedFactory<Cipher>> i = avail.iterator();
> > i.hasNext();) {
> >             final NamedFactory<Cipher> f = i.next();
> >             try {
> >                 final Cipher c = f.create();
> >                 final byte[] key = new byte[c.getBlockSize()];
> >                 final byte[] iv = new byte[c.getIVSize()];
> >                 c.init(Cipher.Mode.Encrypt, key, iv);
> >             } catch (InvalidKeyException e) {
> >                 i.remove();
> >             } catch (Exception e) {
> >                 i.remove();
> >             }
> >         }
> >         server.setCipherFactories(avail);
> >
> >         // Compression is not enabled by default
> >         //
> > sshd.setCompressionFactories(Arrays.<NamedFactory<Compression>>asList(
> >         //         new CompressionNone.Factory(),
> >         //         new CompressionZlib.Factory(),
> >         //         new CompressionDelayedZlib.Factory()));
> >
> > server.setCompressionFactories(Arrays.<NamedFactory<Compression>>asList(
> >                 new CompressionNone.Factory()));
> >         server.setMacFactories(Arrays.<NamedFactory<Mac>>asList(
> >                 new HMACMD5.Factory(),
> >                 new HMACSHA1.Factory(),
> >                 new HMACMD596.Factory(),
> >                 new HMACSHA196.Factory()));
> >         server.setChannelFactories(Arrays.<NamedFactory<Channel>>asList(
> >                 new PdaChannelSession.Factory(),
> >                 new ChannelDirectTcpip.Factory()));
> >
> > server.setSignatureFactories(Arrays.<NamedFactory<Signature>>asList(
> >                 new SignatureDSA.Factory(),
> >                 new SignatureRSA.Factory()));
> >         server.setFileSystemFactory(new PdaFileSystemFactory());
> >
> >         ForwardingAcceptorFactory faf = new 
> > DefaultForwardingAcceptorFactory();
> >         server.setTcpipForwardNioSocketAcceptorFactory(faf);
> >         server.setX11ForwardNioSocketAcceptorFactory(faf);
> >
> >         server.setPort(2222);
> >
> >         if (SecurityUtils.isBouncyCastleRegistered()) {
> >             server.setKeyPairProvider(new 
> > PEMGeneratorHostKeyProvider("key.pem"));
> >         } else {
> >             server.setKeyPairProvider(new 
> > SimpleGeneratorHostKeyProvider("key.ser"));
> >         }
> >         if (OsUtils.isUNIX()) {
> >             server.setShellFactory(new ProcessShellFactory(new 
> > String[] { "/bin/sh", "-i", "-l" },
> >
> >  EnumSet.of(ProcessShellFactory.TtyOptions.ONlCr)));
> >         } else {
> >             server.setShellFactory(new ProcessShellFactory(new 
> > String[] { "cmd.exe "},
> >
> >  EnumSet.of(ProcessShellFactory.TtyOptions.Echo,
> > ProcessShellFactory.TtyOptions.ICrNl,
> > ProcessShellFactory.TtyOptions.ONlCr)));
> >         }
> >
> >
> > server.setSubsystemFactories(Arrays.<NamedFactory<Command>>asList(new
> >                         PdaSftpSubsystem.Factory()));
> >
> >         server.setCommandFactory(new PdaScpCommandFactory());
> >
> >         server.setPasswordAuthenticator(new PasswordAuthenticator() {
> >             public boolean authenticate(String username, String 
> > password, ServerSession session) {
> >                 PdaUserManager userManager = new PdaUserManager();
> >                 Authentication auth = new 
> > UsernamePasswordAuthentication(username,password);
> >
> >                 try {
> >                                         User user = 
> > userManager.authenticate(auth);
> >                                         if (user.getTokenId() != null) {
> >                                                 TokenId tokenId = 
> > new TokenId(user.getTokenId());
> >
> > session.setAttribute(TOKEN_ID, tokenId);
> >                                                 return true;
> >                                         }
> >                                 } catch 
> > (AuthenticationFailedException
> e) {
> >                                         logException(e,  "authenticate");
> >                                 }
> >
> >                 return false;
> >             }
> >         });
> >
> > -------------------------
> >
> > UserManager is a modified version of Apache FtpServer's properties 
> > user manager.
> >
> > -----Original Message-----
> > From: Guillaume Nodet [mailto:gnodet@gmail.com]
> > Sent: Thursday, December 13, 2012 11:33 AM
> > To: users
> > Subject: Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?
> >
> > COuld you give a bit more details on your set up and authentication 
> > process ?
> >
> >
> > On Thu, Dec 13, 2012 at 4:55 PM, Wright, Omari 
> > <Omari.Wright@solers.com
> > >wrote:
> >
> > > When I ported my project over to Apache SSHD 0.8.0, my 
> > > implementation for authentication stopped working. Now a user is 
> > > automatically logged in as root when they attempt to connect to 
> > > the
> server.
> > >
> >
> >
> >
> > --
> > ------------------------
> > Guillaume Nodet
> > ------------------------
> > Blog: http://gnodet.blogspot.com/
> > ------------------------
> > FuseSource, Integration everywhere
> > http://fusesource.com
> >
>
>
>
> --
> ------------------------
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> FuseSource, Integration everywhere
> http://fusesource.com
>



--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
FuseSource, Integration everywhere
http://fusesource.com

Mime
View raw message