[SSHD-300] Double public key authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 0.10.1
Fix Version/s: 0.11.0
Labels:
None

Description

PublickeyAuthenticator.authenticate() method is called twice, even though the first call of this method already authenticated the user and returned true.

This is a preformance issue, as server may need to hit database/caches to retrieve the list of public key(s) for the user to preform the check against.

Or the authenticate() implementation needs to be adjusted to preform the check that the user was alreay authenticated.

Reproducer patch is attaced. The problem only occurs when the test is called from open SSH client. Own SSHD's client works as expected.

To reproduce, start the attached unit test as Java application, and issue the command:

ssh localhost -p 29418 -l joe

[1] https://gerrit-review.googlesource.com/55193

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-SSHD-300-Prevent-double-public-key-authentication.patch
15/Mar/14 11:55
5 kB
David Ostrovsky

Activity

People

Assignee:: Guillaume Nodet

Reporter:: David Ostrovsky

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Mar/14 09:04

Updated:: 14/Apr/14 11:38

Resolved:: 17/Mar/14 12:08