Uploaded image for project: 'MINA SSHD'
  1. MINA SSHD
  2. SSHD-611

Client incorrectly handles rejected keyboard-interactive authentication by server

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.1.0
    • None

    Description

      I am trying to communicate with a server that advertises keyboard-interactive authentication but it fails with "Too many authentication failures". When the client sends the request it gets a failure and requests it again and again until it hits the maximum retries value. It also never reaches the UserInteraction object that was assigned to the client. It seems when the request fails it should move on to the next authentication method.

      Here's the output of sshd-core:

      DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] (ClientUserAuthService.java:234) tryNext(ClientSessionImpl[root@/10.48.43.215:22]) attempting method=keyboard-interactive
      DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] (UserAuthKeyboardInteractive.java:110) process(root@ClientSessionImpl[root@/10.48.43.215:22])[ssh-connection] Send SSH_MSG_USERAUTH_REQUEST for keyboard-interactive
      TRACE [sshd-SshClient[48c40605]-nio2-thread-1] (AbstractSession.java:862) encode(ClientSessionImpl[root@/10.48.43.215:22]) Sending packet #5: 32 00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 14 6b 65 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 00 00 00 00 00 00 00 00
      DEBUG [sshd-SshClient[48c40605]-nio2-thread-1] (Nio2Session.java:114) Writing 100 bytes
      DEBUG [sshd-SshClient[48c40605]-nio2-thread-4] (Nio2Session.java:274) Finished writing
      DEBUG [sshd-SshClient[48c40605]-nio2-thread-5] (Nio2Session.java:223) Read 84 bytes
      TRACE [sshd-SshClient[48c40605]-nio2-thread-5] (AbstractSession.java:1003) decode(ClientSessionImpl[root@/10.48.43.215:22]) Received packet #6: 33 00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 76 65 00
      TRACE [sshd-SshClient[48c40605]-nio2-thread-5] (AbstractSession.java:415) doHandleMessage(ClientSessionImpl[root@/10.48.43.215:22]) process SSH_MSG_USERAUTH_FAILURE
      DEBUG [sshd-SshClient[48c40605]-nio2-thread-5] (ClientUserAuthService.java:181) processUserAuth(ClientSessionImpl[root@/10.48.43.215:22]) Received SSH_MSG_USERAUTH_FAILURE - partial=false, methods=publickey,password,keyboard-interactive

      Here's the putty output:

      Outgoing packet #0x4, type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
      00000000 00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68 ....ssh-userauth
      Incoming packet #0x4, type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
      00000000 00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68 ....ssh-userauth
      Outgoing packet #0x5, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
      00000000 00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d ....root....ssh-
      00000010 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 04 6e 6f connection....no
      00000020 6e 65 ne
      Incoming packet #0x5, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
      00000000 00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 ...'publickey,pa
      00000010 73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d ssword,keyboard-
      00000020 69 6e 74 65 72 61 63 74 69 76 65 00 interactive.
      Outgoing packet #0x6, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
      00000000 00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d ....root....ssh-
      00000010 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 14 6b 65 connection....ke
      00000020 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 69 yboard-interacti
      00000030 76 65 00 00 00 00 00 00 00 00 ve........
      Event Log: Attempting keyboard-interactive authentication
      Incoming packet #0x6, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
      00000000 00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 ...'publickey,pa
      00000010 73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d ssword,keyboard-
      00000020 69 6e 74 65 72 61 63 74 69 76 65 00 interactive.
      Event Log: Server refused keyboard-interactive authentication
      Outgoing packet #0x7, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
      00000000 00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d ....root....ssh-
      00000010 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 08 70 61 connection....pa
      00000020 73 73 77 6f 72 64 00 XX XX XX XX XX XX XX XX XX ssword.XXXXXXXXX
      00000030 XX XX XX XXX
      Outgoing packet #0x8, type 2 / 0x02 (SSH2_MSG_IGNORE)
      00000000 00 00 00 a0 dd aa 67 0a 8d 42 d0 2a 5c 82 1e 5e ......g..B.*\..^
      00000010 ef 3b 9f 2a c2 5d 71 8a 28 ff 5d ca 1f 28 94 20 .;.*.]q.(.]..(.
      00000020 ec f4 2d dd 34 dc cf 99 94 da c1 40 7d a4 d9 09 ..-.4......@}...
      00000030 0e 7c 15 f6 01 56 6b e8 a4 3c 45 a6 c9 bd 00 e3 .|...Vk..<E.....
      00000040 73 e1 36 85 61 09 2f 8f d6 a9 61 ce 58 d6 3f dc s.6.a./...a.X.?.
      00000050 39 be b2 fd 5b a8 2d a9 46 d8 86 dc 12 cf 0b 82 9...[.-.F.......
      00000060 43 37 4f bf 39 f7 90 e9 6f 52 4e 36 50 8d 9b 67 C7O.9...oRN6P..g
      00000070 b5 7a b3 c3 f5 f2 56 40 b4 75 de 71 1f 22 ff 2f .z....V@.u.q."./
      00000080 00 0c 89 06 4f 20 44 fe 65 55 02 73 76 22 64 e2 ....O D.eU.sv"d.
      00000090 11 14 ef 34 24 6f 5f 3f 61 95 d3 d1 c1 68 11 5e ...4$o_?a....h.^
      000000a0 ff 29 f9 31 .).1
      Event Log: Sent password
      Incoming packet #0x7, type 52 / 0x34 (SSH2_MSG_USERAUTH_SUCCESS)
      Event Log: Access granted

      I am using 28faad4 of master.

      Attachments

        1. putty_core_keyboard-interactive_rejection.log
          66 kB
          Oliver Stöneberg
        2. sshd-core_keyboard-interactive_rejection.txt
          15 kB
          Oliver Stöneberg

        Activity

          People

            lgoldstein Lyor Goldstein
            Firewave Oliver Stöneberg
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: