MINA SSHD
  1. MINA SSHD
  2. SSHD-74

Even if I do setPublicKeyAuthenticator(null) (or setPasswordAuthenticator(null)) Apache SSHD still reports that it supports that kind of authentication

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.4.0
    • Labels:
      None

      Description

      Even if I do setPublicKeyAuthenticator(null) (or setPasswordAuthenticator(null)) Apache SSHD still reports that it supports that kind of authentication

      While this is no security problem it is still annoying. If I try to log in using my private key and the public key authenticator is set to null I still get

      debug1: Authentications that can continue: password,publickey
      debug3: start over, passed a different list password,publickey
      debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
      debug3: authmethod_lookup publickey
      debug3: remaining preferred: keyboard-interactive,password
      debug3: authmethod_is_enabled publickey
      debug1: Next authentication method: publickey
      debug1: Trying private key: private-key

      from SSHD.

      This is confusing. I DON'T want SSHD to tell me publickey authentication if there is no authenticator. Symmetrical problem with password authentications.

        Activity

        Hide
        Guillaume Nodet added a comment -

        Well, you can disable the authentication by using:

        sshd = SshServer.setUpDefaultServer();
        sshd.setUserAuthFactories(Arrays.<NamedFactory<UserAuth>>asList(new UserAuthPassword.Factory()));
        sshd.setPasswordAuthenticator(new BogusPasswordAuthenticator());

        Anyway, i've fixed the issue so that the default authentication factory list is generated later, based on the registered authenticators.

        Committing to https://svn.apache.org/repos/asf/mina/sshd/trunk ...
        M sshd-core/src/main/java/org/apache/sshd/SshServer.java
        Committed r939051

        Show
        Guillaume Nodet added a comment - Well, you can disable the authentication by using: sshd = SshServer.setUpDefaultServer(); sshd.setUserAuthFactories(Arrays.<NamedFactory<UserAuth>>asList(new UserAuthPassword.Factory())); sshd.setPasswordAuthenticator(new BogusPasswordAuthenticator()); Anyway, i've fixed the issue so that the default authentication factory list is generated later, based on the registered authenticators. Committing to https://svn.apache.org/repos/asf/mina/sshd/trunk ... M sshd-core/src/main/java/org/apache/sshd/SshServer.java Committed r939051

          People

          • Assignee:
            Guillaume Nodet
            Reporter:
            Marcus Lagergren
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development