Uploaded image for project: 'MINA SSHD'
  1. MINA SSHD
  2. SSHD-850

Add capability to retry a failed private key decryption when client is decrypting private key file(s)

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.0.0, 2.1.0
    • 2.2.0
    • None

    Description

      In openssh, the ssh config entry NumberOfPasswordPrompts controls the number of times the ssh client keeps asking for a password if the one entered was invalid in two cases:

      1. keyboard-interactive authentication, and
      2. asking for passwords for encrypted private keys in identity files in pubkey authentication (see openssh sources; sshconnect2.c).

      sshd-core only has support for (1) through setting the property ClientAuthenticationManager.PASSWORD_PROMPTS in the session's properties.

      There doesn't seem to be any support for FilePasswordProvider to make it respect this value.

      AbstractPEMResourceKeyPairParser.extractkeyPairs() and also BouncyCastleKeyPairResourceParser.loadKeyPair() call FilePasswordProvider.getPassword() exactly once.

      So how can I write a ssh client using sshd that asks the user NumberOfPasswordPrompts times? Either I'm missing something, or there is some support for this missing in sshd.

      Attachments

        Activity

          People

            lgoldstein Lyor Goldstein
            twolf Thomas Wolf
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: