Maven Wagon
  1. Maven Wagon
  2. WAGON-200

authentication with passwords can fail in some environments

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0-alpha-5
    • Component/s: wagon-ssh
    • Labels:
      None

      Description

      if the repository use username / password authentication and the server (openssh here) has "PasswordAuthentication no" option set, it fail to auth. I can log in using others ssh clients thow.

      Changing PasswordAuthentication to yes, makes wagon succeed , but it is not a practical solution.

      1. WAGONSSH-13-b.diff
        11 kB
        Juan F. Codagnone
      2. WAGON-13.diff
        2 kB
        Juan F. Codagnone

        Issue Links

          Activity

          Hide
          Brett Porter added a comment -

          yes, I know. we've had a few issues with jline and pulled it out.

          Show
          Brett Porter added a comment - yes, I know. we've had a few issues with jline and pulled it out.
          Hide
          Juan F. Codagnone added a comment -

          org.codehaus.plexus.components.interactivity.DefaultInputHandler is being used, and its readPassword() just call
          java.io.BufferedReader#readLine(), echoing the password.

          Show
          Juan F. Codagnone added a comment - org.codehaus.plexus.components.interactivity.DefaultInputHandler is being used, and its readPassword() just call java.io.BufferedReader#readLine(), echoing the password.
          Hide
          Brett Porter added a comment -

          applied, thanks!

          the keyboard interactive didn't seem to ever get called for me... so I also added prompting to the userinfo

          Show
          Brett Porter added a comment - applied, thanks! the keyboard interactive didn't seem to ever get called for me... so I also added prompting to the userinfo
          Hide
          Juan F. Codagnone added a comment -

          attached a configurable solution

          Some warnings:

          • i still dont know much about plexus
          • It handles a bit better the input than WAGONSSH-12 because i didn't know about the existense of pluxus-prompter when i wrote that patch.
          Show
          Juan F. Codagnone added a comment - attached a configurable solution Some warnings: i still dont know much about plexus It handles a bit better the input than WAGONSSH-12 because i didn't know about the existense of pluxus-prompter when i wrote that patch.
          Hide
          Juan F. Codagnone added a comment -

          my interpretation of jsch code jsch-0.1.21/src/com/jcraft/jsch/Session.java[1] around line 357 shows the jsch will choose the order depending the servers order.

          So the best i think is to provide a safe default, and a way to change it (configure it) (like i want to configure it in WAGON-12). The nice thing about programing to interafaces and having a IoC container is that you can replace everything. I will work in a real solution if you like. (not this hack)

          [1] they dont have a viewcvs or any javadoc

          Show
          Juan F. Codagnone added a comment - my interpretation of jsch code jsch-0.1.21/src/com/jcraft/jsch/Session.java [1] around line 357 shows the jsch will choose the order depending the servers order. So the best i think is to provide a safe default, and a way to change it (configure it) (like i want to configure it in WAGON-12 ). The nice thing about programing to interafaces and having a IoC container is that you can replace everything. I will work in a real solution if you like. (not this hack) [1] they dont have a viewcvs or any javadoc
          Hide
          Brett Porter added a comment -

          I Think this is a great addition too, but haven't had a chance to test it yet. Linking to other issue that explores keyboard interactivity.

          Show
          Brett Porter added a comment - I Think this is a great addition too, but haven't had a chance to test it yet. Linking to other issue that explores keyboard interactivity.
          Hide
          Brett Porter added a comment -

          I think this should be applied as long as it is only used as a fallback, right? This seems like a good solution to avoiding hangs at the least.

          Show
          Brett Porter added a comment - I think this should be applied as long as it is only used as a fallback, right? This seems like a good solution to avoiding hangs at the least.
          Hide
          Juan F. Codagnone added a comment -

          ok, i will take a deeper look. perhaps i can reuse the interactive configuration that i add in WAGONSSH-12 .

          Show
          Juan F. Codagnone added a comment - ok, i will take a deeper look. perhaps i can reuse the interactive configuration that i add in WAGONSSH-12 .
          Hide
          Trygve Laugstøl added a comment -

          I'm postponing this one a bit to investigate if we should use our own password prompter mechanism.

          Juan: do you want to take a look at that?

          Show
          Trygve Laugstøl added a comment - I'm postponing this one a bit to investigate if we should use our own password prompter mechanism. Juan: do you want to take a look at that?
          Hide
          Juan F. Codagnone added a comment -

          this makes my wagon work in those environments.

          it is a pity that there is no such thing as a free ssh java server to be able to have unit tests.

          Show
          Juan F. Codagnone added a comment - this makes my wagon work in those environments. it is a pity that there is no such thing as a free ssh java server to be able to have unit tests.
          Hide
          chisisi added a comment -

          http://sourceforge.net/mailarchive/forum.php?thread_id=7308988&forum_id=12628

          that url looks like it will address the issue perhaps...since brett indicated jsch was the underlying library

          Show
          chisisi added a comment - http://sourceforge.net/mailarchive/forum.php?thread_id=7308988&forum_id=12628 that url looks like it will address the issue perhaps...since brett indicated jsch was the underlying library

            People

            • Assignee:
              Brett Porter
              Reporter:
              Juan F. Codagnone
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development