authentication with passwords can fail in some environments

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 1.0-alpha-5
  • Component/s: wagon-ssh
  • Labels:
    None

Description

if the repository use username / password authentication and the server (openssh here) has "PasswordAuthentication no" option set, it fail to auth. I can log in using others ssh clients thow.

Changing PasswordAuthentication to yes, makes wagon succeed , but it is not a practical solution.

  1. Text File
    WAGON-13.diff
    20/Sep/05 7:14 PM
    2 kB
    Juan F. Codagnone
  2. Text File
    WAGONSSH-13-b.diff
    22/Sep/05 12:05 AM
    11 kB
    Juan F. Codagnone

Issue Links

is depended upon by

Bug - A problem which impairs or prevents the functions of the product. MNG-1131 address necessary wagon issues

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.
is related to

Bug - A problem which impairs or prevents the functions of the product. WAGON-194 wagon-ssh is vulnerable to man in the middle attacks

  • Critical - Crashes, loss of data, severe memory leak.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Wish - General wishlist item WAGON-180 Although a password is given in the settings.xml for a scp url, a password prompt still appears

  • Minor - Minor loss of function, or other problem where easy workaround is present.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
chisisi added a comment -

http://sourceforge.net/mailarchive/forum.php?thread_id=7308988&forum_id=12628

that url looks like it will address the issue perhaps...since brett indicated jsch was the underlying library

Show
chisisi added a comment - http://sourceforge.net/mailarchive/forum.php?thread_id=7308988&forum_id=12628 that url looks like it will address the issue perhaps...since brett indicated jsch was the underlying library
Hide
Permalink
Juan F. Codagnone added a comment -

this makes my wagon work in those environments.

it is a pity that there is no such thing as a free ssh java server to be able to have unit tests.

Show
Juan F. Codagnone added a comment - this makes my wagon work in those environments. it is a pity that there is no such thing as a free ssh java server to be able to have unit tests.
Hide
Permalink
Trygve Laugstol added a comment -

I'm postponing this one a bit to investigate if we should use our own password prompter mechanism.

Juan: do you want to take a look at that?

Show
Trygve Laugstol added a comment - I'm postponing this one a bit to investigate if we should use our own password prompter mechanism. Juan: do you want to take a look at that?
Hide
Permalink
Juan F. Codagnone added a comment -

ok, i will take a deeper look. perhaps i can reuse the interactive configuration that i add in WAGONSSH-12 .

Show
Juan F. Codagnone added a comment - ok, i will take a deeper look. perhaps i can reuse the interactive configuration that i add in WAGONSSH-12 .
Hide
Permalink
Brett Porter added a comment -

I think this should be applied as long as it is only used as a fallback, right? This seems like a good solution to avoiding hangs at the least.

Show
Brett Porter added a comment - I think this should be applied as long as it is only used as a fallback, right? This seems like a good solution to avoiding hangs at the least.
Hide
Permalink
Brett Porter added a comment -

I Think this is a great addition too, but haven't had a chance to test it yet. Linking to other issue that explores keyboard interactivity.

Show
Brett Porter added a comment - I Think this is a great addition too, but haven't had a chance to test it yet. Linking to other issue that explores keyboard interactivity.
Hide
Permalink
Juan F. Codagnone added a comment -

my interpretation of jsch code jsch-0.1.21/src/com/jcraft/jsch/Session.java[1] around line 357 shows the jsch will choose the order depending the servers order.

So the best i think is to provide a safe default, and a way to change it (configure it) (like i want to configure it in WAGON-12). The nice thing about programing to interafaces and having a IoC container is that you can replace everything. I will work in a real solution if you like. (not this hack)

[1] they dont have a viewcvs or any javadoc

Show
Juan F. Codagnone added a comment - my interpretation of jsch code jsch-0.1.21/src/com/jcraft/jsch/Session.java[1] around line 357 shows the jsch will choose the order depending the servers order. So the best i think is to provide a safe default, and a way to change it (configure it) (like i want to configure it in WAGON-12). The nice thing about programing to interafaces and having a IoC container is that you can replace everything. I will work in a real solution if you like. (not this hack) [1] they dont have a viewcvs or any javadoc
Hide
Permalink
Juan F. Codagnone added a comment -

attached a configurable solution

Some warnings:

  • i still dont know much about plexus
  • It handles a bit better the input than WAGONSSH-12 because i didn't know about the existense of pluxus-prompter when i wrote that patch.
Show
Juan F. Codagnone added a comment - attached a configurable solution Some warnings:
  • i still dont know much about plexus
  • It handles a bit better the input than WAGONSSH-12 because i didn't know about the existense of pluxus-prompter when i wrote that patch.
Hide
Permalink
Brett Porter added a comment -

applied, thanks!

the keyboard interactive didn't seem to ever get called for me... so I also added prompting to the userinfo

Show
Brett Porter added a comment - applied, thanks! the keyboard interactive didn't seem to ever get called for me... so I also added prompting to the userinfo
Hide
Permalink
Juan F. Codagnone added a comment -

org.codehaus.plexus.components.interactivity.DefaultInputHandler is being used, and its readPassword() just call
java.io.BufferedReader#readLine(), echoing the password.

Show
Juan F. Codagnone added a comment - org.codehaus.plexus.components.interactivity.DefaultInputHandler is being used, and its readPassword() just call java.io.BufferedReader#readLine(), echoing the password.
Hide
Permalink
Brett Porter added a comment -

yes, I know. we've had a few issues with jline and pulled it out.

Show
Brett Porter added a comment - yes, I know. we've had a few issues with jline and pulled it out.

People

  • Assignee:
    Brett Porter
    Reporter:
    Juan F. Codagnone
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: