[ https://jira.jboss.org/jira/browse/JBESB-2875?page=com.atlassian.jira.plu... ] Tom Eicher updated JBESB-2875: ------------------------------ Description: JSch, as it is currently used in SecureFtpOverSSH, does only allow "password" authentication. However, this requires that the target system has ssh configured for "PasswordAuthentication yes" in sshd_conf, which is by default "no" nowadays... Connections will fail with org.jboss.soa.esb.util.RemoteFileSystemException: com.jcraft.jsch.JSchException: Auth fail To allow connections to servers configured like this, we need to support "keyboard-interactive" additionally: 1. SecureFtpImpl: change session.setConfig("PreferredAuthentications", "password"); to session.setConfig("PreferredAuthentications", "password,keyboard-interactive"); 2. SecureFtpUserInfo: additionally implement JSch interface UIKeyboardInteractive: public String[] promptKeyboardInteractive( String destination, String name, String instruction, String[] prompt, boolean[] echo){ if(prompt.length!=1 || echo[0]!=false || this.password==null){ return null; } String[] response=new String[1]; response[0]=this.password; return response; } was: JSch, as it is currently used in SecureFtpOverSSH, does only allow "password" authentication. However, this requires that the target system has ssh configured for "PasswordAuthentication yes" in sshd_conf, which is by default "no" nowadays... Connections will fail with {code} org.jboss.soa.esb.util.RemoteFileSystemException: com.jcraft.jsch.JSchException: Auth fail {code} To allow connections to servers configured like this, we need to support "keyboard-interactive" additionally: 1. SecureFtpImpl: change session.setConfig("PreferredAuthentications", "password"); to session.setConfig("PreferredAuthentications", "password,keyboard-interactive"); 2. SecureFtpUserInfo: additionally implement JSch interface UIKeyboardInteractive: {code} public String[] promptKeyboardInteractive( String destination, String name, String instruction, String[] prompt, boolean[] echo){ if(prompt.length!=1 || echo[0]!=false || this.password==null){ return null; } String[] response=new String[1]; response[0]=this.password; return response; } {code} -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/jira/browse/JBESB-2875?page=com.atlassian.jira.plu... ] Tom Eicher commented on JBESB-2875: ----------------------------------- Thanks for suggesting that, but for us that would not work, because we can only access for file transfer, i.e. sftp, not ssh. Actually, we do not have a current problem, as we copied the SecureFtpOverSSH over to out codebase and applied the changes above. It would just be nice to be able to remove that when the next ESB version comes out. If you google the issue a bit, you will see that this is a very common problem, not only for ESB users but for any application that connects via SSH. Given that implementing keyboard-interactive is very trivial, that could save many ESB users some headaches, though. Cheers, Tom. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/jira/browse/JBESB-2875?page=com.atlassian.jira.plu... ] Kevin Conner updated JBESB-2875: -------------------------------- Fix Version/s: 4.7 (was: 4.8) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/jira/browse/JBESB-2875?page=com.atlassian.jira.plu... ] Kevin Conner commented on JBESB-2875: ------------------------------------- All that seems necessary is the first part, enabling keyboard-interactive within PreferredAuthentications. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://jira.jboss.org/jira/browse/JBESB-2875?page=com.atlassian.jira.plu... ] Kevin Conner closed JBESB-2875. ------------------------------- Resolution: Done Added UserInfo in revisions 29657 and 29670. Tested locally with OpenSSH, configured to enable ChallengeResponseAuthentication and disable #PasswordAuthentication. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira