[esb-issues] [JBoss JIRA] Commented: (JBESB-2875) Support sftp (ssh) keyboard-interactive auth
Kevin Conner (JIRA)
jira-events at lists.jboss.org
Mon Oct 19 07:50:05 EDT 2009
[ https://jira.jboss.org/jira/browse/JBESB-2875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12490330#action_12490330 ]
Kevin Conner commented on JBESB-2875:
-------------------------------------
I enabled keyboard-interactive in revision 29655 and, having just looked through jsch and http://www.faqs.org/rfcs/rfc4256.html and going to add a UserInfo.
It looks like the jsch code explicitly tests for a prompt of 'Password:' before using the password value, and I do not believe this is reliable enough.
> Support sftp (ssh) keyboard-interactive auth
> --------------------------------------------
>
> Key: JBESB-2875
> URL: https://jira.jboss.org/jira/browse/JBESB-2875
> Project: JBoss ESB
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Adapters
> Affects Versions: 4.6
> Reporter: Tom Eicher
> Assignee: Kevin Conner
> Priority: Minor
> Fix For: 4.7
>
>
> JSch, as it is currently used in SecureFtpOverSSH, does only allow "password" authentication.
> However, this requires that the target system has ssh configured for "PasswordAuthentication yes" in sshd_conf, which is by default "no" nowadays...
> Connections will fail with
> org.jboss.soa.esb.util.RemoteFileSystemException: com.jcraft.jsch.JSchException: Auth fail
> To allow connections to servers configured like this, we need to support "keyboard-interactive" additionally:
> 1. SecureFtpImpl:
> change session.setConfig("PreferredAuthentications", "password");
> to session.setConfig("PreferredAuthentications", "password,keyboard-interactive");
> 2. SecureFtpUserInfo:
> additionally implement JSch interface UIKeyboardInteractive:
> public String[] promptKeyboardInteractive(
> String destination,
> String name,
> String instruction,
> String[] prompt,
> boolean[] echo){
> if(prompt.length!=1 || echo[0]!=false || this.password==null){
> return null;
> }
> String[] response=new String[1];
> response[0]=this.password;
> return response;
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the esb-issues
mailing list