[esb-issues] [JBoss JIRA] Commented: (JBESB-2875) Support sftp (ssh) keyboard-interactive auth

Kevin Conner (JIRA) jira-events at lists.jboss.org
Mon Oct 19 07:50:05 EDT 2009 

    [ https://jira.jboss.org/jira/browse/JBESB-2875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12490330#action_12490330 ] 

Kevin Conner commented on JBESB-2875:
-------------------------------------

I enabled keyboard-interactive in revision 29655 and, having just looked through jsch and http://www.faqs.org/rfcs/rfc4256.html and going to add a UserInfo.

It looks like the jsch code explicitly tests for a prompt of 'Password:' before using the password value, and I do not believe this is reliable enough.

> Support sftp (ssh) keyboard-interactive auth
> --------------------------------------------
>
>                 Key: JBESB-2875
>                 URL: https://jira.jboss.org/jira/browse/JBESB-2875
>             Project: JBoss ESB
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Adapters
>    Affects Versions: 4.6
>            Reporter: Tom Eicher
>            Assignee: Kevin Conner
>            Priority: Minor
>             Fix For: 4.7
>
>
> JSch, as it is currently used in SecureFtpOverSSH, does only allow "password" authentication.
> However, this requires that the target system has ssh configured for "PasswordAuthentication yes" in sshd_conf, which is by default "no" nowadays...
> Connections will fail with 
> org.jboss.soa.esb.util.RemoteFileSystemException: com.jcraft.jsch.JSchException: Auth fail
> To allow connections to servers configured like this, we need to support "keyboard-interactive" additionally:
> 1. SecureFtpImpl:
> change session.setConfig("PreferredAuthentications", "password");
> to session.setConfig("PreferredAuthentications", "password,keyboard-interactive");
> 2. SecureFtpUserInfo:
> additionally implement JSch interface UIKeyboardInteractive:
>     public String[] promptKeyboardInteractive(
>     		String destination,
>             String name,
>             String instruction,
>             String[] prompt,
>             boolean[] echo){
>     	if(prompt.length!=1 || echo[0]!=false || this.password==null){
>           return null;
>     	}
>     	String[] response=new String[1];
>     	response[0]=this.password;
>     	return response;
>     }

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the esb-issues mailing list