Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HostConfigEntry resolveIdentityFilePath Identity Problem #622

Open
fragaLY opened this issue Oct 11, 2024 · 6 comments
Open

HostConfigEntry resolveIdentityFilePath Identity Problem #622

fragaLY opened this issue Oct 11, 2024 · 6 comments

Comments

@fragaLY
Copy link

fragaLY commented Oct 11, 2024
edited by tomaswolf
Loading

Version

2.14.0

Bug description

During the client#connect invocation, I am facing the parsing problem that provides me with identity in format
"~/.ssh/sftp.pem", but Tilda is expected to be the first token.

public class Main {

    private static final int DEFAULT_SFTP_SESSION_TIMEOUT = 1500;

    public static void main(String[] args) throws IOException {
        SshClient client = null;
        ClientSession session = null;
        try {
            client = SshClient.setUpDefaultClient();
            client.setServerKeyVerifier(AcceptAllServerKeyVerifier.INSTANCE);
            client.start();
            session = client.connect("user, "host", port).verify(DEFAULT_SFTP_SESSION_TIMEOUT, TimeUnit.MILLISECONDS).getSession();
            session.addPasswordIdentity("password");
            session.auth().verify(DEFAULT_SFTP_SESSION_TIMEOUT, TimeUnit.MILLISECONDS);
            System.out.println(session);
        } catch (Exception e) {
            var message = "Failed to create SSHClient Session:" + e.getMessage();
            System.out.println(message);
        } finally {
            Objects.requireNonNull(session).close();
            Objects.requireNonNull(client).close();
        }
    }
}

Actual behavior

Home tilde must be first: "~/.ssh/sftp.pem"

Expected behavior

Connection established.

Relevant log output

No response

Other information

No response
@tomaswolf
Copy link
Member

Strange. First: since you set a password, do you want to use public key authentication with that key at all? If not, you could side-track this issue by setting a no-op HostConfigEntryResolver: client.setHostConfigEntryResolver(HostConfigEntryResolver.EMPTY);.

But that doesn't solve the underlying problem. By default, the client picks up your ~/.ssh/config. Is there is some zero-width space or other invisible character in front of the tilde in that file that we neglect to remove when reading from the file?

@tomaswolf
Copy link
Member

Or maybe it's the quoting. If your SSH config has

IdentityFile "~/.ssh/sftp.pem"

you could replace it with just

IdentityFile ~/.ssh/sftp.pem

@fragaLY
Copy link
Author

fragaLY commented Oct 14, 2024

Hello @tomaswolf,

Thank you for your answer.

When I am using a HostConfigEntryResolver.EMPTY it skips the PK auth.

Unfortunately, now I am facing with the other problem: Failed to create SSH Client Session:No more authentication methods available

The ClentUserAuthService.class code line 331: in case of I am using a password auth approach if sets authFuture exception.

My example:

import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
import org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.auth.UserAuthMethodFactory;

import java.io.IOException;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.TimeUnit;

public class Main {

    private static final int DEFAULT_SFTP_SESSION_TIMEOUT = 2500;

    public static void main(String[] args) throws IOException {
        SshClient client = null;
        ClientSession session = null;
        try {
            client = SshClient.setUpDefaultClient();
            client.setServerKeyVerifier(AcceptAllServerKeyVerifier.INSTANCE);
            client.setHostConfigEntryResolver(HostConfigEntryResolver.EMPTY);
            client.setUserAuthFactoriesNames(List.of(UserAuthMethodFactory.PASSWORD));
            client.start();
            session = client.connect("user", "host",  22).verify(DEFAULT_SFTP_SESSION_TIMEOUT, TimeUnit.MILLISECONDS).getSession();
            session.addPasswordIdentity("password");
            session.auth().verify();
            System.out.println(session);
        } catch (Exception e) {
            var message = "Failed to create SSH Client Session:" + e.getMessage();
            System.out.println(message);
        } finally {
            Objects.requireNonNull(session).close();
            Objects.requireNonNull(client).close();
        }
    }
}

@fragaLY
Copy link
Author

fragaLY commented Oct 14, 2024

I found something similar on StackOverFlow: https://stackoverflow.com/questions/79063325/no-more-authentication-methods-available-with-apache-mina-sshd

@fragaLY fragaLY mentioned this issue Oct 14, 2024
Open
@fragaLY
Copy link
Author

fragaLY commented Oct 17, 2024

@tomaswolf

https://www.ssh.com/academy/ssh/config?hs_amp=true

If we will go back through the documentation and find that it could be quoted.

@tomaswolf
Copy link
Member

I know that having it quoted is perfectly fine with OpenSSH. The rudimentary parser in HostConfigEntry.readHostConfigEntries(BufferedReader) is not really OpenSSH compatible. A PR to improve it (including tests) would be welcome; the parser used in JGit may serve as an inspiration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomaswolf @fragaLY