[Bug 1361] New: ssh should handle leading comma in authentication method list
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Sep 12 20:57:03 EST 2007
http://bugzilla.mindrot.org/show_bug.cgi?id=1361
Summary: ssh should handle leading comma in authentication method
list
Product: Portable OpenSSH
Version: 4.7p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: graeme.hewson at oracle.com
It's not possible to connect to a certain proprietary appliance using
OpenSSH. Here's an extract from a debug log:
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ghewson/.ssh/identity ((nil))
debug2: key: /home/ghewson/.ssh/id_rsa ((nil))
debug2: key: /home/ghewson/.ssh/id_dsa (0x8090520)
debug1: Authentications that can continue: ,password
debug3: start over, passed a different list ,password
debug3: preferred publickey,keyboard-interactive,password
debug1: No more authentication methods to try.
Permission denied (,password).
Note there's no prompt for a password. The problem is that the
appliance is sending a leading comma in the list of authentication
method names in the userauth response, and ssh isn't recognising the
"password" method.
RFC 4252 "SSH Authentication Protocol" talks of a "comma-separated
name-list" and doesn't seem to rule out there being a leading comma.
RFC 4251 "SSH Protocol Architecture" formally defines a name-list and
says it contains "a comma-separated list of zero or more names"; again,
this doesn't seem to rule out a leading comma. Going by the principle
of "be liberal in what you accept", I believe ssh should handle this
case. Indeed, putty (a fairly old version, 0.57) handles it, and it's
possible to log on to the appliance.
I attach a suggested patch.
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list