Authentication protocol
Derek A Bodin
bodi0026 at umn.edu
Mon Jan 19 05:34:26 EST 2004
Hello my name is Derek Bodin.
As a personal side project I am trying to create a java SSH2 server. I have
so far been able to work my through the transportation protocol and the user
authentication protocol. My question is when the authentication protocol
starts OpenSSH will sit and hang waiting for the server to send a
SSH_MSG_USERAUTH_FAILURE packet and a list of appropriate authentication
methods (password, publickey
). After that packet is sent, OpenSSH will
immediately send the SSH_MSG_USERAUTH_REQUEST packet with none as the method
of authentication and then without waiting send a packet for the next method
of authentication.
According to [SSH-USERAUTH]:
“The server MUST always reject this request, unless the client is to be
allowed in without any authentication, in which case the server MUST accept
this request. The main purpose of sending this request is to get the list
of supported methods from the server.”
It seems to me that the “none” packet should be sent directly after the
server accepts the service in order to get the list of methods. This would
allow the server to either grant the client access right away, or send the
list of other methods for the client to try. I can’t find any reason in the
protocol drafts why this wouldn’t be acceptable.
If anyone on this list knows why this packet exchange is done in this order,
please respond to this message I am very curious.
Thank you,
Derek Bodin
PS I am using the OpenSSH_3.4p1 client as my testing client.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.561 / Virus Database: 353 - Release Date: 1/13/2004
More information about the openssh-unix-dev
mailing list