Attempts to connect to Axway SFTP server result in publickey auth loopin
Darren Tucker
dtucker at dtucker.net
Fri Feb 23 16:35:30 AEDT 2018
On 23 February 2018 at 01:49, Paul Ellis <openssh-unix-dev at skarsol.com> wrote:
> We are attempting to use openssh sftp to connect to a server that is running
> some version of the Axway SFTP server. After a publickey auth completes, the
> server resends publickey as a valid auth.
That could be potentially correct behaviour in the case where the
server requires several keys to authenticate, although it sounds like
this is not the case here.
> This results in a loop as openssh
> sftp resubmits the publickey information. This seems similar to a discussion
> in 2014 that terminated with the thought that it might be nice if the client
> tracked this
> (https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-August/032800.html).
> Is there any option we can use that will prevent this behavior?
Not currently.
> Attempts to
> contact Axway have failed as we’re not direct customers of theirs and the
> party actually running the server is blaming openssh.
You might want to direct them to RFC4252[1] section 5.1, which covers
partial authentication and says:
"""
Already successfully completed authentications SHOULD NOT be included
in the name-list, unless they should be performed again for some
reason.
"""
[1] https://tools.ietf.org/html/rfc4252
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list