Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support keyboard-interactive authentication #3

Merged
merged 11 commits into from
Mar 25, 2022
Merged

Support keyboard-interactive authentication #3

merged 11 commits into from
Mar 25, 2022

Conversation

drieseng
Copy link
Member

@drieseng drieseng commented Mar 19, 2022
edited
Loading

Fix support for keyboard-interactive authentication by:

  • using PAM-enabled version of OpenSSH
  • using chage to force expiry of password

In TearDown() of AuthenticationTests, correctly reset state of docker container by changing the password of the sshnet user back to the default value and removing its password expiration.

Fixes #2.

Note:
You'll need to update SshNet.TestTools.OpenSSH.

drieseng added 6 commits March 19, 2022 13:29
@drieseng
Support keyboard-interactive authentication:
c65d68f 
* Use PAM-enabled version of OpenSSH.
* Install shadow package to allow us to use the chage command to force password expiry.
@drieseng
Support keyboard-interactive authentication:
c770b34 
* Update Restart() to stop and start the PAM-enabled version of OpenSSH.
* Add method to configure KbdInteractiveAuthentication option.
@drieseng
Fix path to sftp module.
29cf727
@drieseng
Update TearDown to:
c02cd70 
* Reset password of sshnet user back to the default password.
* Use change to remove password expiration for the sshnet user.
Update keyboard-interactive tests to also enable KbdInteractiveAuthentication option.
@drieseng
Remove dangling images after building the image.
1a2518e
@drieseng
Fix warning.
d9253d9
@drieseng drieseng requested a review from IgorMilavec March 19, 2022 12:40
@drieseng drieseng changed the title Feature/keyboard interactive Support keyboard-interactive authentication Mar 19, 2022
@IgorMilavec
Copy link
Collaborator

The KeyboardInteractive_PasswordExpired still fails, now the test result is:

  Message: 
Test method SshNetTests.AuthenticationTests.KeyboardInteractive_PasswordExpired threw exception: 
Renci.SshNet.Common.SshAuthenticationException: Permission denied (keyboard-interactive).

  Stack Trace: 
ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session)
ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory)
Session.Connect()
BaseClient.CreateAndConnectSession()
BaseClient.Connect()
AuthenticationTests.KeyboardInteractive_PasswordExpired() line 285

The password is correctly reset and other tests can continue.

@drieseng
Copy link
Member Author

Hmm, it consistently passes here.
Few questions:

  1. Does it fail when you only run that test?
  2. Does it fail when you only run the tests in AuthenticationTests?
  3. Do you run the tests in Visual Studio or command-line?

@IgorMilavec
Copy link
Collaborator

I've just observed that it only fails the first time after I run the container. If I repeat the test without restarting the container, it passes.

@IgorMilavec
Copy link
Collaborator

Running _remoteSshdConfig?.Reset() from SetUp() fixes this. It seems that the config in the container differs from what Reset() generates.

@drieseng
Copy link
Member Author

@IgorMilavec The default config indeed differs. Ideally, we'd generate the default config using the same mechanism.
For now, I'll just fix the tests to set UsePAM to true.
I'll update the PR later today.

@drieseng
Copy link
Member Author

@IgorMilavec, this should do it.

@IgorMilavec
Copy link
Collaborator

Great, KeyboardInteractive_PasswordExpired now passes the first time.

IgorMilavec
IgorMilavec reviewed Mar 22, 2022
View reviewed changes
docker/build.cmd Outdated Show resolved Hide resolved
src/SshNetTests/SshTests.cs Show resolved Hide resolved
@drieseng
Copy link
Member Author

@IgorMilavec Please re-review.

IgorMilavec
IgorMilavec approved these changes Mar 24, 2022
View reviewed changes
Copy link
Collaborator

@IgorMilavec IgorMilavec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great solution with the prune batch, now it's under user's control.

@drieseng drieseng merged commit 3bfbc71 into main Mar 25, 2022
@drieseng drieseng deleted the feature/keyboard-interactive branch November 20, 2022 10:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IgorMilavec IgorMilavec IgorMilavec approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

KeyboardInteractive_PasswordExpired fails and corrupts container state
2 participants
@drieseng @IgorMilavec