Re: Attempts to connect to Axway SFTP server result in publickey auth loopin

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 23 February 2018 at 01:49, Paul Ellis <openssh-unix-dev@xxxxxxxxxxx> wrote:
> We are attempting to use openssh sftp to connect to a server that is running
> some version of the Axway SFTP server. After a publickey auth completes, the
> server resends publickey as a valid auth.

That could be potentially correct behaviour in the case where the
server requires several keys to authenticate, although it sounds like
this is not the case here.

> This results in a loop as openssh
> sftp resubmits the publickey information. This seems similar to a discussion
> in 2014 that terminated with the thought that it might be nice if the client
> tracked this
> (https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-August/032800.html).
> Is there any option we can use that will prevent this behavior?

Not currently.

> Attempts to
> contact Axway have failed as we’re not direct customers of theirs and the
> party actually running the server is blaming openssh.

You might want to direct them to RFC4252[1] section 5.1, which covers
partial authentication and says:

"""
   Already successfully completed authentications SHOULD NOT be included
   in the name-list, unless they should be performed again for some
   reason.

"""

[1] https://tools.ietf.org/html/rfc4252

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux