headers
libssh sroschke | 2 Sep 2008 09:03

libssh2_userauth_publickey_fromfile multiple tries problem

Hello,

first let me thank you for your work on the libssh2 library. Your work is really appreciated. I hope you can give some advice on the problem I have.

I've got a problem using the the libssh2_userauth_publickey_fromfile function multiple times. I simply open a socket, create the LIBSSH2_SESSION, and call the libssh2_userauth_publickey_fromfile function for several keys, e.g., 100 different keys.

My experiments revealed that I can try app. 8 keys per connection. After 8 tries I have to close the socket, re-establish the connection and recreate the LIBSSH2_SESSION as it is not working reliable if I use the old socket, i.e., it will not recognize a successful authentication. After 8 tries the returned error code is:

err = -7 msg = Unable to send userauth-publickey request


Is there a reason why only 8 tries per connection are working? Is there a way to allow more than 8 auth tries without re-establishing the connection?

Thanks in advance for your help.

Regards,
S.Roschke


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
libssh2-devel mailing list
libssh2-devel@...
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Permalink | Reply | 1 comment |
headers
Daniel Stenberg | 2 Sep 2008 09:23
Picon
Favicon
Gravatar

Re: libssh2_userauth_publickey_fromfile multiple tries problem

On Tue, 2 Sep 2008, libssh sroschke wrote:

> Is there a reason why only 8 tries per connection are working? Is there a 
> way to allow more than 8 auth tries without re-establishing the connection?

My advice for you is to load up the source code and see for yourself, or use a 
debugger and single-step into the call and see what you can learn.

libssh2 is undermanned and does not get proper focus from any developers these 
days it seems, so prepare to role up your sleeves and do some shoveling.

--

-- 

  / daniel.haxx.se

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply | 0 comments |
headers
libssh sroschke | 4 Sep 2008 00:34

Fwd: libssh2_userauth_publickey_fromfile multiple tries problem

ieek, just replied to Daniel...

---------- Forwarded message ----------
From: libssh sroschke <libssh.sroschke-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
Date: Thu, Sep 4, 2008 at 12:32 AM
Subject: Re: [libssh2] libssh2_userauth_publickey_fromfile multiple tries problem
To: Daniel Stenberg <daniel-7AX/Qt632QQ@public.gmane.org>


So to let you all know,

i invested some time, and tracked down the problem. While trying the 7th key, the send(session->socket, ... ) function called in transport.c:780 fails (returns -1). The errno value is set to EPIPE (32), which makes me believe that the problem is caused by the server, not by the client. Maybe the server closes the connection after 7 tries, to prevent bruteforcing. So it seems that the problem is not the libssh2 implementation, but the server it connects to.

I thought it might be worth to know for you guys. Maybe someday somebody ask such a question on the mailing list.

Anyway, thanks at least for your answer. :)

cu & take care
sebastian



On Tue, Sep 2, 2008 at 9:23 AM, Daniel Stenberg <daniel-7AX/Qt632QQ@public.gmane.org> wrote:
On Tue, 2 Sep 2008, libssh sroschke wrote:

> Is there a reason why only 8 tries per connection are working? Is there a
> way to allow more than 8 auth tries without re-establishing the connection?

My advice for you is to load up the source code and see for yourself, or use a
debugger and single-step into the call and see what you can learn.

libssh2 is undermanned and does not get proper focus from any developers these
days it seems, so prepare to role up your sleeves and do some shoveling.

--

 / daniel.haxx.se

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
libssh2-devel mailing list
libssh2-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/libssh2-devel


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
libssh2-devel mailing list
libssh2-devel@...
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Permalink | Reply | 0 comments |
headers
SourceForge.net | 11 Sep 2008 03:34
Picon
Favicon

[ libssh2-Bugs-1902169 ] second channel creation fails

Bugs item #1902169, was opened at 2008-02-26 09:17
Message generated for change (Comment added) made by thomaspu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=1902169&group_id=125852

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: API
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Tefnet (ekatalog)
Assigned to: Nobody/Anonymous (nobody)
Summary: second channel creation fails

Initial Comment:
As shown in included source code, libssh2 won't create a channel for the second time. 

this is what appears in openssh daemon logs:

Feb 26 15:01:34 biuro sshd[3155]: error: buffer_get_string_ret: bad string length 1702663341
Feb 26 15:01:34 biuro sshd[3155]: fatal: buffer_get_string: buffer error
Feb 26 15:01:34 biuro sshd[3155]: pam_unix(sshd:session): session closed for user tefnet

on second channel creation in a program, it would return a NULL channel pointer and give no hint in last_error.

software versions:
libssh2-0.18
openssh-4.7_p1
linux-2.6.17.13

----------------------------------------------------------------------

Comment By: Paul Thomas (thomaspu)
Date: 2008-09-10 20:34

Message:
I too have encountered this problem. My quick fix was to always retry
channel creation. But this is quite a band-aide approach!

----------------------------------------------------------------------

Comment By: Tefnet (ekatalog)
Date: 2008-02-28 06:47

Message:
Logged In: YES 
user_id=1264460
Originator: YES

I haven't found any other references to direct_state except for this
function. It looks like it's not used. Can we safely skip this part of
code?

----------------------------------------------------------------------

Comment By: Tefnet (ekatalog)
Date: 2008-02-28 06:40

Message:
Logged In: YES 
user_id=1264460
Originator: YES

There is a quick fix when running a single channel at a time. Changing
libssh2_channel_direct_tcpip_ex() in tunnel.c from:

if (session->direct_state == libssh2_NB_state_idle)

to:

if (session->direct_state == libssh2_NB_state_idle || 1)

fixes the problem. Something with direct_stare is messed up. Investigation
continues...

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=1902169&group_id=125852

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply | 2 comments |
headers
Paul Thomas | 12 Sep 2008 03:12
Picon

How to set env vars

Anyone know how to get an enviornmental variable set through the
library? The doc says to just do:
  libssh2_channel_setenv_ex( channelPtr, "variableName_Foo",
"variableValue_Bar");
But the function always returns -1, failure. I'm getting a valid
channel pointer....

help?
Paul

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply | 9 comments |
headers
Peter Stuge | 12 Sep 2008 03:15
Picon

Re: How to set env vars

Paul Thomas wrote:
> Anyone know how to get an enviornmental variable set through the
> library? The doc says to just do:
>   libssh2_channel_setenv_ex( channelPtr, "variableName_Foo",
> "variableValue_Bar");
> But the function always returns -1, failure. I'm getting a valid
> channel pointer....

Can you get an error code or message?

//Peter

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply | 8 comments |
headers
Paul Thomas | 12 Sep 2008 03:19
Picon

Re: How to set env vars

The value returned from the function is -1 and the error message is:
  Unable to complete request for channel-setenv

Paul

On Thu, Sep 11, 2008 at 9:15 PM, Peter Stuge <peter@...> wrote:
> Paul Thomas wrote:
>> Anyone know how to get an enviornmental variable set through the
>> library? The doc says to just do:
>>   libssh2_channel_setenv_ex( channelPtr, "variableName_Foo",
>> "variableValue_Bar");
>> But the function always returns -1, failure. I'm getting a valid
>> channel pointer....
>
> Can you get an error code or message?
>
>
> //Peter
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> libssh2-devel mailing list
> libssh2-devel@...
> https://lists.sourceforge.net/lists/listinfo/libssh2-devel
>

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply | 7 comments |
headers
Peter Stuge | 12 Sep 2008 03:21
Picon

Re: How to set env vars

Paul Thomas wrote:
> The value returned from the function is -1 and the error message is:
>   Unable to complete request for channel-setenv

What does it look like on the server side?

Can you run the sshd with debugging enabled?

//Peter

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply | 6 comments |
headers
Paul Thomas | 12 Sep 2008 03:30
Picon

Re: How to set env vars

How do I enable the ssh server to run in debug mode? The SSH version
of my server is:
  OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007

Paul

On Thu, Sep 11, 2008 at 9:21 PM, Peter Stuge <peter@...> wrote:
> Paul Thomas wrote:
>> The value returned from the function is -1 and the error message is:
>>   Unable to complete request for channel-setenv
>
> What does it look like on the server side?
>
> Can you run the sshd with debugging enabled?
>
>
> //Peter
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> libssh2-devel mailing list
> libssh2-devel@...
> https://lists.sourceforge.net/lists/listinfo/libssh2-devel
>

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply | 5 comments |
headers
Peter Stuge | 12 Sep 2008 03:33
Picon

Re: How to set env vars

Paul Thomas wrote:
> How do I enable the ssh server to run in debug mode? The SSH version
> of my server is:
>   OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007

Stop the normal sshd running as a service, then run:

/usr/sbin/sshd -ddd

Don't forget to start the service again when you've captured the
debugging messages.

For development it'll help to set up sshd with debugging always
enabled, running on a different port. Use -p for that.

//Peter

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Permalink | Reply | 4 comments |

Gmane