[erlang-bugs] R16B03 ssh client is broken for keyboard-interactive

Simon Cornish <>
Wed Jan 15 11:04:02 CET 2014


Hi,
It seems like OTP-11363 breaks keyboard-interactive authentication by
introducing the ssh_message module.

The following messages will always be decoded as #ssh_msg_userauth_pk_ok{}

SSH2_MSG_USERAUTH_PK_OK
SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ
SSH2_MSG_USERAUTH_INFO_REQUEST

Which, when the server has keyboard-interactive as a preferred
authentication method results in an error like the one shown below.

Attached is the patch I used as a workaround. It's probably not the best
solution. Really, the decode should be aware of what messages are expected
from the current state of the connection.

Regards,
 Simon

Error:
4> catch ssh:shell("localhost", 22, [{user, "x123"}, {password,"x123"},
{user_dir, "/tmp/simon/xxhd"}]).
{error,"Internal error"}
5>
=ERROR REPORT==== 14-Jan-2014::16:15:04 ===
Erlang ssh connection handler failed with reason: function_clause
, Stacktace: [{ssh_connection_handler,userauth,
                  [{ssh_msg_userauth_pk_ok,<<>>,
                       <<0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,9,80,97,115,115,119,
                         111,114,100,58,0>>},
                   {state,client,undefined,<0.32.0>,"x123",
                       {connection,[],28690,[],0,undefined,undefined,
                           undefined,
                           [{user_pid,<0.32.0>},
                            {host,"localhost"},
                            {idle_time,infinity},
                            {user_dir,"/tmp/simon/xxhd"},
                            {password,"x123"},
                            {user,"x123"}],
                           undefined,undefined,undefined,undefined},
                       0,infinity,tcp,gen_tcp,tcp_closed,
                       {ssh,client,
                           {"localhost",{{127,0,0,1},22}},
                           {2,0},
                           {2,0},
                           "SSH-2.0-Erlang","SSH-2.0-OpenSSH_5.6",
....
                           undefined,"x123","ssh-connection",false,
                           "publickey,keyboard-interactive,password",
                           ["publickey","keyboard-interactive"],
                           [],
                           ["ssh-rsa","ssh-dss"],
                           false},
                       #Port<0.1188>,<<>>,<<>>,undefined,
                       {ssh_msg_kexinit,

<<176,81,33,95,58,180,129,224,145,127,117,133,160,
                             53,16,241>>,
                           ["diffie-hellman-group1-sha1"],
                           ["ssh-rsa","ssh-dss"],
                           ["aes128-cbc","3des-cbc"],
                           ["aes128-cbc","3des-cbc"],
                           ["hmac-sha1"],
                           ["hmac-sha1"],
                           ["none","zlib"],
                           ["none","zlib"],
                           [],[],false,0},
                       false,undefined,undefined,undefined,
                       [{user_pid,<0.32.0>},
                        {host,"localhost"},
                        {idle_time,infinity},
                        {user_dir,"/tmp/simon/xxhd"},
                        {password,"x123"},
                        {user,"x123"}]}],
                  [{file,"ssh_connection_handler.erl"},{line,393}]},
              {ssh_connection_handler,event,3,
                  [{file,"ssh_connection_handler.erl"},{line,1126}]},
              {gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,505}]},

{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,239}]}]
please report this to 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20140115/7c0cd91e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh-kbd-interactive.patch
Type: application/octet-stream
Size: 1181 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20140115/7c0cd91e/attachment.obj>


More information about the erlang-bugs mailing list