stackoom
  简体   繁体   中英

Node ssh2 server not accepting Objective-Git/libgit2 SSH connection

 原文  2016-04-27 19:13:28       node.js/ git/ ssh/ libgit2

Question

I am trying to connect an Objective-Git/libgit2 app over SSH to a remote running mscdex 's Node ssh2 server, using key pairs.

The libgit2 app can connect to sshd on the server and implement push. It is implementing libgit2's git_cred_ssh_key_new and then git_remote_connect .

However, when the app attempts to connect to the ssh2 server, the server accepts the ssh-userauth service, but at the ssh-connection service the method type is 'none', rather than 'publickey'.

Alternatively, when I connect to the ssh2 server using git (rather than the app via libgit2), the ssh2 server accepts the ssh-connection service and implements method type 'publickey'.

So, I'm not sure where the problem lies: in the libgit2 implementation of the 'publickey' method type, or the ssh2 server falling through to method type 'none'.

Any pointers or help is greatly appreciated. Thanks.

ssh2 server (example server): 

new ssh2.Server({
  hostKeys: [fs.readFileSync('/Users/almccann/Sites/thenewpop/ssh2server/host_rsa')],
  debug: function (cfg) {
    console.log('debug', cfg);
  }
}, function(client) {
  console.log('Client connected!');
  client.on('authentication', function(ctx) {
    // ctx.method === 'none', no ctx.key
    if (ctx.method === 'publickey'
         && ctx.key.algo === pubKey.fulltype
         && buffersEqual(ctx.key.data, pubKey.public)) {
      if (ctx.signature) {
        var verifier = crypto.createVerify(ctx.sigAlgo);
        verifier.update(ctx.blob);
        if (verifier.verify(pubKey.publicOrig, ctx.signature))
          ctx.accept();
        else
          ctx.reject();
      } else {
        ctx.accept();
      }
    } else
      ctx.reject();
  }).on('ready', function() {
    console.log('Client authenticated!');
  }).on('end', function() {
    console.log('Client disconnected');
  });
})
.listen(22, '127.0.0.1', function() {
  console.log('Listening on port ' + this.address().port);
});

1 answers

solution1
 1 ACCPTED  2016-04-27 23:05:38

The none authentication method is basically what it sounds like, it's just an authentication method that allows clients access to the server without providing any kind of credentials or other information. That is why there is no ctx.key in that case.

Most servers will relay valid authentication methods back to the client when rejecting an authentication method, but this is not required (although some clients specifically rely on this, which is actually a bad thing). Assuming the ssh client is expecting this list, you can do something like this to signal you only accept publickey authentication: 

client.on('authentication', function(ctx) {
  if (ctx.method === 'publickey'
      && ctx.key.algo === pubKey.fulltype
      && buffersEqual(ctx.key.data, pubKey.public)) {
    if (ctx.signature) {
      var verifier = crypto.createVerify(ctx.sigAlgo);
      verifier.update(ctx.blob);
      if (verifier.verify(pubKey.publicOrig, ctx.signature))
        ctx.accept();
      else
        ctx.reject();
    } else {
      ctx.accept();
    }
  } else
    ctx.reject(['publickey']); // <==============
});

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Node SSH2 double ssh connection node typescript ssh2 connection disconnected on server with [preauth] Node SSH2 client connection session Node , SSh2 Server waiting for input make node.js not exit after ssh2 connection error node js set timeout in ssh in ssh2 nodejs - ssh2 server connection is not giving any output or errors ssh2: can't run the server on node js Write buffer data to SFTP server using Node and SSH2 Create a Node SSH2 Server with ability to treat Remote Forwarding
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM