Go Back   FlashFXP Forums > >

General Discussion Need help? Have a problem? Let us help you. Bug reports and feature requests should be made using the Bug Tracker or Feature Tracker

Closed Thread
 
Thread Tools Rate Thread Display Modes
Old 10-10-2016, 04:06 AM   #1
andreas
Senior Member
FlashFXP Beta Tester
 
Join Date: Jul 2002
Posts: 484
Default SCP - wrong username

I am using flashfxp with vshell SCP server
When I use a wrong username for the session, flashfxp returns the following error:

[14:28:58] [R] Connecting to WRONG_PASS_SESSION -> DNS=my.server.com IP=192.168.1.10 PORT=22
[14:28:58] [R]
Connected to WRONG_PASS_SESSION [14:28:59] [R] Host key algorithm ssh-rsa, size 2048 bits.
[14:28:59] [R] Fingerprint (MD5): da:00:aa:a3:33:f6:44:11:1b:34:a5:11:11:11:12:22

[14:28:59] [R] Key exchange: diffie-hellman-group-exchange-sha256. Session encryption: aes256-ctr, MAC: hmac-sha1, compression: none.

[14:28:59] [R] Auth Type: Password

*[14:28:59] [R] SSH Error: failed to negotiate authentication method*

[14:28:59] [R] SSH Connection closed [14:28:59] [R] Connection failed


This seems to be wrong.
An error like "Invalid username or password" should be returned, shouldn't it?
andreas is offline  
Old 10-11-2016, 06:39 PM   #2
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

The login failure reply from a SSH server is vague and in most cases doesn't tell you why access was denied, just that access was denied, which could mean a lot of things, such as the user/pass are correct but the user doesn't have access, or that the user is temporarily disabled, or maybe this user can only sign in using public key authentication.
bigstar is offline  
Old 10-12-2016, 07:57 AM   #3
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

After some real-world testing and stepping through the code I discovered that there is something wrong.

Good catch.

I am still investigating the issue and will let you know what I find.
bigstar is offline  
Old 10-12-2016, 09:05 AM   #4
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

[08:56:40] [R] Key exchange: curve25519-sha256@libssh.org. Session encryption: aes256-ctr, MAC: hmac-sha1, compression: none.
[08:56:40] [R] Auth Type: Password
[08:56:40] [R] Authentication failed [unknown user or invalid password]
[08:56:40] [R] SSH Error: failed to negotiate authentication method
[08:56:40] [R] SSH Connection closed
[08:56:40] [R] Connection failed

Here we go, the correct the result.

The "Authentication failed" line was not being triggered due to an unexpected change in one of the SecureBlackBox updates.
bigstar is offline  
Old 10-12-2016, 09:32 AM   #5
andreas
Senior Member
FlashFXP Beta Tester
 
Join Date: Jul 2002
Posts: 484
Default

There are the logs from vshell in case they help you
Code:
VShellSSH2 conn 8 10.10.10.54 56354 - - - 0 0 0 0 10.10.10.164 22 "00008: Connection accepted from 10.10.10.54:56354"
VShellSSH2 auth 8 - - wrong_user - - 0 0 0 0 - - "00008: Username lookup failed for user wrong_user: No mapping between account names and security IDs was done."
VShellSSH2 auth 8 10.10.10.54 56354 wrong_user - - 0 0 0 0 - - "00008: none for user wrong_user rejected because it is unavailable"
VShellSSH2 auth 8 - - wrong_user - - 0 0 0 0 - - "00008: Authentication for wrong_user failed: The user name or password is incorrect."
VShellSSH2 auth 8 - - wrong_user - - 0 0 0 0 - - "00008: password for user wrong_user rejected"
VShellSSH2 auth 8 10.10.10.54 56354 wrong_user - - 0 0 0 0 10.10.10.164 22 "00008: Authentication failure count for 10.10.10.54 updated to 1 due to authentication failure by user wrong_user"
VShellSSH2 conn 8 - - - - - 0 0 0 0 - - "00008: The transport was aborted with a disconnect packet: Disconnected by application. No more authentication methods available"
VShellSSH2 conn 9 10.10.10.54 56355 - - - 0 0 0 0 10.10.10.164 22 "00009: Connection accepted from 10.10.10.54:56355"
VShellSSH2 auth 9 - - wrong_user - - 0 0 0 0 - - "00009: Username lookup failed for user wrong_user: No mapping between account names and security IDs was done."
VShellSSH2 auth 9 10.10.10.54 56355 wrong_user - - 0 0 0 0 - - "00009: none for user wrong_user rejected because it is unavailable"
VShellSSH2 auth 9 - - wrong_user - - 0 0 0 0 - - "00009: Authentication for wrong_user failed: The user name or password is incorrect."
VShellSSH2 auth 9 - - wrong_user - - 0 0 0 0 - - "00009: password for user wrong_user rejected"
VShellSSH2 auth 9 10.10.10.54 56355 wrong_user - - 0 0 0 0 10.10.10.164 22 "00009: Authentication failure count for 10.10.10.54 updated to 2 due to authentication failure by user wrong_user"
VShellSSH2 conn 9 - - - - - 0 0 0 0 - - "00009: The transport was aborted with a disconnect packet: Disconnected by application. No more authentication methods available"
andreas is offline  
Closed Thread

Tags
error, flashfxp, wrong, [142859], [r]

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:06 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)