-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Single authentication attempt and time out. #623
Conversation
I don't fully grasp what this change is attempting to fix: can you provide a more concrete example of what the issue is and how this solves it? |
@@ -193,4 +204,9 @@ public boolean start(Session session) throws Exception { | |||
} | |||
// return false; | |||
} | |||
|
|||
private boolean isMaxFailuresReached(int initial, int current) { | |||
return Boolean.parseBoolean(JSch.getConfig("user_auth_keyboard_interactive_single_attempt")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to use session.getConfig()
, not JSch.getConfig()
so that it can be set on a per Session basis.
I believe you also need to add the config item to Session.applyConfig()
via a Session.checkConfig()
call.
See
jsch/src/main/java/com/jcraft/jsch/Session.java
Line 3207 in d064f44
checkConfig(config, "use_sftp_write_flush_workaround"); |
|
||
// Do not ask re-entering password after the first failure. Useful when authenticating | ||
// with a script that uses the same password every time. | ||
if (Boolean.parseBoolean(JSch.getConfig("user_auth_single_attempt"))) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to use session.getConfig()
, not JSch.getConfig()
so that it can be set on a per Session basis.
I believe you also need to add the config item to Session.applyConfig()
via a Session.checkConfig()
call.
See
jsch/src/main/java/com/jcraft/jsch/Session.java
Line 3207 in d064f44
checkConfig(config, "use_sftp_write_flush_workaround"); |
Thanks for the quick reply and review 👍 Regarding the single attempt, the example is when I use a script and it has an incorrect password I want to fail fast and don't retry because for the next attempt the script will pass the same password and the result will be same, just more time spent. Actually, now it seems that the config option is redundant and the same could be achieved by
as it is done in UserAuthPassword, just need to add that to keyboard interactive and then use |
a1e8e5a
to
e6b4057
Compare
Quality Gate passedIssues Measures |
When authenticating with a script which uses the same password every time, the consecutive attempts with the incorrect password give the same result.
This change adds a preference for a single authentication attempt. When enabled, authentication ends after the first failure and doesn't ask to retry.
Additionally, when time out is set in the session, authentication shouldn't take longer than this time out.