opendev/gerrit
Code Issues Proposed changes

SSHD: Prevent double authentication for the same public key

Browse Source 
Openssh client sends two requests, one without a key signature to verify
that the public key is acceptable and the second one with the signature
after having loaded the private key and signed some data for actual
verification.

To prevent that the PublickeyAuthenticator#authenticate is called twice
cache the authentication status for session and public key.  Implement
SessionListener to clean up the cache entry when session is destroyed.

This is a workaround for SSHD bug [1].

[1] https://issues.apache.org/jira/browse/SSHD-300

Inspired-By: Guillaume Nodet <gnodet@apache.org>
Change-Id: Ie8caebd6762125a754c46d821b3c7af2a10edd2b
This commit is contained in:
David Ostrovsky
2014-03-14 23:13:29 +01:00
committed by Shawn Pearce
parent 4e3db18a7d
commit a5959d2216
3 changed files with 83 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java
View File

@@ -81,7 +81,7 @@ public class SshModule extends LifecycleModule {
bind(QueueProvider.class).to(CommandExecutorQueueProvider.class).in(SINGLETON);
bind(GSSAuthenticator.class).to(GerritGSSAuthenticator.class);
bind(PublickeyAuthenticator.class).to(DatabasePubKeyAuth.class);
bind(PublickeyAuthenticator.class).to(CachingPublicKeyAuthenticator.class);
bind(ModuleGenerator.class).to(SshAutoRegisterModuleGenerator.class);
bind(SshPluginStarterCallback.class);