diff options
| author | Thomas Wolf <thomas.wolf@paranor.ch> | 2022-04-01 16:56:05 +0200 |
|---|---|---|
| committer | Thomas Wolf <thomas.wolf@paranor.ch> | 2022-05-01 08:48:44 +0200 |
| commit | 4dd9a94ec532aa2512dc220ab9d2f4929264c741 (patch) | |
| tree | 308e89a844e2caf4757ba53b2682bb94221cdf8e /org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.20.target | |
| parent | 8b8999dca8d71b976da94715e06162510bb51460 (diff) | |
| download | jgit-4dd9a94ec532aa2512dc220ab9d2f4929264c741.tar.gz jgit-4dd9a94ec532aa2512dc220ab9d2f4929264c741.zip | |
[sshd] Better user feedback on authentication failure
When authentication fails, JGit produces an exception with an error
message telling the user that it could not log in (including the host
name). The causal chain has an SshException from Apache MINA sshd with
message "No more authentication methods available".
This is not very helpful. The user was left without any indication why
authentication failed.
Include in the exception message a log of all attempted authentications.
That way, the user can see which keys were tried, in which order and
with which signature algorithms. The log also reports authentication
attempts for gssapi-with-mic or password authentication. For
keyboard-interactive Apache MINA sshd is lacking a callback interface.
The way Apache MINA sshd loads keys from files, the file names are lost
in higher layers. Add a mechanism to record on the session for each
key fingerprint the file it was loaded from, if any. That way the
exception message can refer to keys by file name, which is easier to
understand by users than the rather cryptic key fingerprints.
Bug: 571390
Change-Id: Ic4b6ce6b99f307d5e798fcc91b16b9ffd995d224
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.20.target')
0 files changed, 0 insertions, 0 deletions