From efbae4afb84ef03364a1de349d98413211946ad4 Mon Sep 17 00:00:00 2001
From: Hans Nilsson
Date: Tue, 9 May 2017 18:38:35 +0200
Subject: ssh: Option 'auth_methods' available not only in server but also in
client
---
lib/ssh/src/ssh_connection_handler.erl | 6 +-----
lib/ssh/src/ssh_options.erl | 12 ++++++------
2 files changed, 7 insertions(+), 11 deletions(-)
(limited to 'lib')
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 342583306b..39bd54869f 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -434,11 +434,7 @@ init_ssh_record(Role, Socket, Opts) ->
init_ssh_record(Role, _Socket, PeerAddr, Opts) ->
KeyCb = ?GET_OPT(key_cb, Opts),
- AuthMethods =
- case Role of
- server -> ?GET_OPT(auth_methods, Opts);
- client -> undefined
- end,
+ AuthMethods = ?GET_OPT(auth_methods, Opts),
S0 = #ssh{role = Role,
key_cb = KeyCb,
opts = Opts,
diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl
index 0886d5b34d..6bd6ab74c3 100644
--- a/lib/ssh/src/ssh_options.erl
+++ b/lib/ssh/src/ssh_options.erl
@@ -293,12 +293,6 @@ default(server) ->
class => user_options
},
- {auth_methods, def} =>
- #{default => ?SUPPORTED_AUTH_METHODS,
- chk => fun check_string/1,
- class => user_options
- },
-
{auth_method_kb_interactive_data, def} =>
#{default => undefined, % Default value can be constructed when User is known
chk => fun({S1,S2,S3,B}) ->
@@ -583,6 +577,12 @@ default(common) ->
},
%%%%% Undocumented
+ {auth_methods, def} =>
+ #{default => ?SUPPORTED_AUTH_METHODS,
+ chk => fun check_string/1,
+ class => user_options
+ },
+
{transport, def} =>
#{default => ?DEFAULT_TRANSPORT,
chk => fun({A,B,C}) ->
--
cgit v1.2.3
From 6e9f9cbfc1f69735788651369bf6e288e23fbced Mon Sep 17 00:00:00 2001
From: Hans Nilsson
Date: Wed, 10 May 2017 12:39:02 +0200
Subject: ssh: Doc option 'auth_methods' for client
---
lib/ssh/doc/src/ssh.xml | 13 +++++++++++++
lib/ssh/src/ssh_options.erl | 2 +-
2 files changed, 14 insertions(+), 1 deletion(-)
(limited to 'lib')
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 84b7cdd7a1..c659e093b9 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -293,6 +293,15 @@
connection. For gen_tcp the time is in milli-seconds and the default value is
infinity.
+
+
+ -
+
Comma-separated string that determines which
+ authentication methods that the client shall support and
+ in which order they are tried. Defaults to
+
+
+
-
Provides a username. If this option is not given, ssh
@@ -300,6 +309,7 @@
on UNIX,
on Windows).
+
-
Provides a password for password authentication.
@@ -307,6 +317,7 @@
password, if the password authentication method is
attempted.
+
-
Module implementing the behaviour
+
-
If true, the client does not print anything on authorization.
@@ -466,6 +478,7 @@
authentication methods that the server is to support and
in what order they are tried. Defaults to
+ Note that the client is free to use any order and to exclude methods.
diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl
index 6bd6ab74c3..f98422c324 100644
--- a/lib/ssh/src/ssh_options.erl
+++ b/lib/ssh/src/ssh_options.erl
@@ -576,13 +576,13 @@ default(common) ->
class => user_options
},
-%%%%% Undocumented
{auth_methods, def} =>
#{default => ?SUPPORTED_AUTH_METHODS,
chk => fun check_string/1,
class => user_options
},
+%%%%% Undocumented
{transport, def} =>
#{default => ?DEFAULT_TRANSPORT,
chk => fun({A,B,C}) ->
--
cgit v1.2.3
From 242dddbc918c87571013e7e0acd29b4abbe12911 Mon Sep 17 00:00:00 2001
From: Hans Nilsson
Date: Wed, 10 May 2017 11:42:09 +0200
Subject: ssh: Better error checking for option 'auth_methods'
---
lib/ssh/src/ssh_options.erl | 11 ++++++++++-
lib/ssh/test/ssh_basic_SUITE.erl | 7 ++-----
2 files changed, 12 insertions(+), 6 deletions(-)
(limited to 'lib')
diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl
index f98422c324..78f68dbcb1 100644
--- a/lib/ssh/src/ssh_options.erl
+++ b/lib/ssh/src/ssh_options.erl
@@ -578,7 +578,16 @@ default(common) ->
{auth_methods, def} =>
#{default => ?SUPPORTED_AUTH_METHODS,
- chk => fun check_string/1,
+ chk => fun(As) ->
+ try
+ Sup = string:tokens(?SUPPORTED_AUTH_METHODS, ","),
+ New = string:tokens(As, ","),
+ [] == [X || X <- New,
+ not lists:member(X,Sup)]
+ catch
+ _:_ -> false
+ end
+ end,
class => user_options
},
diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl
index b80c3ed5e2..1e591bc295 100644
--- a/lib/ssh/test/ssh_basic_SUITE.erl
+++ b/lib/ssh/test/ssh_basic_SUITE.erl
@@ -1173,13 +1173,10 @@ login_bad_pwd_no_retry3(Config) ->
login_bad_pwd_no_retry(Config, "password,publickey,keyboard-interactive").
login_bad_pwd_no_retry4(Config) ->
- login_bad_pwd_no_retry(Config, "password,other,keyboard-interactive").
+ login_bad_pwd_no_retry(Config, "password,keyboard-interactive").
login_bad_pwd_no_retry5(Config) ->
- login_bad_pwd_no_retry(Config, "password,other,keyboard-interactive,password,password").
-
-
-
+ login_bad_pwd_no_retry(Config, "password,keyboard-interactive,password,password").
login_bad_pwd_no_retry(Config, AuthMethods) ->
--
cgit v1.2.3