Article delegate-en/4998 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4992@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Delegate 9.8.8 pre 18 - FTP/SFTP proxy and maximum password length
10 Nov 2011 09:49:32 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4992@delegate-en.ML_> on 09/21/11(10:24:23)
you "Trigge, Graham" <ppajabdyi-dyd2yvdbidxr.ml@ml.delegate.org> wrote:
 |I am running the latest version of Delegate as an FTP/SFTP proxy server
 |and has been working well for several years. I would like to find out
 |if there are any password length limitations using Delegate as I have
 |recently added a new destination SFTP server to the configuration and
 |the password being used to access this SFTP server is 11 characters long.
 |I am able to successfully log into the SFTP server manually from the
 |proxy server (not going through Delegate).

I don't think there is a limitation by such a short length.
You might find what is wrong in your case by using "-dG" option of
DeleGate to get detailed logging of the conversation between DeleGate
and sftp.

By the way, I know there has been a problem in sftp/DeleGate that
does not support multiple authentication scheme of sftp (SSH) to be
retried one after another, for example, retrying password based auth.
after the failure of certificate based).  The enclosed patch is an
experimental modification to cope with such case.

Cheers,
Yutaka
--
  9 9   Yutaka Sato (CSDP,ITIL-F,OCUP-A,Security+,ISTQB-F)
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


*** dist/src/delegate9.9.8-pre20/src/sftp.c	Thu Nov 11 22:35:21 2010
--- ./src/sftp.c	Wed Sep 21 13:20:41 2011
***************
*** 295,300 ****
--- 295,303 ----
  	}
  	pid = Forkpty(&pty,(char*)name);
  	if( 0 < pid ){
+   int retrying = 0; /* 110921a for retrying auth. with sftp */
+   IStr(prompt1,sizeof(resp));
+ 
  		PollIn(pty,3*1000); /* wait a response from sftp */
  		LOG_type1 = slog; /* LOG_type1 is on shared memory */
  
***************
*** 307,312 ****
--- 310,316 ----
  		msleep(100);
  		fs = fdopen(pty,"r");
  		relay_resp(fs,-1,15*1000,AVStr(resp),"FORK-1",1);
+ 		strcpy(prompt1,resp);
  
  		if( strstr(resp,"Are you sure you want to continue") ){
  			sprintf(com,"yes\n");
***************
*** 315,320 ****
--- 319,325 ----
  			relay_resp(fs,-1,15*1000,AVStr(resp),"FORK-2",1);
  		}
  
+   for( retrying = 0; retrying < 10; retrying++ ){
  		sprintf(com,"%s\r\n",pass);
  		IGNRETP write(pty,com,strlen(com));
  		DEBUG("--SFTP: sent the password...\n");
***************
*** 325,330 ****
--- 330,340 ----
  		 || strtailstr(resp,"password: ")
  		 || strstr(resp,"Enter passphrase for key")
  		){
+     if( retrying || strtailstr(prompt1,resp) != NULL ){ /* 110921a */
+ 	DEBUG("--SFTP REPEAT %d %s\n",retrying,resp);
+ 	clearVStr(resp);
+ 	continue;
+     }
  			DEBUG("--SFTP %s\n",resp);
  if( lGATEWAY() )
  sv1log("####@@@@ KILL sftp pid=%d\n",pid);
***************
*** 332,337 ****
--- 342,349 ----
  			strcpy(rresp,resp);
  			return -1;
  		}
+     break;
+   }
  
  		sprintf(com,"progress\r\n");
  		IGNRETP write(pty,com,strlen(com));

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V