Article delegate-en/5002 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4998@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Delegate 9.8.8 pre 18 - FTP/SFTP proxy and maximum password length
16 Nov 2011 01:01:11 GMT "Trigge, Graham" <ppajabdyi-7pkjwoatwjfr.ml@ml.delegate.org>


Yutaka san,

Thank you for your reply. Is it possible to use the "-dG" option for a particular SFTP entry (instead of all connections) as the server in question has many entries and is in production (I am unable to stop it in the middle of the day for testing but can configure the entry and restart the service to assist in debugging).

Regards,

Graham Trigge
Midrange Specialist
Telstra Network Applications and Services
L8, 231 Elizabeth St, Sydney, NSW 2131  Australia

T +60 0 0000 000f   M +60 000 000 00F




This communication may contain confidential or copyright information of Telstra Corporation Limited (ABN 30 000 000 00X). If you are not an intended recipient, you must not keep, forward, copy, use, save or rely on this communication, and any such action is unauthorised and prohibited. If you have received this communication in error, please reply to this email to notify the sender of its incorrect delivery, and then delete both it and your reply..

-----Original Message-----
From: Yutaka Sato [mailto:feedback@delegate.org] 
Sent: Thursday, 10 November 2011 8:49 PM
To: feedback@delegate.org
Cc: Trigge, Graham
Subject: Re: [DeleGate-En] Delegate 9.8.8 pre 18 - FTP/SFTP proxy and maximum password length

Hi,

In message <42205B56DE9EC24AA31C994A500BE5FF171E5469BE@WSMSG3104V.srv.dir.telstra.com> on 09/21/11(10:24:23)
you "Trigge, Graham" <ppajabdyi-7pkjwoatwjfr.ml@ml.delegate.org> wrote:
 |I am running the latest version of Delegate as an FTP/SFTP proxy server
 |and has been working well for several years. I would like to find out
 |if there are any password length limitations using Delegate as I have
 |recently added a new destination SFTP server to the configuration and
 |the password being used to access this SFTP server is 11 characters long.
 |I am able to successfully log into the SFTP server manually from the
 |proxy server (not going through Delegate).

I don't think there is a limitation by such a short length.
You might find what is wrong in your case by using "-dG" option of
DeleGate to get detailed logging of the conversation between DeleGate
and sftp.

By the way, I know there has been a problem in sftp/DeleGate that
does not support multiple authentication scheme of sftp (SSH) to be
retried one after another, for example, retrying password based auth.
after the failure of certificate based).  The enclosed patch is an
experimental modification to cope with such case.

Cheers,
Yutaka
--
  9 9   Yutaka Sato (CSDP,ITIL-F,OCUP-A,Security+,ISTQB-F)
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


*** dist/src/delegate9.9.8-pre20/src/sftp.c	Thu Nov 11 22:35:21 2010
--- ./src/sftp.c	Wed Sep 21 13:20:41 2011
***************
*** 295,300 ****
--- 295,303 ----
  	}
  	pid = Forkpty(&pty,(char*)name);
  	if( 0 < pid ){
+   int retrying = 0; /* 110921a for retrying auth. with sftp */
+   IStr(prompt1,sizeof(resp));
+ 
  		PollIn(pty,3*1000); /* wait a response from sftp */
  		LOG_type1 = slog; /* LOG_type1 is on shared memory */
  
***************
*** 307,312 ****
--- 310,316 ----
  		msleep(100);
  		fs = fdopen(pty,"r");
  		relay_resp(fs,-1,15*1000,AVStr(resp),"FORK-1",1);
+ 		strcpy(prompt1,resp);
  
  		if( strstr(resp,"Are you sure you want to continue") ){
  			sprintf(com,"yes\n");
***************
*** 315,320 ****
--- 319,325 ----
  			relay_resp(fs,-1,15*1000,AVStr(resp),"FORK-2",1);
  		}
  
+   for( retrying = 0; retrying < 10; retrying++ ){
  		sprintf(com,"%s\r\n",pass);
  		IGNRETP write(pty,com,strlen(com));
  		DEBUG("--SFTP: sent the password...\n");
***************
*** 325,330 ****
--- 330,340 ----
  		 || strtailstr(resp,"password: ")
  		 || strstr(resp,"Enter passphrase for key")
  		){
+     if( retrying || strtailstr(prompt1,resp) != NULL ){ /* 110921a */
+ 	DEBUG("--SFTP REPEAT %d %s\n",retrying,resp);
+ 	clearVStr(resp);
+ 	continue;
+     }
  			DEBUG("--SFTP %s\n",resp);
  if( lGATEWAY() )
  sv1log("####@@@@ KILL sftp pid=%d\n",pid);
***************
*** 332,337 ****
--- 342,349 ----
  			strcpy(rresp,resp);
  			return -1;
  		}
+     break;
+   }
  
  		sprintf(com,"progress\r\n");
  		IGNRETP write(pty,com,strlen(com));

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V