Easily find issues by searching: #<Issue ID>
Example: #1832
Easily find members by searching in: <username>, <first name> and <last name>.
Example: Search smith, will return results smith and adamsmith
If I double click on an SSH server node in the schema tree, I get "invalid privatekey: ..." error node, and I think it's incorrect because an SSH terminal from that node actually opens ok.
I see nothing in the log, which is also probably incorrect.
|
|
53 KB
This error also occurs if the username is saved, but the password is not. If the password is not saved, then we need to prompt the user as we do for database servers.
The reason that shell opened OK is because shell's implementation did not report that invalid-privatekey exception after it is caught; shell just proceeds to creating connection using password authentication.
Made the following changes on the ADS SSH connection object used by non-shell objects (for examples: tree node, system monitor) to match shell's implementation:
(1) If an invalid private key file is specified, a dialog is displayed to let user know that the specified private key file is invalid; the dialog also asks user whether s/he wants to proceed using password authentication. This dialog is disabled by default to match shell's behavior, can be turned on using API provided by ADS SSH connection object.
(2) If a valid private key file is specified but passphrase is incorrect, then a dialog is displayed to let user type in the correct passphrase; the maximum number of passphrase retries is set to 3 by default. The maximum number of retries implemented by shell is 5, most UNIX ssh client would let user retry up to 3 times by default if I remember correctly. The maximum number of passphrase retires can be customized using API provided by ADS SSH connection object.
(3) If private key file is not specified, or public-private key authentication failed, then SSH would try to perform password authentication. When password authentication is conducted and the password is incorrect, a dialog is displayed to let user type in the correct password; the maximum number of password retries is set to 1 by default (requested by Niels) which is different than shell's implementation, shell would allow up to 5 retries. The maximum number of password retries can be customized using API provided by ADS SSH connection object.
*** Notes ***
(a) Since ADS supports ssh-agent like functionality (File -> Options -> SSH Terminal -> Use Key Agent), I made the key map kept in shell implementation accessible to outside. If this is an issue, let me know.
(b) All of non-shell ADS objects that need SSH connection now all switched to the interactive SSH connection described in (1), (2), and (3) above. The only exception is performing secure-copy via drag-and-drop which leverages open API to scp local file(s) to a remote server; ADS scp open API is Ant based, Ant implementation provides no APIs to let caller provide passphrase/password when needed.
(c) I am not sure why ADS let user register a SSH server even Host and/or 'Login Name' is not specified, changes made above did not deal with this. In addition, when user specify a private key file in the server dialog, if the key file is invalid, why ADS wants to save it?
The reason that shell opened OK is because shell's implementation did not report that invalid-privatekey exception after it is caught; shell just proceeds to creating connection using password authentication.
Made the following changes on the ADS SSH connection object used by non-shell objects (for examples: tree node, system monitor) to match shell's implementation:
(1) If an invalid private key file is specified, a dialog is displayed to let user know that the specified private key file is invalid; the dialog also asks user whether s/he wants to proceed using password authentication. This dialog is disabled by default to match shell's behavior, can be turned on using API provided by ADS SSH connection object.
(2) If a valid private key file is specified but passphrase is incorrect, then a dialog is displayed to let user type in the correct passphrase; the maximum number of passphrase retries is set to 3 by default. The maximum number of retries implemented by shell is 5, most UNIX ssh client would let user retry up to 3 times by default if I remember correctly. The maximum number of passphrase retires can be customized using API provided by ADS SSH connection object.
(3) If private key file is not specified, or public-private key authentication failed, then SSH would try to perform password authentication. When password authentication is conducted and the password is incorrect, a dialog is displayed to let user type in the correct password; the maximum number of password retries is set to 1 by default (requested by Niels) which is different than shell's implementation, shell would allow up to 5 retries. The maximum number of password retries can be customized using API provided by ADS SSH connection object.
*** Notes ***
(a) Since ADS supports ssh-agent like functionality (File -> Options -> SSH Terminal -> Use Key Agent), I made the key map kept in shell implementation accessible to outside. If this is an issue, let me know.
(b) All of non-shell ADS objects that need SSH connection now all switched to the interactive SSH connection described in (1), (2), and (3) above. The only exception is performing secure-copy via drag-and-drop which leverages open API to scp local file(s) to a remote server; ADS scp open API is Ant based, Ant implementation provides no APIs to let caller provide passphrase/password when needed.
(c) I am not sure why ADS let user register a SSH server even Host and/or 'Login Name' is not specified, changes made above did not deal with this. In addition, when user specify a private key file in the server dialog, if the key file is invalid, why ADS wants to save it?
Issue #6269 |
| Closed |
| Fixed |
| Resolved |
Completion |
| No due date |
| Fixed Build 11.0.0-rc-81 |
| No time estimate |
This error also occurs if the username is saved, but the password is not. If the password is not saved, then we need to prompt the user as we do for database servers.