NPE when trying to connect to OpenSuse Leap 15.5

[granbebe]

Hello,
I have an issue with the following configuration :

• OpenSuse Leap 15.5 standard SSH config (the one you get just after installing minimal server OS)
• jsch 0.2.9 or jsch 0.2.1 (tested both version)
• Connecting using a rsa key or an ecdsa key (generated by jsch)
• The used key is not a valid one on the OpenSuse server

I expect something like this : Algorithm negotiation fail
I get Cannot read the array length because "foo" is null

Caused by: java.lang.NullPointerException: Cannot read the array length because "foo" is null
at com.jcraft.jsch.Buffer.putString(Buffer.java:65) ~[jsch-0.2.9.jar:0.2.9]
at com.jcraft.jsch.UserAuthKeyboardInteractive.start(UserAuthKeyboardInteractive.java:175) ~[jsch-0.2.9.jar:0.2.9]
at com.jcraft.jsch.Session.connect(Session.java:458) ~[jsch-0.2.9.jar:0.2.9]
at com.jcraft.jsch.Session.connect(Session.java:187) ~[jsch-0.2.9.jar:0.2.9]
at MY OWN CODE CALLING session.connect()
... 51 more

There is no issue if the provided key is valid.
There is no such NPE if the server is CentOS (in its default config)

The error (NPE) does not help my users to understand that they just have set the wrong ssh key.

Is it a good solution to adapt com.jcraft.jsch.UserAuthKeyboardInteractive.start(UserAuthKeyboardInteractive.java:175) from

buf.putString(response[i]);

to

buf.putString(null == response[i] ? Util.empty : response[I]);

Best regards,

[norrisjeremy]

Hi @granbebe,

When you attempt to connect to CentOS with an invalid key, do you get a JSchException instead of a NPE like you to with openSUSE?

Thanks,
Jeremy

[norrisjeremy]

Hi @granbebe,

Also do you have some sort of UserInfo implementation that you are adding via session.setUserInfo() prior to calling session.connect()?

Thanks,
Jeremy

[granbebe]

Hi,
When trying to connect to CentOs with an invalid key, I get this :

Caused by: com.jcraft.jsch.JSchException: Auth cancel for methods 'publickey,gssapi-keyex,gssapi-with-mic,password'

Which is perfect.

I do have an implementation of UserInfo. I use a class that implements both UserInfo and UIKeyboardInteractive mostly to log some details (as the prompt) and handle the user/password authentication (when selected by the user).

Best regards

[norrisjeremy]

Hi @granbebe,

I believe you are getting this NPE because your UserInfo implementation is flawed.
For it's implementation of promptKeyboardInteractive(), you must ensure that each element of the returned String[] is not null.

Thanks,
Jeremy

[granbebe]

Hi,

Thank you for this information.
I updated my implementation of promptKeyboardInteractive() to transform NULL password to an empty string and there is no more NPE. I have now

SSH_MSG_DISCONNECT: 2 Too many authentication failures

This is better as our users will understand that the issue is related to a bad configuration of their SSH key.

I settled for an empty string as it is the same as updating the code of UserAuthKeyboardInteractive the way I was thinking.

For my use case, this issue is resolved. Should I close it now or do you want a pull request with the change of UserAuthKeyboardInteractive ?

Best regards,

[norrisjeremy]

Hi @granbebe,

Please keep this open for now.
I will be working on a PR to more gracefully handle UserInfo implementations that return NULL elements in the returned String[] from their promptKeyboardInteractive() implementations and will likely ask if you can test and confirm the proposed fix.

Thanks,
Jeremy

[norrisjeremy]

Hi @granbebe,

Can you test with the JSch jar produced by Github CI from my #363 located here and confirm if it fixes the issue you are seeing with openSUSE whenever your UserInfo implementation returns NULL elements?

Thanks,
Jeremy

[granbebe]

Hello,

Sorry for the delay.
I've tested with the version you gave me and my old code.
There is no NPE anymore.
The result is now :

SSH_MSG_DISCONNECT: 2 Too many authentication failures

Thank you for your time and your work.

Best regards