Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No password authentication error #66

Open
fttp0165 opened this issue May 2, 2024 · 3 comments
Open

No password authentication error #66

fttp0165 opened this issue May 2, 2024 · 3 comments
Assignees
Labels
question Further information is requested

Comments

@fttp0165
Copy link

fttp0165 commented May 2, 2024

How to bypass the error when there is no password? Thank
Field_RnD_Services_LIBSSH2_Toolkit.lvlib:Session.lvclass:Password Authentication.vi
[Authentication Error]

@volks73 volks73 added the question Further information is requested label May 2, 2024
@volks73 volks73 changed the title no passworg Authentication Error No password authentication error May 2, 2024
@volks73
Copy link
Member

volks73 commented May 2, 2024

Empty passwords are not supported by the toolkit nor the underlying libssh2 C library that "powers" the LabVIEW functionality.

I have a pretty detailed explanation available in my comment in #42. The recommendation by everyone is to use a password or, better yet, use Public/Private key authentication with no passphrase.

@keinstein
Copy link

I have read #42, but I come to a different conclusion. If your concern is security I have added a comment to #4. Actually I don't see why preventing the cowbot to shoot into his knee will improve security for the server. It is the server who decides whether it allows empty passwords (and ensures security in a different way) or not. One client that does not send empty passwords does not increase the security, as other clients don't have this limitation. So this is merely a bug.

@volks73
Copy link
Member

volks73 commented May 11, 2024

At the time of #42 and my comments, I tested the underlying libssh2 library using the ssh_echo.c example with a CompactRIO that had an empty password. This removed the LabVIEW toolkit and the libssh2lv from the call chain to determine if an empty password not working was a bug in the LabVIEW toolkit or libssh2lv library, i.e., something I have direct control over and could resolve. Only the underlying libssh2 was used and I could not connect to the CompactRIO with an empty password. This indicated an empty password was not a bug within this or the libssh2lv project, i.e., something that could not be resolved here and needed to be addressed "upstream".

A quick search of the bug tracker for the upstream libssh2 project did yield:

  1. Authentication failed with Empty password libssh2/libssh2#1239, but it was closed without further details
  2. libssh2_userauth_password[_ex] always return failed with LIBSSH2_ERROR_AUTHENTICATION_FAILED libssh2/libssh2#699, which is interesting, more below

In libssh2/libssh2#699, they basically did the same experiment as me, but they were not using an empty password. The source of the failure was the difference between "password" and "keyboard-interactive" authentication mechanisms enabled on the server. It is possible that the "password" authentication scheme is disabled on the SSH server for a CompactRIO by NI.

I cannot remember if OpenSSH is used for the server on CompactRIOs or some other customized for NI SSH server is used. This may have also changed recently or be dependent on the firmware version, OS version, and/or CompactRIO hardware.

Unfortunately, I am no longer in a position to retry the experiment or further debug the problem as I no longer have a CompactRIO. The configuration of the SSH server on the CompactRIO will need to be investigated. It is also possible NI has disabled or disallowed empty passwords for the "password" authentication scheme but allows them for the "keyboard-interactive" authentication scheme.

It would be great if someone with a suitable CompactRIO could investigate and retry the experiment with just the libssh2 library to verify if it is a limitation with the SSH server configuration or a bug in libssh2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

3 participants