2
votes

I have setup Apache Mina Sshd SFTP server and i add some user permission into it.To test i use Winscp But i can connect with server with out typing correct password and user name.It seems like SetPasswordAuthenticator method never called.So i would like to know that how can i setup username and password for my apache mina sshd SFTP server for start up secured server.

My server code,

sshd = SshServer.setUpDefaultServer();
    sshd.setPort(2525);
    sshd.setHost("172.xx.xx.xx");
    sshd.setPasswordAuthenticator(new MyPasswordAuthenticator());
    sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider());
    sshd.setSubsystemFactories(Arrays.<NamedFactory<Command>> asList(new SftpSubsystem.Factory()));

    List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<NamedFactory<UserAuth>>();
    userAuthFactories.add(new UserAuthNone.Factory());
    sshd.setUserAuthFactories(userAuthFactories);

    sshd.setCommandFactory(new ScpCommandFactory());

    sshd.setKeyExchangeFactories(Arrays
            .<NamedFactory<KeyExchange>> asList(new DHG1.Factory()));
    sshd.setCommandFactory(new ScpCommandFactory());
    sshd.setFileSystemFactory(new VirtualFileSystemFactory("C:/root"));

MyPasswordAuthenticator code,

public class MyPasswordAuthenticator implements PasswordAuthenticator {

public boolean authenticate(String username, String password, ServerSession session) {
    boolean retour = false;

    if ("user".equals(username) && "123".equals(password)) {
        retour = true;
    }

    return retour;
}

}

Maven dependency,

<dependency>
        <groupId>org.apache.mina</groupId>
        <artifactId>mina-core</artifactId>
        <version>2.0.9</version>
    </dependency>
    <dependency>
        <groupId>org.apache.sshd</groupId>
        <artifactId>sshd-sftp</artifactId>
        <version>0.11.0</version>
    </dependency>

    <dependency>
        <groupId>org.apache.sshd</groupId>
        <artifactId>sshd-core</artifactId>
        <version>0.14.0</version>
    </dependency>

I am new to Apache Mina Sshd.Appreciate any help.

1

1 Answers

4
votes

Finally i found out where it went wrong.By removing below code snippet you can execute sshd.setPasswordAuthenticator on server .

List<NamedFactory<UserAuth>> userAuthFactories = new  ArrayList<NamedFactory<UserAuth>>();
userAuthFactories.add(new UserAuthNone.Factory());
sshd.setUserAuthFactories(userAuthFactories);

Note:If you need more security you can use above code snippet with proper implementation but just only adding sshd.setPasswordAuthenticator(new MyPasswordAuthenticator()); you can set basic password authentication for your server.