fieldrndservices/libssh2-labview

No password authentication error

fttp0165 opened this issue · 3 comments

How to bypass the error when there is no password? Thank
Field_RnD_Services_LIBSSH2_Toolkit.lvlib:Session.lvclass:Password Authentication.vi
[Authentication Error]

Empty passwords are not supported by the toolkit nor the underlying libssh2 C library that "powers" the LabVIEW functionality.

I have a pretty detailed explanation available in my comment in #42. The recommendation by everyone is to use a password or, better yet, use Public/Private key authentication with no passphrase.

I have read #42, but I come to a different conclusion. If your concern is security I have added a comment to #4. Actually I don't see why preventing the cowbot to shoot into his knee will improve security for the server. It is the server who decides whether it allows empty passwords (and ensures security in a different way) or not. One client that does not send empty passwords does not increase the security, as other clients don't have this limitation. So this is merely a bug.

At the time of #42 and my comments, I tested the underlying libssh2 library using the ssh_echo.c example with a CompactRIO that had an empty password. This removed the LabVIEW toolkit and the libssh2lv from the call chain to determine if an empty password not working was a bug in the LabVIEW toolkit or libssh2lv library, i.e., something I have direct control over and could resolve. Only the underlying libssh2 was used and I could not connect to the CompactRIO with an empty password. This indicated an empty password was not a bug within this or the libssh2lv project, i.e., something that could not be resolved here and needed to be addressed "upstream".

A quick search of the bug tracker for the upstream libssh2 project did yield:

  1. libssh2/libssh2#1239, but it was closed without further details
  2. libssh2/libssh2#699, which is interesting, more below

In libssh2/libssh2#699, they basically did the same experiment as me, but they were not using an empty password. The source of the failure was the difference between "password" and "keyboard-interactive" authentication mechanisms enabled on the server. It is possible that the "password" authentication scheme is disabled on the SSH server for a CompactRIO by NI.

I cannot remember if OpenSSH is used for the server on CompactRIOs or some other customized for NI SSH server is used. This may have also changed recently or be dependent on the firmware version, OS version, and/or CompactRIO hardware.

Unfortunately, I am no longer in a position to retry the experiment or further debug the problem as I no longer have a CompactRIO. The configuration of the SSH server on the CompactRIO will need to be investigated. It is also possible NI has disabled or disallowed empty passwords for the "password" authentication scheme but allows them for the "keyboard-interactive" authentication scheme.

It would be great if someone with a suitable CompactRIO could investigate and retry the experiment with just the libssh2 library to verify if it is a limitation with the SSH server configuration or a bug in libssh2.