user auth failure, auth type is password.

[MoskalykA]

Greeting, I get this error "user auth failure, auth type is password." however I can connect with my SSH key

[HsuJv]

Hi @MoskalykA ,

Is it okay to show your codes here and provide env info such as the version of ssh-server and target OS.

Also, cloud you provide the log with ssh::is_enable_log(true); on?

BRs.

[1148118271]

You can also check if your server's sshd_config has password login disabled.

vim /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes

[MoskalykA]

/etc/ssh/sshd_config

My code:

SSH Version: OpenSSH_9.0p1 Ubuntu-1ubuntu7, OpenSSL 3.0.5 5 Jul 2022
OS: Ubuntu 22.10

Logs:

[SSH]-[INFO]: prepare for version negotiation.
[SSH]-[INFO]: server version: [SSH-2.0-OpenSSH_9.0p1 Ubuntu-1ubuntu7]
[SSH]-[INFO]: client version: [SSH-2.0-SSH_RS-0.2.1]
[SSH]-[INFO]: version negotiation was successful.
[SSH]-[INFO]: prepare for key negotiation.
[SSH]-[INFO]: client algorithms: ["curve25519-sha256,ecdh-sha2-nistp256","ssh-ed25519,ssh-rsa","chacha20-poly1305@openssh.com,aes128-ctr","chacha20-poly1305@openssh.com,aes128-ctr","hmac-sha1","hmac-sha1","none","none"]
[SSH]-[INFO]: server algorithms: ["sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256","rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519","chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com","chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com","umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1","umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1","none,zlib@openssh.com","none,zlib@openssh.com"]
[SSH]-[INFO]: signature verification success.
[SSH]-[INFO]: send new keys
[SSH]-[INFO]: key negotiation successful.
[SSH]-[INFO]: public key authentication.
[SSH]-[ERROR]: user auth failure.
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Error: { Kind(SshError("user auth failure, auth type is password.")), Message(user auth failure, auth type is password.) }', src\main.rs:114:42
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
[SSH]-[TRACE]: returning
[SSH]-[TRACE]: event Readable Token(4194303)
[SSH]-[TRACE]: loop process - 1 events, 0.000s

[MoskalykA]

You can also check if your server's sshd_config has password login disabled.

vim /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes

This does not work

[MoskalykA]

However, with these versions, it works:
OS: Ubuntu 20.04.4 LTS
SSH: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020

[HsuJv]

Hi @MoskalykA

Please add the following line to your sshd_config and test again

pubkeyacceptedalgorithms ssh-rsa

Or you can add the default algorithm list listed in sshd -T | grep pubkeyacceptedalgorithms

pubkeyacceptedalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256

and then append ssh-rsa to this line

BRs.

[HsuJv]

According to the changlog from OpenSSH 8.7

Imminent deprecation notice
===========================

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.