Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When SSH_AUTH_KEY failed will not try to auth with SSH_AUTH_PASS when use libssh #11196

Closed
zuoxiaofeng opened this issue May 24, 2023 · 0 comments
Assignees
Labels

Comments

@zuoxiaofeng
Copy link

My ssh server supported following: publickey,password,keyboard-interactive

When I try to request sftp dir list or download file from server got "Authentication failure", the debug log show that curl only have try publickey and keyboard-interactive to do auth but haven't try "password".

When I disable keyboard-interactive auth method in my server curl will try password to auth.

The keyboard-interactive auth method in my server seems cannot work well with some config issue, but the ssh command will also try to auth with password method even when keyboard-interactive failed.

  • !!! WARNING !!!
  • This is a debug build of libcurl, do not use in production.
  • STATE: INIT => CONNECT handle 0xca6d98; line 1951 (connection #-5000)
  • Added connection 0. The cache now contains 1 members
  • STATE: CONNECT => CONNECTING handle 0xca6d98; line 2004 (connection #0)
  • Trying 10.240.196.10:33...
  • Connected to 10.240.196.10 (10.240.196.10) port 33 (#0)
  • STATE: CONNECTING => PROTOCONNECT handle 0xca6d98; line 2112 (connection #0)
  • User: lxce_sftp
  • SSH 0xca5e58 state change from SSH_STOP to SSH_INIT (line 2268)
  • SSH 0xca5e58 state change from SSH_INIT to SSH_S_STARTUP (line 708)
  • STATE: PROTOCONNECT => PROTOCONNECTING handle 0xca6d98; line 2139 (connection #0)
  • SSH 0xca5e58 state change from SSH_S_STARTUP to SSH_HOSTKEY (line 722)
  • SSH 0xca5e58 state change from SSH_HOSTKEY to SSH_AUTHLIST (line 733)
  • SSH 0xca5e58 state change from SSH_AUTHLIST to SSH_AUTH_PKEY_INIT (line 757)
  • Authentication using SSH public key file
  • SSH 0xca5e58 state change from SSH_AUTH_PKEY_INIT to SSH_AUTH_KEY_INIT (line 829)
  • SSH 0xca5e58 state change from SSH_AUTH_KEY_INIT to SSH_AUTH_KEY (line 876)
  • SSH 0xca5e58 state change from SSH_AUTH_KEY to SSH_AUTH_DONE (line 894)
  • Authentication failure
  • SSH 0xca5e58 state change from SSH_AUTH_DONE to SSH_SESSION_DISCONNECT (line 926)
  • SSH 0xca5e58 state change from SSH_SESSION_DISCONNECT to SSH_SESSION_FREE (line 1967)
  • SSH 0xca5e58 state change from SSH_SESSION_FREE to SSH_STOP (line 2015)
  • multi_done: status: 67 prem: 1 done: 0
  • multi_done, not re-using connection=0, forbid=0, close=1, premature=1, conn_multiplex=0
  • The cache now contains 0 members
  • Curl_disconnect(conn #0, dead=1)
  • SSH DISCONNECT starts now
  • SSH DISCONNECT is done
  • Closing connection 0
  • Expire cleared (transfer 0xca6d98)
    curl: (67) Authentication failure

$ curl -V
curl 7.76.1 (x86_64-redhat-linux-gnu) libcurl/7.76.1 OpenSSL/3.0.7 zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.1 (+libidn2/2.3.0) libssh/0.10.4/openssl/zlib nghttp2/1.43.0
Release-Date: 2021-04-14
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets

I did this

I expected the following

curl/libcurl version

[curl -V output]

operating system

@bagder bagder self-assigned this May 24, 2023
bagder added a commit that referenced this issue May 24, 2023
The state machine had a mistake in that it would not carry on to that
next step.

This also adds a verbose output what methods that are available from the
server and renames the macros that change to the next auth methods to
try.

Reported-by: 左潇峰
Fixes #11196
@bagder bagder closed this as completed in be17dc9 May 25, 2023
bch pushed a commit to bch/curl that referenced this issue Jul 19, 2023
The state machine had a mistake in that it would not carry on to that
next step.

This also adds a verbose output what methods that are available from the
server and renames the macros that change to the next auth methods to
try.

Reported-by: 左潇峰
Fixes curl#11196
Closes curl#11197
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging a pull request may close this issue.

2 participants