The server drives the authentication by telling the client which
authentication methods can be used to continue the exchange at any
given time. The client has the freedom to try the methods listed by
the server in any order. This gives the server complete control over
the authentication process if desired, but also gives enough
flexibility for the client to use the methods it supports or that are
most convenient for the user, when multiple methods are offered by
We receive the list of allowed authentication methods that can continue only after the first USERAUTH_FAILURE failure.
I see there is a method to properly handle this
The "none" method is reserved, and MUST NOT be listed as supported. However, it MAY be sent by the client. The server MUST always reject this request, unless the client is to be granted access without any authentication, in which case, the server MUST accept this request. The main purpose of sending this request is to get the list of supported methods from the server.
Server is ProFTPd where keyboard-interactive method is not allowed.
Authentication works fine from lftp, filezilla, etc, but from CyberDuck :) Obviously happens both under OSX and Windows
Debug logs from server side (the part that matters here):
From client side:
It'd be nice to try password method first
The text was updated successfully, but these errors were encountered: