Support for PreferredAuthentications in OpenSSH configuration

[cyberduck]

56bd348 created the issue

This is a regression with builds 6.0.4 as well as 5.4.4. I had to revert to 5.2.2 which works as expected.

The problem:

I only have a password to authenticate against this SSH server. Command-line ssh used to give this error because it tries other client certificates before the server gives up. I had since then changed ~/.ssh/config to have these two lines

Host the.host.name.com
    PreferredAuthentications password

command-line ssh works fine. CyberDuck used to work fine but upgrading to latest build broke this.

[cyberduck]

@dkocher commented

Ticket retargeted after milestone closed

[cyberduck]

@dkocher commented

Please double check your bookmark settings does not have a private key selected for public key authentication that is tried first and may lead to an authentication failure if the server has limited the number of auth attempts.

[cyberduck]

1e21afa commented

This issue has plagued me for a long time, to the extent that I use sshfs most of the time instead. If I check my server logs, I can see that Cyberduck tries all my ssh keys:

Oct 11 20:53:30 [REDACTED] sshd[29300]: Connection from [REDACTED] port 56376 on [REDACTED] port 22
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: error: maximum authentication attempts exceeded for pimcore from [REDACTED] port 56376 ssh2 [preauth]

Despite that I did set

Host [REDACTED]
  PreferredAuthentications password
  PubkeyAuthentication no

Command line sftp and sshfs works fine. Let me know if I can provide more information to help debugging this. I did try enable debug logging, but it didn't seem like it provided much additional information.

feil	22:53:31.318581+0200	Cyberduck	Dying because - Too many authentication failures
standard	22:53:31.320296+0200	Cyberduck	net.schmizz.sshj.transport.TransportException: [PROTOCOL_ERROR] Too many authentication failures
standard	22:53:31.320343+0200	Cyberduck		at net.schmizz.sshj.transport.TransportImpl.gotDisconnect(TransportImpl.java:565)
standard	22:53:31.320379+0200	Cyberduck		at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:521)
standard	22:53:31.320413+0200	Cyberduck		at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:113)
standard	22:53:31.320450+0200	Cyberduck		at net.schmizz.sshj.transport.Decoder.received(Decoder.java:203)
standard	22:53:31.320480+0200	Cyberduck		at net.schmizz.sshj.transport.Reader.run(Reader.java:60)

I'm using Cyberduck 7.6.1, but this has been an issue for a long, long time.

[cyberduck]

@dkocher commented

Refer to OpenSSH Configuration Interoperability. We do not currently support the PreferredAuthentications directive.

[cyberduck]

@dkocher commented

Milestone renamed

[cyberduck]

@dkocher commented

Ticket retargeted after milestone closed

[cyberduck]

@dkocher commented

Milestone renamed

[cyberduck]

@ylangisc commented

In eb9b3b9.

[cyberduck]

@dkocher commented

Milestone renamed