Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libssh2_userauth_password[_ex] always return failed with LIBSSH2_ERROR_AUTHENTICATION_FAILED #699

Closed
cissusnar opened this issue May 17, 2022 · 8 comments
Closed

libssh2_userauth_password[_ex] always return failed with LIBSSH2_ERROR_AUTHENTICATION_FAILED #699

cissusnar opened this issue May 17, 2022 · 8 comments

Comments

@cissusnar
Copy link

Describe the bug
libssh2_userauth_password[_ex] always return failed with LIBSSH2_ERROR_AUTHENTICATION_FAILED

To Reproduce
download latest libssh2.tar.gz
modify user and password in example/ssh2_exec.c .
mkdir build
cd build
cmake ..
make -j8
./example/example-ssh2_exec OR ./example/example-ssh2_exec ip user pwd ls
"Authentication by password failed." (LIBSSH2_ERROR_AUTHENTICATION_FAILED)

Expected behavior
auth successful

Version (please complete the following information):

  • OS and version: I tested your example code on linux and macOS
  • libssh2 version: latest version (1.10.0) and github version
  • crypto backend: openssl

Additional context
I test all of my server and return LIBSSH2_ERROR_AUTHENTICATION_FAILED all of them.
@willco007
Copy link
Member

Could you attach a debug trace or some other information that may be of use to help you figure out this issue (server type, port, etc).

@cissusnar
Copy link
Author

@willco007
I tested on 4 servers, debian 10、debian 11 and two gentoo servers, those are all allow password auth with default sshd configuration(like allow PAM).
I can upload the example binary if you need it :)

@willco007
Copy link
Member

How about a debug log? This passes pw auth unit tests, I personally have this in production with additional pw auth unit tests as do a lot of other folks without issue. I'd venture to guess you've got something slightly misconfigured.

@cissusnar
Copy link
Author

@willco007
You are right.
I double checked the sshd config file all of my servers, those all use the same configuration that is “PasswordAuthentication no”.
But what confuses me is that I can login to any machine with any ssh client via username + password, except ‘libssh2_userauth_password[_ex]’ in libssh2.

@dfandrich
Copy link
Contributor

dfandrich commented May 20, 2022 via email

@cissusnar
Copy link
Author

cissusnar commented May 20, 2022
edited

@willco007
Thank you for your reply.
Here is ssh -v debug info and my sshd_config.

r4s ~ # ssh -v router.lo
OpenSSH_8.9p1, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to router.lo [192.168.2.1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9
debug1: compat_banner: match: OpenSSH_8.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to router.lo:22 as 'root'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:ttey2GupbCD5/LjTkO3u7VOYxgkObqL4LjCTR2MB3UU
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'router.lo' is known and matches the ED25519 host key.
debug1: Found key in /root/.ssh/known_hosts:12
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:xxxxxxx(edited)
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:xxxxxxx(edited)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ecdsa_sk
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Trying private key: /root/.ssh/id_ed25519_sk
debug1: Trying private key: /root/.ssh/id_xmss
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
(root@router.lo) Password:
Authenticated to router.lo ([192.168.2.1]:22) using "keyboard-interactive".
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: client_input_hostkeys: searching /root/.ssh/known_hosts for router.lo / (none)
debug1: client_input_hostkeys: searching /root/.ssh/known_hosts2 for router.lo / (none)
debug1: client_input_hostkeys: hostkeys file /root/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug1: Sending environment.
debug1: channel 0: setting env LANG = "C.UTF8"

sshd_config.zip

@cissusnar
Copy link
Author

cissusnar commented May 20, 2022
edited

Looks like I can use 'keyboard-interactive' but not password, this is the problem, and it's not about libssh2_userauth_password in libssh2.
Sorry to bother you :P

@willco007
Copy link
Member

@cissusnar Glad you got it sorted out. 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dfandrich @cissusnar @willco007