Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password authentication failing against OpenSSH_6.2 server #154

Closed
ahultgren opened this issue Jul 4, 2014 · 3 comments
Closed

Password authentication failing against OpenSSH_6.2 server #154

ahultgren opened this issue Jul 4, 2014 · 3 comments

Comments

@ahultgren
Copy link

First of all I'm not sure if this error is due to my lack of understanding of ssh or a bug in node-ssh2. Maybe this is something that the server decides?

Anyway, I've set up "Sharing" for a separate account on my Mac to test my modules. It runs the following OpenSSH version:

ssh -v
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

which I guess is standard on OS X 10.9(.3). If I run the script attached below it emits: Error: Authentication failure. Available authentication methods: publickey,keyboard-interactive. But if I turn on tryKeyboard it works, which I find very strange.*

If I run the same script (with or without tryKeyboard) agains a server that runs SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 it works.

I see that you develop against OpenSSH 6.6; is that the only version you plan to support?

To reproduce: https://gist.github.com/ahultgren/803729f9eca906334134

  • Which is where my knowledge fails me. Is this simply something the server can control?
@mscdex
Copy link
Owner

mscdex commented Jul 4, 2014

I see that you develop against OpenSSH 6.6; is that the only version you plan to support?

No, most modern versions of OpenSSH are similar enough that there shouldn't be a problem with compatibility.

If I run the script attached below it emits: Error: Authentication failure. Available authentication methods: publickey,keyboard-interactive. But if I turn on tryKeyboard it works, which I find very strange.

This isn't all that uncommon really. Also, the keyboard-interactive is more of a general purpose question and answer mechanism, although it's almost always used to only ask 'Password: '.

Is this simply something the server can control?

Yes. You can change PasswordAuthentication no in your sshd_config to PasswordAuthentication yes, then you can use the password config setting in ssh2 instead of tryKeyboard: true. However, using passwords (using either the password or keyboard-interactive method) is not as secure as using keys for authentication.

@ahultgren
Copy link
Author

Yes. You can change PasswordAuthentication no in your sshd_config to PasswordAuthentication yes, then you can use the password config setting in ssh2 instead of tryKeyboard: true.

Indeed that was the part I didn't understand. I expected PasswordAuthentication no to disable password login completely, even if through a prompt...

Anyway, PasswordAuthentication yes solved it. Thanks for your patience!

However, using passwords (using either the password or keyboard-interactive method) is not as secure as using keys for authentication.

I completely agree :) But my package needs to support all use cases.

@ahultgren
Copy link
Author

And just in case someone else stumbles on this problem I just found an explanation here: http://superuser.com/a/374234

ChallengeResponseAuthentication controls support for the 'keyboard-interactive' authentication scheme [...]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mscdex @ahultgren