SFTP keyboard interactive ssh: handshake failed

[eugenov]

What is the problem you are having with rclone?

Hello!
When I'm trying mount Asustor NAS, there is no methods other than keyboard-interactive. But with

[home]
type = sftp
host = IP
user = root
pass = obfuscatedpass
disable_hashcheck = true
use_insecure_cipher = true
ask_password = true

in my config mount fails. Seems similar: #4177

What is your rclone version (output from rclone version)

rclone v1.58.1

• os/version: Microsoft Windows 11 Pro 21H2 (64 bit)
• os/kernel: 10.0.22000.708 (x86_64)
• os/type: windows
• os/arch: amd64
• go/version: go1.17.9
• go/linking: dynamic
• go/tags: cmount

Which OS you are using and how many bits (e.g. Windows 7, 64 bit)

Win11 22000.708

Which cloud storage system are you using? (e.g. Google Drive)

SFTP

The command you were trying to run (e.g. rclone copy /tmp remote:tmp)

start C:\Users\user\apps\rclone\rclone.exe --config C:\Users\user\apps\rclone\rclone.conf -vv --log-file C:\Users\user\apps\rclone\logs\home.txt --cache-dir . --temp-dir . mount "home:/" "C:\Users\user\rclone\home" --vfs-cache-mode full --no-console

A log from the command with the -vv flag (e.g. output from rclone -vv copy /tmp remote:tmp)

...
2022/06/15 16:13:04 DEBUG : pacer: Rate limited, increasing sleep to 2s
2022/06/15 16:13:13 DEBUG : sftp://root@IP:22//: keyboard interactive auth requested
2022/06/15 16:13:15 DEBUG : pacer: low level retry 10/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none keyboard-interactive], no supported methods remain)
2022/06/15 16:13:15 Failed to create file system for "home:/": NewFs: couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none keyboard-interactive], no supported methods remain

[ncw]

ask_password = true

You probably don't want this - rclone will be waiting for you to type the password.

[eugenov]

You probably don't want this

You're right, it was one of config edits to match right options.

[ncw]

So does it work now or is there still a problem?

[eugenov]

Still an issue. This was one of many edits, no luck, though.

[ncw]

Let's start with the obvious... Are you sure the username and password are correct? Remember the password needs to be run through rclone obscure.

Assuming those are correct, then this is some sort of ssh handshaking problem.

Can you log in with ssh and that user and password?

If so can you do ssh -vvv user@IP and we can take a look at what ssh negotiates.

It would be worth trying the latest beta too, just in case.

[eugenov]

Let's start with the obvious... Are you sure the username and password are correct? Remember the password needs to be run through rclone obscure.

It has been done :)

ssh -vvv user@IP

PS C:\Users\gene> ssh admin@192.168.0.254 -vvv
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\gene/.ssh/config
debug1: Reading configuration data __PROGRAMDATA__\\ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.0.254 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.254 [192.168.0.254] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/gene/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_rsa.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/gene/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_rsa-cert.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/gene/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_dsa.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/gene/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_dsa-cert.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/gene/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_ecdsa.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/gene/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_ecdsa-cert.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/gene/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_ed25519.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/gene/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_ed25519-cert.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/gene/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_xmss.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/gene/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/gene/.ssh/id_xmss-cert.pub error:2
debug1: identity file C:\\Users\\gene/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2
debug1: match: OpenSSH_8.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.254:22 as 'admin'
debug3: hostkeys_foreach: reading file "C:\\Users\\gene/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\\Users\\gene/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from 192.168.0.254
debug3: Failed to open file:C:/Users/gene/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:somehash
debug3: hostkeys_foreach: reading file "C:\\Users\\gene/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file C:\\Users\\gene/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from 192.168.0.254
debug3: Failed to open file:C:/Users/gene/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host '192.168.0.254' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\gene/.ssh/known_hosts:3
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\gene/.ssh/id_rsa
debug1: Will attempt key: C:\\Users\\gene/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\gene/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\gene/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\gene/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\gene/.ssh/id_rsa
debug3: no such identity: C:\\Users\\gene/.ssh/id_rsa: No such file or directory
debug1: Trying private key: C:\\Users\\gene/.ssh/id_dsa
debug3: no such identity: C:\\Users\\gene/.ssh/id_dsa: No such file or directory
debug1: Trying private key: C:\\Users\\gene/.ssh/id_ecdsa
debug3: no such identity: C:\\Users\\gene/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: C:\\Users\\gene/.ssh/id_ed25519
debug3: no such identity: C:\\Users\\gene/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: C:\\Users\\gene/.ssh/id_xmss
debug3: no such identity: C:\\Users\\gene/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
Password:
debug3: send packet: type 61
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: send packet: type 61
debug3: receive packet: type 52
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 192.168.0.254 ([192.168.0.254]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug3: This windows OS supports conpty
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug3: Successfully set console output code page from:65001 to 65001
debug3: Successfully set console input code page from:866 to 65001
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
admin@Asustor:/volume1/home/admin $ debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
admin@Asustor:/volume1/home/admin $ debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
admin@Asustor:/volume1/home/admin $ debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
admin@Asustor:/volume1/home/admin $ debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
debug3: send packet: type 98
admin@Asustor:/volume1/home/admin $

Latest beta will be tested right now.
UPD: nope, still the same.
UPD2: I reobscured my password with latest beta and right now rclone mount works perfect. Do not know what was the source of issue - my typo or smth else (I fear it was me (((). Thanks for your help!
Closing.

[ncw]

Glad you got it working. I'd be interested if you work out what the problem was - maybe it is something we could fix / document better?

[eugenov]

Sure, I could test 1.58.1 with rclone obscure and write results here. BTW documentation is really good, thank you!

[eugenov]

Made some tests - something wrong with obscuring/deobscuring in 1.58.1 version. Didn't managed to mount with obscured pass again. 1.59.0 is OK though...