Cyberduck Mountain Duck CLI

#10337 closed defect (fixed)

sftp password login on FreeBSD

Reported by: fogris Owned by: dkocher
Priority: normal Milestone: 6.6.0
Component: sftp Version: 6.5.0
Severity: normal Keywords: FreeBSD ssh sftp password challenge repsonse
Cc: Architecture: Intel
Platform: macOS 10.13

Description

Hi,

i always have to enter additional login credentials when connecting to a FreeBSD box via ssh using challenge response auth, although i saved the password. Debug log with username and hostname replaced by USER and HOSTNAME, respectively:

May 27 16:46:55 static048 Cyberduck[36143]: [background-6] DEBUG net.schmizz.concurrent.Promise - Setting <<service accept>> to `null`
May 27 16:46:55 static048 Cyberduck[36143]: [background-6] DEBUG net.schmizz.sshj.transport.TransportImpl - Sending SSH_MSG_SERVICE_REQUEST for ssh-userauth
May 27 16:46:55 static048 Cyberduck[36143]: [background-6] DEBUG net.schmizz.concurrent.Promise - Awaiting <<service accept>>
May 27 16:46:55 static048 Cyberduck[36143]: [reader] DEBUG net.schmizz.concurrent.Promise - Setting <<service accept>> to `SOME`
May 27 16:46:55 static048 Cyberduck[36143]: [background-6] DEBUG net.schmizz.sshj.transport.TransportImpl - Setting active service to ssh-userauth
May 27 16:46:55 static048 Cyberduck[36143]: [background-6] DEBUG net.schmizz.concurrent.Promise - Setting <<authenticated>> to `null`
May 27 16:46:55 static048 Cyberduck[36143]: [background-6] DEBUG net.schmizz.sshj.userauth.UserAuthImpl - Trying `keyboard-interactive` auth...
May 27 16:46:55 static048 Cyberduck[36143]: [background-6] DEBUG net.schmizz.concurrent.Promise - Awaiting <<authenticated>>
May 27 16:46:55 static048 Cyberduck[36143]: [reader] DEBUG net.schmizz.sshj.userauth.UserAuthImpl - Asking `keyboard-interactive` method to handle USERAUTH_60 packet
May 27 16:46:55 static048 Cyberduck[36143]: [reader] DEBUG net.schmizz.sshj.userauth.method.AuthKeyboardInteractive - Requesting response for challenge `Password for USER@HOSTNAME:`; echo=false
May 27 16:46:55 static048 Cyberduck[36143]: [reader] DEBUG ch.cyberduck.core.sftp.auth.SFTPChallengeResponseAuthentication - Reply to challenge name  with instruction 
May 27 16:46:55 static048 Cyberduck[36143]: [reader] DEBUG ch.cyberduck.ui.cocoa.callback.PromptLoginCallback - Prompt for credentials for USER
May 27 16:46:55 static048 Cyberduck[36143]: [main] INFO  ch.cyberduck.binding.BundleController - Loading bundle Login

I assume the password prompt (Password for USER@HOSTNAME:) is not recognized by the DEFAULT_PROMPT_PATTERN in SFTPChallengeResponseAuthentication.java. Linux hosts work fine having a login prompt like "USER@HOSTNAME's password:".

Any change to fix this?

BR Felix

Attachments (1)

SFTPChallengeResponseAuthentication.patch (968 bytes) - added by fogris on May 27, 2018 at 9:44:19 PM.
make SFTPChallengeResponseAuthentication.java detect various ssh password prompt

Download all attachments as: .zip

Change History (5)

comment:1 Changed on May 27, 2018 at 6:26:25 PM by dkocher

  • Milestone set to 6.6.0
  • Owner set to dkocher
  • Status changed from new to assigned

comment:2 Changed on May 27, 2018 at 6:27:22 PM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

I suppose we already fixed this with r44241. Please update to the latest snapshot build available.

Changed on May 27, 2018 at 9:44:19 PM by fogris

make SFTPChallengeResponseAuthentication.java detect various ssh password prompt

comment:3 Changed on May 27, 2018 at 9:50:54 PM by fogris

  • Resolution fixed deleted
  • Status changed from closed to reopened

Hi,

latest snapshot does not fix the issue. Linux hosts previously worked since all my Linux boxes have challenge/response disabled in their sshd.conf. Once switched on, the same problem occurs as on FreeBSD where challenge/response is enabled by default.

Please review my trivial patch for SFTPChallengeResponseAuthentication.java. It extends DEFAULT_PROMPT_PATTERN. I have success connecting to various versions of (Open)sshd.

BR Felix

comment:4 Changed on May 28, 2018 at 1:46:00 PM by dkocher

  • Resolution set to fixed
  • Status changed from reopened to closed

In r44394.

Note: See TracTickets for help on using tickets.