Cyberduck Mountain Duck CLI

#8705 closed defect (worksforme)

Bookmark always switches to public key authentication ignoring stored password

Reported by: ujay68 Owned by: dkocher
Priority: normal Milestone: 4.7
Component: sftp Version: 4.6.5
Severity: normal Keywords:
Cc: Architecture: Intel
Platform:

Description (last modified by ujay68)

How to reproduce:

  1. Create a bookmark with an SFTP connection, Username and Password (don't check "Use Public Key Authentication"), and check the "Add to Keychain" checkbox.
  2. Open the connection and exit Cyberduck. (The password is now stored in the OS X Keychain.)
  3. Open Cyberduck again and go to that bookmark. The "Login failed" dialog pops up ("Exhausted available authentication methods. Please contact your web hosting service provider for assistance."), prompting for the "Private Key Passphrase", with the "Use Public Key Authentication" checkbox automatically checked, ~/.ssh/id_dsa shown beneath. (The site I use allows SFTP connections with username/password, but no PKA.)

If I move away my ~/.ssh folder (which contains PKs for other sites) temporarily, Cyberduck uses the stored password and logs into the SFTP site without error.

The bookmark should probably memorise the preferred authentication method for the site and not switch to PKA only because a ~/.ssh/id_dsa file is present.

Change History (10)

comment:1 Changed on Mar 26, 2015 at 9:31:24 PM by ujay68

  • Description modified (diff)

comment:2 Changed on Mar 27, 2015 at 2:29:31 PM by dkocher

  • Component changed from core to sftp
  • Owner set to dkocher
  • Summary changed from SFTP bookmark always switches to public key authentication, ignoring stored password to Bookmark always switches to public key authentication ignoring stored password

comment:3 Changed on Mar 27, 2015 at 2:32:29 PM by dkocher

The automatic selection of ~/.ssh/id_dsais not enabled by default but only when the hidden setting ssh.authentication.publickey.default.enable is set to true.

comment:4 Changed on Mar 27, 2015 at 2:37:35 PM by dkocher

  • Milestone set to 4.7

Can you print the output of defaults read ~/Library/Preferences/ch.sudo.cyberduck.plist | grep ssh. It should be blank if default settings apply.

comment:5 Changed on Mar 28, 2015 at 7:51:36 AM by ujay68

Thanks for getting back. Yes, the output is blank, no ssh setting in there.

comment:6 Changed on Mar 28, 2015 at 9:06:52 PM by dkocher

  • Status changed from new to assigned

comment:7 Changed on Mar 29, 2015 at 9:48:14 PM by dkocher

  • Resolution set to worksforme
  • Status changed from assigned to closed

I cannot reproduce this issue. Can you verify that you have not configured ~/.ssh/id_dsa explicitly for this hostname or a Host * wildcard in ~/.ssh/config with a IdentityFile directive.

comment:8 follow-ups: Changed on Mar 29, 2015 at 10:29:48 PM by ujay68

My ~/.ssh/config indeed had a Host * wildcard with an IdentityFile directive. I wasn't aware that Cyberduck follows that file, sorry.

However, for me, Cyberduck's behaviour doesn't change if I add this to the configuration section of the specified host:

PasswordAuthentication yes
PubkeyAuthentication no
PreferredAuthentications password

The behaviour also doesn't change if I comment out the Host * directives completely (exiting Cyberbuck in between all these changes).

Is there some tracing that I can switch on?

comment:9 in reply to: ↑ 8 Changed on Mar 31, 2015 at 5:40:45 PM by dkocher

Replying to ujay68:

We currently do not obey PasswordAuthentication, PubkeyAuthentication nor PreferredAuthentications directives.

comment:10 in reply to: ↑ 8 Changed on Mar 31, 2015 at 5:41:31 PM by dkocher

Replying to ujay68:

The behaviour also doesn't change if I comment out the Host * directives completely (exiting Cyberbuck in between all these changes).

There should be no need to restart the application.

Note: See TracTickets for help on using tickets.
swiss made software