Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bookmark always switches to public key authentication ignoring stored password #8705

Closed
cyberduck opened this issue Mar 26, 2015 · 7 comments
Assignees
Labels
bug sftp SFTP Protocol Implementation worksforme
Milestone

Comments

@cyberduck
Copy link
Collaborator

cf3f237 created the issue

How to reproduce:

  1. Create a bookmark with an SFTP connection, Username and Password (don't check "Use Public Key Authentication"), and check the "Add to Keychain" checkbox.
  2. Open the connection and exit Cyberduck. (The password is now stored in the OS X Keychain.)
  3. Open Cyberduck again and go to that bookmark. The "Login failed" dialog pops up ("Exhausted available authentication methods. Please contact your web hosting service provider for assistance."), prompting for the "Private Key Passphrase", with the "Use Public Key Authentication" checkbox automatically checked, ~/.ssh/id_dsa shown beneath. (The site I use allows SFTP connections with username/password, but no PKA.)

If I move away my ~/.ssh folder (which contains PKs for other sites) temporarily, Cyberduck uses the stored password and logs into the SFTP site without error.

The bookmark should probably memorise the preferred authentication method for the site and not switch to PKA only because a ~/.ssh/id_dsa file is present.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

The automatic selection of ~/.ssh/id_dsais not enabled by default but only when the hidden setting ssh.authentication.publickey.default.enable is set to true.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Can you print the output of defaults read ~/Library/Preferences/ch.sudo.cyberduck.plist | grep ssh. It should be blank if default settings apply.

@cyberduck
Copy link
Collaborator Author

cf3f237 commented

Thanks for getting back. Yes, the output is blank, no ssh setting in there.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

I cannot reproduce this issue. Can you verify that you have not configured ~/.ssh/id_dsa explicitly for this hostname or a Host * wildcard in ~/.ssh/config with a IdentityFile directive.

@cyberduck
Copy link
Collaborator Author

cf3f237 commented

My ~/.ssh/config indeed had a Host * wildcard with an IdentityFile directive. I wasn't aware that Cyberduck follows that file, sorry.

However, for me, Cyberduck's behaviour doesn't change if I add this to the configuration section of the specified host:

PasswordAuthentication yes

PubkeyAuthentication no

PreferredAuthentications password

The behaviour also doesn't change if I comment out the Host * directives completely (exiting Cyberbuck in between all these changes).

Is there some tracing that I can switch on?

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:8 ujay68]:

We currently do not obey PasswordAuthentication, PubkeyAuthentication nor PreferredAuthentications directives.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:8 ujay68]:

The behaviour also doesn't change if I comment out the Host * directives completely (exiting Cyberbuck in between all these changes).

There should be no need to restart the application.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug sftp SFTP Protocol Implementation worksforme
Projects
None yet
Development

No branches or pull requests

2 participants