Cyberduck Mountain Duck CLI

#9964 new enhancement

Support for PreferredAuthentications in OpenSSH configuration

Reported by: anshnd Owned by: dkocher
Priority: normal Milestone: 8.0
Component: sftp Version: 7.6.1
Severity: major Keywords: too many login failures
Cc: danmichaelo@… Architecture: Intel
Platform: macOS 10.15

Description (last modified by anshnd)

This is a regression with builds 6.0.4 as well as 5.4.4. I had to revert to 5.2.2 which works as expected.

The problem:

I only have a password to authenticate against this SSH server. Command-line ssh used to give this error because it tries other client certificates before the server gives up. I had since then changed ~/.ssh/config to have these two lines

Host the.host.name.com
    PreferredAuthentications password

command-line ssh works fine. CyberDuck used to work fine but upgrading to latest build broke this.

Change History (13)

comment:1 Changed on Jun 5, 2017 at 5:47:18 PM by anshnd

  • Component changed from core to sftp
  • Owner set to dkocher

comment:2 Changed on Jun 5, 2017 at 5:47:38 PM by anshnd

  • Severity changed from normal to major

comment:3 Changed on Jun 6, 2017 at 8:29:30 AM by dkocher

  • Summary changed from regression: Too many authentication failures for actualusername when using passwords to Too many authentication failures for actualusername when using passwords

comment:4 Changed on Jun 6, 2017 at 8:43:11 AM by dkocher

  • Milestone set to 6.1

comment:5 Changed on Jun 26, 2017 at 1:57:19 PM by dkocher

  • Summary changed from Too many authentication failures for actualusername when using passwords to Too many authentication failures when using password

comment:6 Changed on Jun 26, 2017 at 2:19:59 PM by dkocher

  • Description modified (diff)

comment:7 Changed on Jun 26, 2017 at 2:37:08 PM by dkocher

  • Milestone changed from 6.1 to 7.0

Ticket retargeted after milestone closed

comment:8 Changed on Jul 1, 2017 at 5:20:08 PM by anshnd

  • Description modified (diff)

comment:9 Changed on Oct 14, 2017 at 7:17:02 PM by dkocher

  • Milestone changed from 7.0 to 6.2.9
  • Resolution set to worksforme
  • Status changed from new to closed

Please double check your bookmark settings does not have a private key selected for public key authentication that is tried first and may lead to an authentication failure if the server has limited the number of auth attempts.

comment:10 Changed on Oct 11, 2020 at 9:05:54 PM by danmichaelo

  • Cc danmichaelo@… added
  • Milestone changed from 6.2.9 to 8.0
  • Platform set to macOS 10.15
  • Resolution worksforme deleted
  • Status changed from closed to reopened
  • Version changed from 6.0.4 to 7.6.1

This issue has plagued me for a long time, to the extent that I use sshfs most of the time instead. If I check my server logs, I can see that Cyberduck tries all my ssh keys:

Oct 11 20:53:30 [REDACTED] sshd[29300]: Connection from [REDACTED] port 56376 on [REDACTED] port 22
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: error: maximum authentication attempts exceeded for pimcore from [REDACTED] port 56376 ssh2 [preauth]

Despite that I did set

Host [REDACTED]
  PreferredAuthentications password
  PubkeyAuthentication no

Command line sftp and sshfs works fine. Let me know if I can provide more information to help debugging this. I did try enable debug logging, but it didn't seem like it provided much additional information.

feil	22:53:31.318581+0200	Cyberduck	Dying because - Too many authentication failures
standard	22:53:31.320296+0200	Cyberduck	net.schmizz.sshj.transport.TransportException: [PROTOCOL_ERROR] Too many authentication failures
standard	22:53:31.320343+0200	Cyberduck		at net.schmizz.sshj.transport.TransportImpl.gotDisconnect(TransportImpl.java:565)
standard	22:53:31.320379+0200	Cyberduck		at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:521)
standard	22:53:31.320413+0200	Cyberduck		at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:113)
standard	22:53:31.320450+0200	Cyberduck		at net.schmizz.sshj.transport.Decoder.received(Decoder.java:203)
standard	22:53:31.320480+0200	Cyberduck		at net.schmizz.sshj.transport.Reader.run(Reader.java:60)

I'm using Cyberduck 7.6.1, but this has been an issue for a long, long time.

comment:11 Changed on Oct 12, 2020 at 12:07:58 PM by dkocher

  • Status changed from reopened to new

comment:12 Changed on Oct 12, 2020 at 3:17:56 PM by dkocher

Refer to OpenSSH Configuration Interoperability. We do not currently support the PreferredAuthentications directive.

comment:13 Changed on Oct 16, 2020 at 10:20:19 AM by dkocher

  • Summary changed from Too many authentication failures when using password to Support for PreferredAuthentications in OpenSSH configuration
  • Type changed from defect to enhancement
Note: See TracTickets for help on using tickets.
swiss made software