Opened on Jun 5, 2017 at 5:45:45 PM
Closed on Nov 25, 2020 at 3:38:16 PM
Last modified on Nov 30, 2020 at 2:25:31 PM
#9964 closed enhancement (fixed)
Support for PreferredAuthentications in OpenSSH configuration
Reported by: | anshnd | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | 7.7.2 |
Component: | sftp | Version: | 7.6.1 |
Severity: | major | Keywords: | too many login failures |
Cc: | danmichaelo@… | Architecture: | Intel |
Platform: | macOS 10.15 |
Description (last modified by anshnd)
This is a regression with builds 6.0.4 as well as 5.4.4. I had to revert to 5.2.2 which works as expected.
The problem:
I only have a password to authenticate against this SSH server. Command-line ssh used to give this error because it tries other client certificates before the server gives up. I had since then changed ~/.ssh/config to have these two lines
Host the.host.name.com PreferredAuthentications password
command-line ssh works fine. CyberDuck used to work fine but upgrading to latest build broke this.
Change History (20)
comment:1 Changed on Jun 5, 2017 at 5:47:18 PM by anshnd
- Component changed from core to sftp
- Owner set to dkocher
comment:2 Changed on Jun 5, 2017 at 5:47:38 PM by anshnd
- Severity changed from normal to major
comment:3 Changed on Jun 6, 2017 at 8:29:30 AM by dkocher
- Summary changed from regression: Too many authentication failures for actualusername when using passwords to Too many authentication failures for actualusername when using passwords
comment:4 Changed on Jun 6, 2017 at 8:43:11 AM by dkocher
- Milestone set to 6.1
comment:5 Changed on Jun 26, 2017 at 1:57:19 PM by dkocher
- Summary changed from Too many authentication failures for actualusername when using passwords to Too many authentication failures when using password
comment:6 Changed on Jun 26, 2017 at 2:19:59 PM by dkocher
- Description modified (diff)
comment:7 Changed on Jun 26, 2017 at 2:37:08 PM by dkocher
- Milestone changed from 6.1 to 7.0
comment:8 Changed on Jul 1, 2017 at 5:20:08 PM by anshnd
- Description modified (diff)
comment:9 Changed on Oct 14, 2017 at 7:17:02 PM by dkocher
- Milestone changed from 7.0 to 6.2.9
- Resolution set to worksforme
- Status changed from new to closed
Please double check your bookmark settings does not have a private key selected for public key authentication that is tried first and may lead to an authentication failure if the server has limited the number of auth attempts.
comment:10 Changed on Oct 11, 2020 at 9:05:54 PM by danmichaelo
- Cc danmichaelo@… added
- Milestone changed from 6.2.9 to 8.0
- Platform set to macOS 10.15
- Resolution worksforme deleted
- Status changed from closed to reopened
- Version changed from 6.0.4 to 7.6.1
This issue has plagued me for a long time, to the extent that I use sshfs most of the time instead. If I check my server logs, I can see that Cyberduck tries all my ssh keys:
Oct 11 20:53:30 [REDACTED] sshd[29300]: Connection from [REDACTED] port 56376 on [REDACTED] port 22 Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED] Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED] Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED] Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED] Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED] Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED] Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED] Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED] Oct 11 20:53:31 [REDACTED] sshd[29300]: error: maximum authentication attempts exceeded for pimcore from [REDACTED] port 56376 ssh2 [preauth]
Despite that I did set
Host [REDACTED] PreferredAuthentications password PubkeyAuthentication no
Command line sftp and sshfs works fine. Let me know if I can provide more information to help debugging this. I did try enable debug logging, but it didn't seem like it provided much additional information.
feil 22:53:31.318581+0200 Cyberduck Dying because - Too many authentication failures standard 22:53:31.320296+0200 Cyberduck net.schmizz.sshj.transport.TransportException: [PROTOCOL_ERROR] Too many authentication failures standard 22:53:31.320343+0200 Cyberduck at net.schmizz.sshj.transport.TransportImpl.gotDisconnect(TransportImpl.java:565) standard 22:53:31.320379+0200 Cyberduck at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:521) standard 22:53:31.320413+0200 Cyberduck at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:113) standard 22:53:31.320450+0200 Cyberduck at net.schmizz.sshj.transport.Decoder.received(Decoder.java:203) standard 22:53:31.320480+0200 Cyberduck at net.schmizz.sshj.transport.Reader.run(Reader.java:60)
I'm using Cyberduck 7.6.1, but this has been an issue for a long, long time.
comment:11 Changed on Oct 12, 2020 at 12:07:58 PM by dkocher
- Status changed from reopened to new
comment:12 Changed on Oct 12, 2020 at 3:17:56 PM by dkocher
Refer to OpenSSH Configuration Interoperability. We do not currently support the PreferredAuthentications directive.
comment:13 Changed on Oct 16, 2020 at 10:20:19 AM by dkocher
- Summary changed from Too many authentication failures when using password to Support for PreferredAuthentications in OpenSSH configuration
- Type changed from defect to enhancement
comment:14 Changed on Nov 2, 2020 at 1:24:43 PM by dkocher
- Milestone changed from 8.0 to 7.7.0
Milestone renamed
comment:15 Changed on Nov 2, 2020 at 1:24:43 PM by dkocher
- Milestone changed from 7.7.0 to 8.0.0
Ticket retargeted after milestone closed
comment:16 Changed on Nov 2, 2020 at 1:26:14 PM by dkocher
- Milestone changed from 8.0.0 to 8.0
Milestone renamed
comment:17 Changed on Nov 24, 2020 at 8:10:29 PM by dkocher
- Milestone changed from 8.0 to 7.8.0
comment:18 Changed on Nov 25, 2020 at 3:37:59 PM by yla
In r50180.
comment:19 Changed on Nov 25, 2020 at 3:38:16 PM by yla
- Resolution set to fixed
- Status changed from new to closed
comment:20 Changed on Nov 30, 2020 at 2:25:31 PM by dkocher
- Milestone changed from 7.8.0 to 7.7.2
Milestone renamed
Ticket retargeted after milestone closed