Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for PreferredAuthentications in OpenSSH configuration #9964

Closed
cyberduck opened this issue Jun 5, 2017 · 9 comments
Closed

Support for PreferredAuthentications in OpenSSH configuration #9964

cyberduck opened this issue Jun 5, 2017 · 9 comments
Assignees
@dkocher
Labels
enhancement fixed sftp SFTP Protocol Implementation
Milestone
7.7.2

Comments

@cyberduck
Copy link
Collaborator

56bd348 created the issue

This is a regression with builds 6.0.4 as well as 5.4.4. I had to revert to 5.2.2 which works as expected.

The problem:

I only have a password to authenticate against this SSH server. Command-line ssh used to give this error because it tries other client certificates before the server gives up. I had since then changed ~/.ssh/config to have these two lines

Host the.host.name.com
    PreferredAuthentications password

command-line ssh works fine. CyberDuck used to work fine but upgrading to latest build broke this.
@cyberduck
Copy link
Collaborator Author

@dkocher commented

Ticket retargeted after milestone closed

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Please double check your bookmark settings does not have a private key selected for public key authentication that is tried first and may lead to an authentication failure if the server has limited the number of auth attempts.

@cyberduck
Copy link
Collaborator Author

1e21afa commented

This issue has plagued me for a long time, to the extent that I use sshfs most of the time instead. If I check my server logs, I can see that Cyberduck tries all my ssh keys:

Oct 11 20:53:30 [REDACTED] sshd[29300]: Connection from [REDACTED] port 56376 on [REDACTED] port 22
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: Failed publickey for pimcore from [REDACTED] port 56376 ssh2: RSA SHA256:[REDACTED]
Oct 11 20:53:31 [REDACTED] sshd[29300]: error: maximum authentication attempts exceeded for pimcore from [REDACTED] port 56376 ssh2 [preauth]

Despite that I did set

Host [REDACTED]
  PreferredAuthentications password
  PubkeyAuthentication no

Command line sftp and sshfs works fine. Let me know if I can provide more information to help debugging this. I did try enable debug logging, but it didn't seem like it provided much additional information.

feil	22:53:31.318581+0200	Cyberduck	Dying because - Too many authentication failures
standard	22:53:31.320296+0200	Cyberduck	net.schmizz.sshj.transport.TransportException: [PROTOCOL_ERROR] Too many authentication failures
standard	22:53:31.320343+0200	Cyberduck		at net.schmizz.sshj.transport.TransportImpl.gotDisconnect(TransportImpl.java:565)
standard	22:53:31.320379+0200	Cyberduck		at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:521)
standard	22:53:31.320413+0200	Cyberduck		at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:113)
standard	22:53:31.320450+0200	Cyberduck		at net.schmizz.sshj.transport.Decoder.received(Decoder.java:203)
standard	22:53:31.320480+0200	Cyberduck		at net.schmizz.sshj.transport.Reader.run(Reader.java:60)

I'm using Cyberduck 7.6.1, but this has been an issue for a long, long time.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Refer to OpenSSH Configuration Interoperability. We do not currently support the PreferredAuthentications directive.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Milestone renamed

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Ticket retargeted after milestone closed

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Milestone renamed

@cyberduck
Copy link
Collaborator Author

@ylangisc commented

In eb9b3b9.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Milestone renamed

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
enhancement fixed sftp SFTP Protocol Implementation
Projects
None yet
Milestone
7.7.2
Development

No branches or pull requests
2 participants
@dkocher @cyberduck