Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

password ssh login must using PreferredAuthentications=password param #996

Closed
clysto opened this issue Jul 17, 2024 · 5 comments
Closed

Comments

@clysto
Copy link
Contributor

clysto commented Jul 17, 2024

without PreferredAuthentications=password

ssh 'admin:ubuntu@0.0.0.0'  -p 2222
Connection closed by 127.0.0.1 port 2222

with PreferredAuthentications=password

ssh 'admin:ubuntu@0.0.0.0' -o PreferredAuthentications=password  -p 2222
admin:ubuntu@0.0.0.0's password:
 Warpgate  Selected target: ubuntu
 Warpgate  Host key (ssh-ed25519): AAAAC3NzaC1lZDI1NTE5AAAAIGZXAkCq4SHKnDTga5MlihfG+ouSNt0sgaKZfOVA9hKl

 ✓ Warpgate connected
Welcome to Ubuntu 23.04 (GNU/Linux 6.2.0-39-generic x86_64)
@clysto
Copy link
Contributor Author

clysto commented Jul 17, 2024

I think the problem is that the line parsing the Public Key throws an error, which causes the client to stop trying other auth methods. The error was thrown due to a change in the parse behavior in russh-keys crate.

https://github.com/warp-tech/russh/blob/5f93b896f7fe426c452de17db0ef4698b06d3e7c/russh/src/server/encrypted.rs#L381

@clysto
Copy link
Contributor Author

clysto commented Jul 17, 2024

The problem is solved when vendord-openssl feature is turned on.

@Eugeny
Copy link
Member

Eugeny commented Jul 17, 2024

Which public key types does your client try to offer? (you can verify it with ssh -v)

@clysto
Copy link
Contributor Author

clysto commented Jul 18, 2024

debug1: Offering public key: /Users/maoyachen/.ssh/id_rsa RSA SHA256:i05UTRwUOymHDeLEYVj9o5it1K/Phf7Qkza6GOpzD18
debug1: Authentications that can continue: password,publickey,keyboard-interactive
debug1: Offering public key: /Users/maoyachen/.ssh/id_rsa RSA-CERT SHA256:i05UTRwUOymHDeLEYVj9o5it1K/Phf7Qkza6GOpzD18
Connection closed by 127.0.0.1 port 2222

@Eugeny
Copy link
Member

Eugeny commented Jul 18, 2024

Thanks - it's specifically CA-signed RSA keys that crash russh - I'll look into it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants