Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dual Authentication Not Supported - AuthenticationMethods publickey,password #346

Open
sevsev9 opened this issue Jan 29, 2025 · 0 comments
Open

Dual Authentication Not Supported - AuthenticationMethods publickey,password #346

sevsev9 opened this issue Jan 29, 2025 · 0 comments

Comments

@sevsev9
Copy link

sevsev9 commented Jan 29, 2025

The ssh2 crate currently does not support SSH authentication when the server enforces both public key and password authentication in the same session using:

AuthenticationMethods publickey,password

This configuration requires the client to first authenticate with a public key and then provide a password before authentication is considered successful. However, ssh2-rs only supports using one method at a time and does not allow chaining authentication methods in a single session.

Steps to Reproduce:

  1. Configure the SSH server (/etc/ssh/sshd_config) with:
PasswordAuthentication yes
PubkeyAuthentication yes
AuthenticationMethods publickey,password

Restart the SSH service:

sudo systemctl restart ssh
  1. Attempt to authenticate using ssh2-rs with both a key and a password:
let tcp = TcpStream::connect("your.server.com:22")?;
let mut sess = Session::new().unwrap();
sess.set_tcp_stream(tcp);
sess.handshake()?;

// Public key authentication
sess.userauth_pubkey_file("your-user", None, Path::new("/path/to/private_key"), None)?; // fails here

// Password authentication
sess.userauth_password("your-user", "your-password")?;

assert!(sess.authenticated());
  1. The code fails with the error:
{ code: Session(-19), msg: "Invalid signature for supplied public key, or bad username/public key combination" }
  1. Running SSH manually on the same machine works fine:
ssh -i /path/to/private_key [email protected]

Expected Behavior:

The ssh2 crate should allow chaining authentication methods in the same session when the server enforces publickey,password.

Actual Behavior:

  • The first authentication method succeeds (userauth_pubkey_file()), but userauth_password() fails.
  • If userauth_password() is called first, userauth_pubkey_file() is never executed.
  • The crate does not provide a way to handle publickey,password authentication.

Environment:

  • ssh2 crate version: 0.10
  • Rust version: rustc 1.82.0
  • OS: Ubuntu 24.04 LTS
  • SSH Server: OpenSSH_8.9p1

Additional Context:

  • The issue is not related to key format (PEM is used and works with manual SSH).
  • The issue only occurs when publickey,password is enforced by the SSH server.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sevsev9