alexcrichton/ssh2-rs

Dual Authentication Not Supported - AuthenticationMethods publickey,password

Open

#346 opened on 2025年1月29日

GitHub で見る
 (0 comments) (0 reactions) (0 assignees)Rust (157 forks)github user discovery
enhancementhelp wanted

Repository metrics

Stars
 (558 stars)
PR merge metrics
 (平均マージ 2d 22h) (30d で 2 merged PRs)

説明

The ssh2 crate currently does not support SSH authentication when the server enforces both public key and password authentication in the same session using:

AuthenticationMethods publickey,password

This configuration requires the client to first authenticate with a public key and then provide a password before authentication is considered successful. However, ssh2-rs only supports using one method at a time and does not allow chaining authentication methods in a single session.

Steps to Reproduce:

  1. Configure the SSH server (/etc/ssh/sshd_config) with:
PasswordAuthentication yes
PubkeyAuthentication yes
AuthenticationMethods publickey,password

Restart the SSH service:

sudo systemctl restart ssh
  1. Attempt to authenticate using ssh2-rs with both a key and a password:
let tcp = TcpStream::connect("your.server.com:22")?;
let mut sess = Session::new().unwrap();
sess.set_tcp_stream(tcp);
sess.handshake()?;

// Public key authentication
sess.userauth_pubkey_file("your-user", None, Path::new("/path/to/private_key"), None)?; // fails here

// Password authentication
sess.userauth_password("your-user", "your-password")?;

assert!(sess.authenticated());
  1. The code fails with the error:
{ code: Session(-19), msg: "Invalid signature for supplied public key, or bad username/public key combination" }
  1. Running SSH manually on the same machine works fine:
ssh -i /path/to/private_key user@example.com

Expected Behavior:

The ssh2 crate should allow chaining authentication methods in the same session when the server enforces publickey,password.

Actual Behavior:

  • The first authentication method succeeds (userauth_pubkey_file()), but userauth_password() fails.
  • If userauth_password() is called first, userauth_pubkey_file() is never executed.
  • The crate does not provide a way to handle publickey,password authentication.

Environment:

  • ssh2 crate version: 0.10
  • Rust version: rustc 1.82.0
  • OS: Ubuntu 24.04 LTS
  • SSH Server: OpenSSH_8.9p1

Additional Context:

  • The issue is not related to key format (PEM is used and works with manual SSH).
  • The issue only occurs when publickey,password is enforced by the SSH server.

コントリビューターガイド