alexcrichton/ssh2-rs

Dual Authentication Not Supported - AuthenticationMethods publickey,password

Open

#346 创建于 2025年1月29日

在 GitHub 查看
 (0 评论) (0 反应) (0 负责人)Rust (157 fork)github user discovery
enhancementhelp wanted

仓库指标

Star
 (558 star)
PR 合并指标
 (平均合并 2天 22小时) (30 天内合并 2 个 PR)

描述

The ssh2 crate currently does not support SSH authentication when the server enforces both public key and password authentication in the same session using:

AuthenticationMethods publickey,password

This configuration requires the client to first authenticate with a public key and then provide a password before authentication is considered successful. However, ssh2-rs only supports using one method at a time and does not allow chaining authentication methods in a single session.

Steps to Reproduce:

  1. Configure the SSH server (/etc/ssh/sshd_config) with:
PasswordAuthentication yes
PubkeyAuthentication yes
AuthenticationMethods publickey,password

Restart the SSH service:

sudo systemctl restart ssh
  1. Attempt to authenticate using ssh2-rs with both a key and a password:
let tcp = TcpStream::connect("your.server.com:22")?;
let mut sess = Session::new().unwrap();
sess.set_tcp_stream(tcp);
sess.handshake()?;

// Public key authentication
sess.userauth_pubkey_file("your-user", None, Path::new("/path/to/private_key"), None)?; // fails here

// Password authentication
sess.userauth_password("your-user", "your-password")?;

assert!(sess.authenticated());
  1. The code fails with the error:
{ code: Session(-19), msg: "Invalid signature for supplied public key, or bad username/public key combination" }
  1. Running SSH manually on the same machine works fine:
ssh -i /path/to/private_key user@example.com

Expected Behavior:

The ssh2 crate should allow chaining authentication methods in the same session when the server enforces publickey,password.

Actual Behavior:

  • The first authentication method succeeds (userauth_pubkey_file()), but userauth_password() fails.
  • If userauth_password() is called first, userauth_pubkey_file() is never executed.
  • The crate does not provide a way to handle publickey,password authentication.

Environment:

  • ssh2 crate version: 0.10
  • Rust version: rustc 1.82.0
  • OS: Ubuntu 24.04 LTS
  • SSH Server: OpenSSH_8.9p1

Additional Context:

  • The issue is not related to key format (PEM is used and works with manual SSH).
  • The issue only occurs when publickey,password is enforced by the SSH server.

贡献者指南