这是indexloc提供的服务,不要输入任何密码
Skip to content

Dual Authentication Not Supported - AuthenticationMethods publickey,password #346

New issue
New issue
Open
Open
Dual Authentication Not Supported - AuthenticationMethods publickey,password#346
Labels
enhancementhelp wanted
@sevsev9

Description

@sevsev9
sevsev9
opened on Jan 29, 2025

The ssh2 crate currently does not support SSH authentication when the server enforces both public key and password authentication in the same session using:

AuthenticationMethods publickey,password

This configuration requires the client to first authenticate with a public key and then provide a password before authentication is considered successful. However, ssh2-rs only supports using one method at a time and does not allow chaining authentication methods in a single session.

Steps to Reproduce:

  1. Configure the SSH server (/etc/ssh/sshd_config) with:
PasswordAuthentication yes
PubkeyAuthentication yes
AuthenticationMethods publickey,password

Restart the SSH service:

sudo systemctl restart ssh
  1. Attempt to authenticate using ssh2-rs with both a key and a password:
let tcp = TcpStream::connect("your.server.com:22")?;
let mut sess = Session::new().unwrap();
sess.set_tcp_stream(tcp);
sess.handshake()?;

// Public key authentication
sess.userauth_pubkey_file("your-user", None, Path::new("/path/to/private_key"), None)?; // fails here

// Password authentication
sess.userauth_password("your-user", "your-password")?;

assert!(sess.authenticated());
  1. The code fails with the error:
{ code: Session(-19), msg: "Invalid signature for supplied public key, or bad username/public key combination" }
  1. Running SSH manually on the same machine works fine:
ssh -i /path/to/private_key user@example.com

Expected Behavior:

The ssh2 crate should allow chaining authentication methods in the same session when the server enforces publickey,password.

Actual Behavior:

  • The first authentication method succeeds (userauth_pubkey_file()), but userauth_password() fails.
  • If userauth_password() is called first, userauth_pubkey_file() is never executed.
  • The crate does not provide a way to handle publickey,password authentication.

Environment:

  • ssh2 crate version: 0.10
  • Rust version: rustc 1.82.0
  • OS: Ubuntu 24.04 LTS
  • SSH Server: OpenSSH_8.9p1

Additional Context:

  • The issue is not related to key format (PEM is used and works with manual SSH).
  • The issue only occurs when publickey,password is enforced by the SSH server.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementhelp wanted

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions