Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

connection issues when both key and password are required #763

Open
girishramv opened this issue Feb 4, 2025 · 3 comments
Open

connection issues when both key and password are required #763

girishramv opened this issue Feb 4, 2025 · 3 comments

Comments

@girishramv
Copy link 

I recently switch from JSCH to this program dues to the weak ciphers. The connect to most servers work except his one. This server requires a key and password, I am not sure if that is causing the problem. When I rollback to use the JSCH the connection works. Here are some logs:

server proposal: ciphers c2s: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],[email protected]
server proposal: ciphers s2c: aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],[email protected]
server proposal: MACs c2s: hmac-sha2-256,hmac-sha2-512,hmac-ripemd160
server proposal: MACs s2c: hmac-sha2-256,hmac-sha2-512,hmac-ripemd160
server proposal: compression c2s: none,zlib
server proposal: compression s2c: none,zlib
server proposal: languages c2s: 
server proposal: languages s2c: 
client proposal: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,[email protected]
client proposal: host key algorithms: ssh-rsa,ssh-dss,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256
client proposal: ciphers c2s: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
client proposal: ciphers s2c: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
client proposal: MACs c2s: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
client proposal: MACs s2c: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
client proposal: compression c2s: none
client proposal: compression s2c: none
client proposal: languages c2s: 
client proposal: languages s2c: 
kex: algorithm: curve25519-sha256
kex: host key algorithm: ssh-dss
kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
SSH_MSG_KEX_ECDH_INIT sent
expecting SSH_MSG_KEX_ECDH_REPLY
ssh_dss_verify: signature true
Permanently added '*********' (DSA) to the list of known hosts.
Reset outgoing sequence number after sending SSH_MSG_NEWKEYS for strict KEX
SSH_MSG_NEWKEYS sent
SSH_MSG_NEWKEYS received
Reset incoming sequence number after receiving SSH_MSG_NEWKEYS for strict KEX
SSH_MSG_SERVICE_REQUEST sent
SSH_MSG_EXT_INFO received
server-sig-algs=<ssh-rsa,rsa-sha2-256,rsa-sha2-512,x509v3-sign-rsa,ssh-dss,x509v3-sign-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519>
SSH_MSG_SERVICE_ACCEPT received
Authentications that can continue: publickey,password
Next authentication method: publickey
PubkeyAcceptedAlgorithms = ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
PubkeyAcceptedAlgorithms in server-sig-algs = [ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, rsa-sha2-256, ssh-rsa, ssh-dss]
rsa-sha2-512 preauth failure
rsa-sha2-256 preauth failure
ssh-rsa preauth failure
Authentications that can continue: password
Next authentication method: password
Disconnecting from ********** port 22
ERROR - [844e48c1-e287-11ef-b4e7-bcc5f6768503]: receiveFile failed
com.jcraft.jsch.JSchSessionDisconnectException: SSH_MSG_DISCONNECT: 11 The maximum number of authentication attempts has been reached. 
	at com.jcraft.jsch.Session.read(Session.java:1316) ~[jsch-0.2.22.jar!/:0.2.22]
	at com.jcraft.jsch.UserAuthPassword.start(UserAuthPassword.java:88) ~[jsch-0.2.22.jar!/:0.2.22]
	at com.jcraft.jsch.Session.connect(Session.java:479) ~[jsch-0.2.22.jar!/:0.2.22]
@girishramv
Copy link
Author 

PreferredAuthentications - publickey,password
jschSession.setConfig("server_host_key", "ssh-rsa,ssh-dss," + jschSession.getConfig(
            "server_host_key"));
jschSession.setConfig("PubkeyAcceptedAlgorithms", jschSession.getConfig(
            "PubkeyAcceptedAlgorithms") + ",ssh-rsa,ssh-dss");

@norrisjeremy
Copy link
Contributor

Hi @girishramv,

Does it work if you add the following when trying to connect to this specific server?

jschSession.setConfig("enable_pubkey_auth_query", "no");

Thanks,
Jeremy

@girishramv
Copy link
Author

I figured out the problem. I do not have a fix yet.
The FTP server I am trying to connect to did not use the ssh key I provided. With JSCH when the publickey authentication failed it would attempt to use the password for authentication and it worked. So I did not know that they failed to add the ssh key. With this version of JSCH (mwiede) the authentication stops at publickey and does not attempt to use the password. How do I configure it to try password authentication if the publickey fails

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@norrisjeremy @girishramv