OpenBSD OpenSSH & SSH_AUTH_METHOD_INTERACTIVE
Created by: Lennie
A couple of days ago I upgrade my Ubuntu installation from 11.10 with remmina (0.9.3-2) to 12.04 with remmina (1.0.0-1ubuntu5).
And now I can't setup a SSH connection to any OpenBSD server with OpenSSH anymore.
While Debian-based (I tested Debian and Ubuntu) servers with OpenSSH work fine.
The error I get is:
SSH password authentication failed: Access denied. Authentication that can continue: publickey,password,keyboard-interactive
So I looked around at the code and I think this change might be the cause (haven't tested it yet):
static gint remmina_ssh_auth_password (RemminaSSH *ssh) { gint ret; + gint authlist; + gint n; + gint i; if (ssh->authenticated) return 1; if (ssh->password == NULL) return -1; + authlist = ssh_userauth_list (ssh->session, NULL); + if (authlist & SSH_AUTH_METHOD_INTERACTIVE) + { + while ((ret = ssh_userauth_kbdint (ssh->session, NULL, NULL)) == SSH_AUTH_INFO) + { + n = ssh_userauth_kbdint_getnprompts (ssh->session); + for (i = 0; i < n; i++) + { + ssh_userauth_kbdint_setanswer(ssh->session, i, ssh->password); + } + } + } + else + { ret = ssh_userauth_password (ssh->session, NULL, ssh->password); + } if (ret != SSH_AUTH_SUCCESS) { remmina_ssh_set_error (ssh, _("SSH password authentication failed: %s")); return 0; } ssh->authenticated = TRUE; return 1; }
Current source: https://github.com/FreeRDP/Remmina/blob/master/remmina/src/remmina_ssh.c#L120
Change in git as far as I could see:
https://github.com/FreeRDP/Remmina/commit/b79355b1b5ac695c052eac5a80cf63863f0a3c85
To illustrace the problem, when I use openssh client 'ssh' with -v for verbose you can see the difference:
This is the OpenBSD server:
debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: user@localmachine debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /home/user/.ssh/id_rsa debug1: Trying private key: /home/user/.ssh/id_dsa debug1: Trying private key: /home/user/.ssh/id_ecdsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password user@server's password:
This is a Debian-based server:
debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: user@localmachine debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/user/.ssh/id_rsa debug1: Trying private key: /home/user/.ssh/id_dsa debug1: Trying private key: /home/user/.ssh/id_ecdsa debug1: Next authentication method: password root@server's password:
As you can see OpenBSD offers 'keyboard-interactive' and 'password', but Debian only offers 'password'.
If you need an OpenBSD system to test, you could install a virtual machine by downloading the .iso:
/pub/OpenBSD/5.0/i386/install50.iso /pub/OpenBSD/5.0/amd64/install50.iso
from one of the mirrors: http://www.openbsd.org/ftp.html
PS It also doesn't seem to be related to the newer ECDSA keys.