|
 |
f3fc18 |
From 916f90972af60576591dea4a4f1d07e4dae6d9cf Mon Sep 17 00:00:00 2001
|
|
|
f3fc18 |
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
|
f3fc18 |
Date: Thu, 5 Jan 2023 11:29:32 +0000
|
|
|
f3fc18 |
Subject: [PATCH] ssh: Improve the error message when all authentication
|
|
|
f3fc18 |
methods fail
|
|
|
f3fc18 |
|
|
|
f3fc18 |
The current error message:
|
|
|
f3fc18 |
|
|
|
f3fc18 |
nbdkit: ssh[1]: error: all possible authentication methods failed
|
|
|
f3fc18 |
|
|
|
f3fc18 |
is confusing and non-actionable. It's hard even for experts to
|
|
|
f3fc18 |
understand the relationship between the authentication methods offered
|
|
|
f3fc18 |
by a server and what we require.
|
|
|
f3fc18 |
|
|
|
f3fc18 |
Try to improve the error message in some common situations, especially
|
|
|
f3fc18 |
where password authentication on the server side is disabled but the
|
|
|
f3fc18 |
client supplied a password=... parameter. After this change, you will
|
|
|
f3fc18 |
see an actionable error:
|
|
|
f3fc18 |
|
|
|
f3fc18 |
nbdkit: ssh[1]: error: the server does not offer password
|
|
|
f3fc18 |
authentication but you tried to use a password; if you have root
|
|
|
f3fc18 |
access to the server, try editing 'sshd_config' and setting
|
|
|
f3fc18 |
'PasswordAuthentication yes'; otherwise try setting up public key
|
|
|
f3fc18 |
authentication
|
|
|
f3fc18 |
|
|
|
f3fc18 |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2158300
|
|
|
f3fc18 |
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
f3fc18 |
(cherry picked from commit bea88cff5ac9c42f1a068ad24d43d5ed0506edaa)
|
|
|
f3fc18 |
---
|
|
|
f3fc18 |
plugins/ssh/ssh.c | 22 ++++++++++++++++++++++
|
|
|
f3fc18 |
1 file changed, 22 insertions(+)
|
|
|
f3fc18 |
|
|
|
f3fc18 |
diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
|
|
|
f3fc18 |
index aaa7c2b9..5a132d8f 100644
|
|
|
f3fc18 |
--- a/plugins/ssh/ssh.c
|
|
|
f3fc18 |
+++ b/plugins/ssh/ssh.c
|
|
|
f3fc18 |
@@ -361,6 +361,28 @@ authenticate (struct ssh_handle *h)
|
|
|
f3fc18 |
if (rc == SSH_AUTH_SUCCESS) return 0;
|
|
|
f3fc18 |
}
|
|
|
f3fc18 |
|
|
|
f3fc18 |
+ /* All compatible methods were tried and none worked. Come up with
|
|
|
f3fc18 |
+ * an actionable diagnostic message if we recognise the problem.
|
|
|
f3fc18 |
+ */
|
|
|
f3fc18 |
+ if (!(method & SSH_AUTH_METHOD_PUBLICKEY) && password == NULL) {
|
|
|
f3fc18 |
+ nbdkit_error ("the server does not offer public key authentication; "
|
|
|
f3fc18 |
+ "try using the password=... parameter");
|
|
|
f3fc18 |
+ return -1;
|
|
|
f3fc18 |
+ }
|
|
|
f3fc18 |
+ if ((method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
|
|
|
f3fc18 |
+ nbdkit_error ("password authentication failed, "
|
|
|
f3fc18 |
+ "is the username and password correct?");
|
|
|
f3fc18 |
+ return -1;
|
|
|
f3fc18 |
+ }
|
|
|
f3fc18 |
+ if (!(method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
|
|
|
f3fc18 |
+ nbdkit_error ("the server does not offer password authentication "
|
|
|
f3fc18 |
+ "but you tried to use a password; if you have root access "
|
|
|
f3fc18 |
+ "to the server, try editing 'sshd_config' and setting "
|
|
|
f3fc18 |
+ "'PasswordAuthentication yes'; otherwise try setting up "
|
|
|
f3fc18 |
+ "public key authentication");
|
|
|
f3fc18 |
+ return -1;
|
|
|
f3fc18 |
+ }
|
|
|
f3fc18 |
+
|
|
|
f3fc18 |
nbdkit_error ("all possible authentication methods failed");
|
|
|
f3fc18 |
return -1;
|
|
|
f3fc18 |
}
|
|
|
f3fc18 |
--
|
|
|
f3fc18 |
2.31.1
|
|
|
f3fc18 |
|