Improve error message when PasswordAuthentication is set to 'no'

resolves: rhbz#2158300
2023-01-06 09:05:37 +00:00 · 2023-01-06 09:05:37 +00:00 · 8eb3bb554e
commit 8eb3bb554e
parent 4eabdba087
3 changed files with 106 additions and 3 deletions
--- a/0001-ssh-Remove-left-over-comment.patch
+++ b/0001-ssh-Remove-left-over-comment.patch
@ -0,0 +1,31 @@
+From e0e592775911ebe2178b04b4b20f95fea2f2fe9c Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 5 Jan 2023 16:05:33 +0000
+Subject: [PATCH] ssh: Remove left over comment
+
+This comment was left over from when I copied the libssh example code.
+It adds no value so remove it.
+
+(cherry picked from commit c93a8957efcc26652b31f5bc359dfd3c4019b4f8)
+---
+ plugins/ssh/ssh.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
+index 6cf40c26..aaa7c2b9 100644
+--- a/plugins/ssh/ssh.c
+++ b/plugins/ssh/ssh.c
+@@ -356,10 +356,6 @@ authenticate (struct ssh_handle *h)
+     if (rc == SSH_AUTH_SUCCESS) return 0;
+   }
+ 
+-  /* Example code tries keyboard-interactive here, but we cannot use
+-   * that method from a server.
+-   */
+-
+   if (password != NULL && (method & SSH_AUTH_METHOD_PASSWORD)) {
+     rc = authenticate_password (h->session, password);
+     if (rc == SSH_AUTH_SUCCESS) return 0;
+-- 
+2.31.1
+
--- a/0002-ssh-Improve-the-error-message-when-all-authenticatio.patch
+++ b/0002-ssh-Improve-the-error-message-when-all-authenticatio.patch
@ -0,0 +1,68 @@
+From 916f90972af60576591dea4a4f1d07e4dae6d9cf Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 5 Jan 2023 11:29:32 +0000
+Subject: [PATCH] ssh: Improve the error message when all authentication
+ methods fail
+
+The current error message:
+
+  nbdkit: ssh[1]: error: all possible authentication methods failed
+
+is confusing and non-actionable.  It's hard even for experts to
+understand the relationship between the authentication methods offered
+by a server and what we require.
+
+Try to improve the error message in some common situations, especially
+where password authentication on the server side is disabled but the
+client supplied a password=... parameter.  After this change, you will
+see an actionable error:
+
+  nbdkit: ssh[1]: error: the server does not offer password
+  authentication but you tried to use a password; if you have root
+  access to the server, try editing 'sshd_config' and setting
+  'PasswordAuthentication yes'; otherwise try setting up public key
+  authentication
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2158300
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit bea88cff5ac9c42f1a068ad24d43d5ed0506edaa)
+---
+ plugins/ssh/ssh.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
+index aaa7c2b9..5a132d8f 100644
+--- a/plugins/ssh/ssh.c
+++ b/plugins/ssh/ssh.c
+@@ -361,6 +361,28 @@ authenticate (struct ssh_handle *h)
+     if (rc == SSH_AUTH_SUCCESS) return 0;
+   }
+ 
+  /* All compatible methods were tried and none worked.  Come up with
+   * an actionable diagnostic message if we recognise the problem.
+   */
+  if (!(method & SSH_AUTH_METHOD_PUBLICKEY) && password == NULL) {
+    nbdkit_error ("the server does not offer public key authentication; "
+                  "try using the password=... parameter");
+    return -1;
+  }
+  if ((method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
+    nbdkit_error ("password authentication failed, "
+                  "is the username and password correct?");
+    return -1;
+  }
+  if (!(method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
+    nbdkit_error ("the server does not offer password authentication "
+                  "but you tried to use a password; if you have root access "
+                  "to the server, try editing 'sshd_config' and setting "
+                  "'PasswordAuthentication yes'; otherwise try setting up "
+                  "public key authentication");
+    return -1;
+  }
+
+   nbdkit_error ("all possible authentication methods failed");
+   return -1;
+ }
+-- 
+2.31.1
+
--- a/nbdkit.spec
+++ b/nbdkit.spec
@ -53,7 +53,7 @@ ExclusiveArch:  x86_64

 Name:           nbdkit
 Version:        1.32.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        NBD server

 License:        BSD
@ -77,7 +77,9 @@ Source3:        copy-patches.sh
 # Patches come from the upstream repository:
 # https://gitlab.com/nbdkit/nbdkit/-/commits/rhel-9.2/

-# (no patches)
+# Patches.
+Patch0001:     0001-ssh-Remove-left-over-comment.patch
+Patch0002:     0002-ssh-Improve-the-error-message-when-all-authenticatio.patch

 # For automatic RPM Provides generation.
 # See: https://rpm-software-management.github.io/rpm/manual/dependency_generators.html
@ -1196,10 +1198,12 @@ export LIBGUESTFS_TRACE=1


 %changelog
-* Tue Jan 03 2022 Richard W.M. Jones <rjones@redhat.com> - 1.32.5-1
+* Fri Jan 06 2022 Richard W.M. Jones <rjones@redhat.com> - 1.32.5-2
 - Rebase to new stable branch version 1.32.5
  resolves: rhbz#2135765
 - Move stats filter to new subpackage.
+- Improve error message when PasswordAuthentication is set to 'no'
+  resolves: rhbz#2158300

 * Tue Nov 29 2022 Richard W.M. Jones <rjones@redhat.com> - 1.30.8-2
 - Add support for VDDK 8.0.0