From 8eb3bb554e7bf971dc0ceab5de7cb85d9acdbac5 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Fri, 6 Jan 2023 09:05:37 +0000 Subject: [PATCH] Improve error message when PasswordAuthentication is set to 'no' resolves: rhbz#2158300 --- 0001-ssh-Remove-left-over-comment.patch | 31 +++++++++ ...error-message-when-all-authenticatio.patch | 68 +++++++++++++++++++ nbdkit.spec | 10 ++- 3 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 0001-ssh-Remove-left-over-comment.patch create mode 100644 0002-ssh-Improve-the-error-message-when-all-authenticatio.patch diff --git a/0001-ssh-Remove-left-over-comment.patch b/0001-ssh-Remove-left-over-comment.patch new file mode 100644 index 0000000..70ca28d --- /dev/null +++ b/0001-ssh-Remove-left-over-comment.patch @@ -0,0 +1,31 @@ +From e0e592775911ebe2178b04b4b20f95fea2f2fe9c Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Thu, 5 Jan 2023 16:05:33 +0000 +Subject: [PATCH] ssh: Remove left over comment + +This comment was left over from when I copied the libssh example code. +It adds no value so remove it. + +(cherry picked from commit c93a8957efcc26652b31f5bc359dfd3c4019b4f8) +--- + plugins/ssh/ssh.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c +index 6cf40c26..aaa7c2b9 100644 +--- a/plugins/ssh/ssh.c ++++ b/plugins/ssh/ssh.c +@@ -356,10 +356,6 @@ authenticate (struct ssh_handle *h) + if (rc == SSH_AUTH_SUCCESS) return 0; + } + +- /* Example code tries keyboard-interactive here, but we cannot use +- * that method from a server. +- */ +- + if (password != NULL && (method & SSH_AUTH_METHOD_PASSWORD)) { + rc = authenticate_password (h->session, password); + if (rc == SSH_AUTH_SUCCESS) return 0; +-- +2.31.1 + diff --git a/0002-ssh-Improve-the-error-message-when-all-authenticatio.patch b/0002-ssh-Improve-the-error-message-when-all-authenticatio.patch new file mode 100644 index 0000000..71ccb6a --- /dev/null +++ b/0002-ssh-Improve-the-error-message-when-all-authenticatio.patch @@ -0,0 +1,68 @@ +From 916f90972af60576591dea4a4f1d07e4dae6d9cf Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Thu, 5 Jan 2023 11:29:32 +0000 +Subject: [PATCH] ssh: Improve the error message when all authentication + methods fail + +The current error message: + + nbdkit: ssh[1]: error: all possible authentication methods failed + +is confusing and non-actionable. It's hard even for experts to +understand the relationship between the authentication methods offered +by a server and what we require. + +Try to improve the error message in some common situations, especially +where password authentication on the server side is disabled but the +client supplied a password=... parameter. After this change, you will +see an actionable error: + + nbdkit: ssh[1]: error: the server does not offer password + authentication but you tried to use a password; if you have root + access to the server, try editing 'sshd_config' and setting + 'PasswordAuthentication yes'; otherwise try setting up public key + authentication + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2158300 +Reviewed-by: Laszlo Ersek +(cherry picked from commit bea88cff5ac9c42f1a068ad24d43d5ed0506edaa) +--- + plugins/ssh/ssh.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c +index aaa7c2b9..5a132d8f 100644 +--- a/plugins/ssh/ssh.c ++++ b/plugins/ssh/ssh.c +@@ -361,6 +361,28 @@ authenticate (struct ssh_handle *h) + if (rc == SSH_AUTH_SUCCESS) return 0; + } + ++ /* All compatible methods were tried and none worked. Come up with ++ * an actionable diagnostic message if we recognise the problem. ++ */ ++ if (!(method & SSH_AUTH_METHOD_PUBLICKEY) && password == NULL) { ++ nbdkit_error ("the server does not offer public key authentication; " ++ "try using the password=... parameter"); ++ return -1; ++ } ++ if ((method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) { ++ nbdkit_error ("password authentication failed, " ++ "is the username and password correct?"); ++ return -1; ++ } ++ if (!(method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) { ++ nbdkit_error ("the server does not offer password authentication " ++ "but you tried to use a password; if you have root access " ++ "to the server, try editing 'sshd_config' and setting " ++ "'PasswordAuthentication yes'; otherwise try setting up " ++ "public key authentication"); ++ return -1; ++ } ++ + nbdkit_error ("all possible authentication methods failed"); + return -1; + } +-- +2.31.1 + diff --git a/nbdkit.spec b/nbdkit.spec index eeac3a1..c251b69 100644 --- a/nbdkit.spec +++ b/nbdkit.spec @@ -53,7 +53,7 @@ ExclusiveArch: x86_64 Name: nbdkit Version: 1.32.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: NBD server License: BSD @@ -77,7 +77,9 @@ Source3: copy-patches.sh # Patches come from the upstream repository: # https://gitlab.com/nbdkit/nbdkit/-/commits/rhel-9.2/ -# (no patches) +# Patches. +Patch0001: 0001-ssh-Remove-left-over-comment.patch +Patch0002: 0002-ssh-Improve-the-error-message-when-all-authenticatio.patch # For automatic RPM Provides generation. # See: https://rpm-software-management.github.io/rpm/manual/dependency_generators.html @@ -1196,10 +1198,12 @@ export LIBGUESTFS_TRACE=1 %changelog -* Tue Jan 03 2022 Richard W.M. Jones - 1.32.5-1 +* Fri Jan 06 2022 Richard W.M. Jones - 1.32.5-2 - Rebase to new stable branch version 1.32.5 resolves: rhbz#2135765 - Move stats filter to new subpackage. +- Improve error message when PasswordAuthentication is set to 'no' + resolves: rhbz#2158300 * Tue Nov 29 2022 Richard W.M. Jones - 1.30.8-2 - Add support for VDDK 8.0.0