69 lines
2.6 KiB
Diff
69 lines
2.6 KiB
Diff
From 916f90972af60576591dea4a4f1d07e4dae6d9cf Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Thu, 5 Jan 2023 11:29:32 +0000
|
|
Subject: [PATCH] ssh: Improve the error message when all authentication
|
|
methods fail
|
|
|
|
The current error message:
|
|
|
|
nbdkit: ssh[1]: error: all possible authentication methods failed
|
|
|
|
is confusing and non-actionable. It's hard even for experts to
|
|
understand the relationship between the authentication methods offered
|
|
by a server and what we require.
|
|
|
|
Try to improve the error message in some common situations, especially
|
|
where password authentication on the server side is disabled but the
|
|
client supplied a password=... parameter. After this change, you will
|
|
see an actionable error:
|
|
|
|
nbdkit: ssh[1]: error: the server does not offer password
|
|
authentication but you tried to use a password; if you have root
|
|
access to the server, try editing 'sshd_config' and setting
|
|
'PasswordAuthentication yes'; otherwise try setting up public key
|
|
authentication
|
|
|
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2158300
|
|
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
|
(cherry picked from commit bea88cff5ac9c42f1a068ad24d43d5ed0506edaa)
|
|
---
|
|
plugins/ssh/ssh.c | 22 ++++++++++++++++++++++
|
|
1 file changed, 22 insertions(+)
|
|
|
|
diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c
|
|
index aaa7c2b9..5a132d8f 100644
|
|
--- a/plugins/ssh/ssh.c
|
|
+++ b/plugins/ssh/ssh.c
|
|
@@ -361,6 +361,28 @@ authenticate (struct ssh_handle *h)
|
|
if (rc == SSH_AUTH_SUCCESS) return 0;
|
|
}
|
|
|
|
+ /* All compatible methods were tried and none worked. Come up with
|
|
+ * an actionable diagnostic message if we recognise the problem.
|
|
+ */
|
|
+ if (!(method & SSH_AUTH_METHOD_PUBLICKEY) && password == NULL) {
|
|
+ nbdkit_error ("the server does not offer public key authentication; "
|
|
+ "try using the password=... parameter");
|
|
+ return -1;
|
|
+ }
|
|
+ if ((method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
|
|
+ nbdkit_error ("password authentication failed, "
|
|
+ "is the username and password correct?");
|
|
+ return -1;
|
|
+ }
|
|
+ if (!(method & SSH_AUTH_METHOD_PASSWORD) && password != NULL) {
|
|
+ nbdkit_error ("the server does not offer password authentication "
|
|
+ "but you tried to use a password; if you have root access "
|
|
+ "to the server, try editing 'sshd_config' and setting "
|
|
+ "'PasswordAuthentication yes'; otherwise try setting up "
|
|
+ "public key authentication");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
nbdkit_error ("all possible authentication methods failed");
|
|
return -1;
|
|
}
|
|
--
|
|
2.31.1
|
|
|