Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add keyboard-interactive auth method #61

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

add keyboard-interactive auth method #61

wants to merge 2 commits into from

Conversation

banuchka
Copy link

@banuchka banuchka commented Apr 9, 2020

ssh auth with only Password auth doesn't work for some server's platforms.
For example on Dell R520/620/720 where you can't use ssh key auth because of license.

@banuchka
add keyboard-interactive auth method
4e859bc 
add keyboard-interactive auth method to ssh plugin
@banuchka
put back logrus lock
e53940f
@gurevichmark
Copy link
Contributor

@banuchka
Thank you for the contribution. I do not have access to Dell machines.
Is there a way to test your changes on a different type of machine ?
Can you explain the problem in a little more detail ?

@banuchka
Copy link
Author

banuchka commented May 29, 2020
edited
Loading

From some point of time Dell deprecated support for their IDRAC only with password method(not only Dell i think because of security reasons). So if client use only password method we have no luck to get into IDRAC/mgm module, for example:

ssh -v -o PreferredAuthentications=password SOMEHOST -l root
...
debug1: Authentications that can continue: password
debug1: Next authentication method: password
root@SOMEHOST's password: <== asked for password here once
Authenticated with partial success. <==
debug1: Authentications that can continue: keyboard-interactive <==
debug1: No more authentication methods to try. <==
root@SOMEHOST: Permission denied (keyboard-interactive). <==

the reason is that the client limit it's methods only with password.

As soon as we just add support for keyboard-interactive method(we don't need to interact different with the host. For example we don't need to enter password interactive or answer questions etc), auth goes well:

ssh -v SOMEHOST -l root
debug1: Authentications that can continue: password
debug1: Next authentication method: password
root@SOMEHOST's password: <== asked for password here once
Authenticated with partial success.
debug1: Authentications that can continue: keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to SOMEHOST ([1.2.3.4]:22).
/admin1->

I've added support not only for password auth on client side for goconserver and after that I may use ssh auth for my nodes.

@gurevichmark hope I've explained problem, did I?

Maybe it may help someone who is having problems with the same type of issue.

Thanks

UPD: one more example from goconserver's log when trying to use passwd auth for IDRAC where password auth is restricted for security reasons
{"file":"github.com/xcat2/goconserver/plugins/sshcmd.go (92)","level":"error","msg":"ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain","node":"www2","time":"2020-06-15T21:4 4:12Z"}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@banuchka @gurevichmark