search

Gallopsled / pwntools

CTF framework and exploit development library
http://pwntools.com
Other
11.69k stars 1.67k forks source link

SSHException("No authentication methods available") #2380

Closed George-TL closed 3 weeks ago

George-TL commented 3 months ago

I'm trying to use pwn in the following CTF: ssh -v lucky@misc.challenges.qctf.ca

From ssh@bash I can connect without any issues. Server do not asks for any password and runs challange straight away.

This line is interesting Authenticated to misc.challenges.qctf.ca ([45.63.2.192]:22) using "none".

But in python: ssh_conn = pwn.tubes.ssh.ssh(user = 'lucky', host = 'misc.challenges.qctf.ca')

I'm getting following error message: raise SSHException("No authentication methods available") paramiko.ssh_exception.SSHException: No authentication methods available

Additional read: https://stackoverflow.com/a/71750537

I've dig through pwnlib documentation and didn't find any solution. If there is a way to interact with such service then please point me to the right direction.

Arusekk commented 3 months ago

This is most likely a bug in paramiko, not pwntools. Please see if updating paramiko helps, if not, please file your report there.

peace-maker commented 3 months ago

This seems to work

diff --git a/pwnlib/tubes/ssh.py b/pwnlib/tubes/ssh.py
index 53b8be0d..ab481650 100644
--- a/pwnlib/tubes/ssh.py
+++ b/pwnlib/tubes/ssh.py
@@ -674,6 +674,11 @@ class ssh(Timeout, Logger):
                            "    To remove the existing entry from your known_hosts and trust the new key, run the following co>
                            "        $ ssh-keygen -R %(host)s\n"
                            "        $ ssh-keygen -R [%(host)s]:%(port)s" % locals())
+            except paramiko.SSHException as e:
+                if str(e) == "No authentication methods available":
+                    self.client.get_transport().auth_none(user)
+                else:
+                    raise

             self.transport = self.client.get_transport()
             self.transport.use_compression(True)

with 

from pwn import *
io = ssh('lucky', 'misc.challenges.qctf.ca', raw=True)
io.interactive()

I don't think this is a commonly used "authentication" service which gets added to paramiko's SSHClient, so I'd be fine with adding this along with a new parameter like auth_none=False to tubes.ssh?

George-TL commented 3 months ago

I can confirm that above patch works fine under Python/3.11.8 and pwntools/4.12.0. Thank you!