Password authentication failure in Native SSH Client on Python 3.7

[JBonser]

Example Code to Reproduce

It appears that this code works perfectly (using the Paramiko SSH Client)

from __future__ import print_function

from pssh.clients.miko.parallel import ParallelSSHClient
import logging
logging.basicConfig(level=logging.DEBUG)

hosts = ['dnsname1.domain.com', 'dnsname2.domain.com']
client = ParallelSSHClient(hosts, user="root", password="password", port=26)

output = client.run_command('ls')
for host, host_output in output.items():
    for line in host_output.stdout:
        print(line)

If I change this code to use the Native version i.e.

from pssh.clients import ParallelSSHClient

Then the code no longer works and the output I get is this(Real IP's have been changed to "0.0.0.0"):

Stacktrace

python main.py
DEBUG:pssh.clients.native.parallel:Make client request for host 0.0.0.0, host in clients: False
DEBUG:pssh.clients.native.single:Connecting to 0.0.0.0:26
DEBUG:pssh.clients.native.single:Agent auth failed with ('No identities match for user %s', b'root'), continuing with other authentication methods
DEBUG:pssh.clients.native.single:Trying to authenticate with identity file /Users/jordanbonser/.ssh/id_rsa
DEBUG:pssh.clients.native.single:Authentication with identity file /Users/jordanbonser/.ssh/id_rsa failed, continuing with other identities
DEBUG:pssh.clients.native.single:Trying to authenticate with identity file /Users/jordanbonser/.ssh/id_dsa
DEBUG:pssh.clients.native.single:Authentication with identity file /Users/jordanbonser/.ssh/id_dsa failed, continuing with other identities
DEBUG:pssh.clients.native.single:Private key auth failed, trying password
ERROR:pssh.clients.native.parallel:Failed to run on host 0.0.0.0 - ('Authentication error while connecting to %s:%s - %s', '0.0.0.0', 26, AuthenticationException('Password authentication failed'))
Traceback (most recent call last):
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/single.py", line 256, in auth
    self._identity_auth()
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/single.py", line 238, in _identity_auth
    raise AuthenticationException("No authentication methods succeeded")
pssh.exceptions.AuthenticationException: No authentication methods succeeded

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/single.py", line 265, in _password_auth
    self.session.userauth_password(self.user, self.password)
  File "ssh2/session.pyx", line 266, in ssh2.session.Session.userauth_password
  File "ssh2/utils.pyx", line 131, in ssh2.utils.handle_error_codes
ssh2.exceptions.AuthenticationError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/single.py", line 174, in _init
    self.auth()
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/single.py", line 261, in auth
    self._password_auth()
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/single.py", line 267, in _password_auth
    raise AuthenticationException("Password authentication failed")
pssh.exceptions.AuthenticationException: Password authentication failed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "main.py", line 10, in <module>
    output = client.run_command('ls')
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/parallel.py", line 220, in run_command
    greenlet_timeout=greenlet_timeout)
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/base_pssh.py", line 96, in run_command
    self.get_output(cmd, output, timeout=greenlet_timeout)
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/base_pssh.py", line 141, in get_output
    (channel, host, stdout, stderr, stdin) = cmd.get(timeout=timeout)
  File "src/gevent/greenlet.py", line 659, in gevent._greenlet.Greenlet.get
  File "src/gevent/greenlet.py", line 312, in gevent._greenlet.Greenlet._raise_exception
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/gevent/_compat.py", line 47, in reraise
    raise value.with_traceback(tb)
  File "src/gevent/greenlet.py", line 716, in gevent._greenlet.Greenlet.run
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/parallel.py", line 234, in _run_command
    raise ex
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/parallel.py", line 227, in _run_command
    self._make_ssh_client(host)
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/parallel.py", line 382, in _make_ssh_client
    proxy_host=proxy_host, _auth_thread_pool=auth_thread_pool)
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/single.py", line 126, in __init__
    THREAD_POOL.apply(self._init)
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/gevent/pool.py", line 159, in apply
    return self.spawn(func, *args, **kwds).get()
  File "src/gevent/event.py", line 381, in gevent._event.AsyncResult.get
  File "src/gevent/event.py", line 409, in gevent._event.AsyncResult.get
  File "src/gevent/event.py", line 399, in gevent._event.AsyncResult.get
  File "src/gevent/event.py", line 379, in gevent._event.AsyncResult._raise_exception
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/gevent/_compat.py", line 47, in reraise
    raise value.with_traceback(tb)
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/gevent/threadpool.py", line 281, in _worker
    value = func(*args, **kwargs)
  File "/Users/jordanbonser/Documents/health-check/env/lib/python3.7/site-packages/pssh/clients/native/single.py", line 179, in _init
    raise AuthenticationException(msg, self.host, self.port, ex)
pssh.exceptions.AuthenticationException: ('Authentication error while connecting to %s:%s - %s', '0.0.0.0', 26, AuthenticationException('Password authentication failed'))

Behaviour

Expected

I expected the Native Client to Connect using the correct password on the port I specified.

Actual

An Authentication Exception was thrown. If I use a user that uses port 22 and the correct password the Native Client does work as expected. If I use the Paramiko Client and the port 26 user with the correct password it also works as expected. So it seems that this is specifically an issue with the Native Client but only when specifying a non default port.

Additional info

Python 3.7 pip freeze shows: asn1crypto==0.24.0 bcrypt==3.1.4 cffi==1.11.5 cryptography==2.3.1 gevent==1.3.6 greenlet==0.4.15 idna==2.7 parallel-ssh==1.8.1 paramiko==2.4.2 pyasn1==0.4.4 pycparser==2.19 PyNaCl==1.2.1 six==1.11.0 ssh2-python==0.15.0.post9

[pkittenis]

Hi there,

Thanks for the interest and detailed report.

There have been other reports on the mailing list of password auth not working on Python 3.7 and I am inclined to believe this is an issue with Python 3.7 specifically.

Login on non-default port does work for the native client - all integration tests use non-default port - and password auth is also integration tested but currently tests are not run on Python 3.7 due to lack of Travis-CI target for it. So there may be issues there that have not been identified. The exceptions and logs also show the client connecting to correct port. - ('Authentication error while connecting to %s:%s - %s', '0.0.0.0', 26

Would it be possible to test with any version of Python other than 3.7 to confirm? That would help narrow the issue down.

[pkittenis]

Cannot replicate.

ParallelSSHClient(hosts, user="root"
<..>

Check the SSH server config and logs. Root logins normally do not allow password authentication.

Can re-open if it can be shown that the following /etc/ssh/sshd_config config entry exists:

PermitRootLogin yes

As opposed to:

PermitRootLogin prohibit-password

Which is the default when root logins are enabled.

[Rahul-RB]

Hi,

This issue is same as #155 .

• I have checked the sshd_config on the host I was accessing and the value PermitRootLogin is as:

PermitRootLogin yes

Edit 1:

• Also, I think it's not Python version dependent. I'm running Python 3.6.7 .

Edit 2:

• I tried root login to another host with native ParallelSSHClient and it worked flawlessly. Does this mean the earlier host I was using is at problem? If yes, how is Paramiko client able to handle it while native cannot.

So, I would like this issue to be reopened. Also, since #155 is same, so that may be closed.

[comperem]

I'm getting the same error as well with Python 3.6.0.

sshd_config has PermitRootLogin=yes. Regardless, I'm neither using root nor using a different port. The Python was compiled from source.

It's a Rasperry Pi with Stretch so it's Raspbian 9 which is Debian based. ssh keys are configured for password-less login with the username ( pi@localhost ) being used with parallessh.

The simple example on the parallelssh front page (https://github.com/ParallelSSH/parallel-ssh) fails with this error: raise AuthenticationException("No authentication methods succeeded") pssh.exceptions.AuthenticationException: No authentication methods succeeded

from example, the only change was: hosts = ['localhost', 'localhost']

ssh version: OpenSSH_7.4p1 Raspbian-10+deb9u6, OpenSSL 1.0.2r 26 Feb 2019 sshd version: OpenSSH_7.4p1 Raspbian-10+deb9u6, OpenSSL 1.0.2r 26 Feb 2019

auth log indicates:

May  3 00:11:14 iceCold sshd[1686]: Received disconnect from 127.0.0.1 port 60068:11: end [preauth]
May  3 00:11:14 iceCold sshd[1686]: Disconnected from 127.0.0.1 port 60068 [preauth]
May  3 00:11:20 iceCold sshd[1689]: Received disconnect from 127.0.0.1 port 60082:11: end [preauth]
May  3 00:11:20 iceCold sshd[1689]: Disconnected from 127.0.0.1 port 60082 [preauth]
May  3 00:11:25 iceCold sshd[1695]: Connection closed by 127.0.0.1 port 60092 [preauth]

No workeeee.

Any solutions??? What else would help???

[estevopaz]

Same problem here after upgrade to python3.8 in my Debian servers, it worked with 3.7 and gevent 1.4:

Package                  Version
------------------------ ------------
gevent                   20.6.2
greenlet                 0.4.16
parallel-ssh             1.9.1
paramiko                 2.6.0
python                   3.8.4
ssh2-python              0.18.0.post1

With native client from pssh.clients import ParallelSSHClient:

pssh.exceptions.AuthenticationException: ('Authentication error while connecting to %s:%s - %s', '10.9.0.1', 22, AuthenticationException('No authentication methods succeeded'))

With miko client from pssh.clients.miko import ParallelSSHClient:

2020-07-23 09:14:30.491 : INFO : paramiko.transport : Connected (version 2.0, client OpenSSH_8.3p1)
2020-07-23 09:14:30.492 : INFO : paramiko.transport : Connected (version 2.0, client OpenSSH_8.3p1)
(...)
2020-07-23 09:14:30.613 : INFO : paramiko.transport : Authentication (publickey) successful!
2020-07-23 09:14:30.672 : INFO : paramiko.transport : Authentication (publickey) successful!
(...)

Thanks a lot in advance for your time ;)

[pkittenis]

See https://github.com/ParallelSSH/parallel-ssh/issues/155#issuecomment-753508156