freeid2010 / macfuse

Automatically exported from code.google.com/p/macfuse
0 stars 0 forks source link

sshfs doesn't connect to ssh servers that disable password authentication #324

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Set up your local SSH authentication daemon so that "ssh remotehost"
works without prompting for a password, where "remotehost" is some remote
SSH server that disables plaintext password authentication
2. Try to use SSHFS to mount remotehost

What is the expected output? What do you see instead?

The expected behavior is for the SSHFS mount to succeed. Instead, after being
prompted for a password (which I shouldn't be prompted for) I see nothing.
If I run sshfs from the command line, I see an error that the remote server
has dropped the connection.

What version of the product are you using? On what operating system?

SSHFS 1.0.0 on Mac OSX 10.4.11
SSHAgent 1.1 with all relevant key identities active

Please provide any additional information below.

SSHFS mounts to remote SSH servers that permit password authentication do
succeed. So it appears that sshfs doesn't know how to use the local SSH
authentication daemon, but always prompts for a password and tries to use it.

Original issue reported on code.google.com by karn%ka9...@gtempaccount.com on 30 Jan 2008 at 12:38

GoogleCodeExporter commented 8 years ago
http://code.google.com/p/macfuse/wiki/FAQ

Q3.4

SSHFS.app is an unsupported, demo GUI wrapper that is, well, *not supported*. 
Use the command-line version if 
you need more control.

Original comment by si...@gmail.com on 30 Jan 2008 at 7:01

GoogleCodeExporter commented 8 years ago
I *tried* executing sshfs.app/Contents/Resources/sshfs-static from the command 
line,
with various debug options to try to see what's going on. All I get is "remote 
host
has disconnected". Because things work fine with servers that allow password
authentication I am pretty confident that's the problem, but I sure can't seem 
to get
much information out of sshfs.

I suspect a lot of people would like to run their SSH servers as I do, with 
plaintext
passwords disabled, given the prevalence of password guessing attacks.

Original comment by karn%ka9...@gtempaccount.com on 31 Jan 2008 at 3:23

GoogleCodeExporter commented 8 years ago
Which debug options did you try? Did you try "-o sshfs_debug"?

Original comment by si...@gmail.com on 31 Jan 2008 at 4:18

GoogleCodeExporter commented 8 years ago
Ah, never mind. The problem turned out to be that the sftp subsystems were 
broken on
the SSH servers in question. The lack of any meaningful error messages from 
sshfs,
even when executed from the command line, didn't exactly make it easy to find 
this
problem.

Also, when SSH is set up to use public key authentication, sshfs pops up a 
password
prompt that will be used as the passphrase to unlock the local secret key, even 
if
the local authentication agent already has the necessary key unlocked. If this 
fails,
and the remote SSH server issues a password prompt, sshfs pop up another 
password
prompt -- identical to the first -- that will be passed onto the server. You are
never quite sure what is being asked.

Original comment by karn%ka9...@gtempaccount.com on 31 Jan 2008 at 4:20

GoogleCodeExporter commented 8 years ago
I've given -o sshfs_debug a try. It usually says "Server version: 3" -- the 
remote
sftp version? I did manage to get a SSH error message on occasion, so that 
appears to
put me on the right track. More importantly, things seem to mount successfully 
now
that I've fixed sftp on my servers and know which passwords/passphrases to 
enter into
the dialog boxes.

Thanks.

Original comment by karn%ka9...@gtempaccount.com on 31 Jan 2008 at 4:28