Open samiponkanen opened 3 months ago
Change https://go.dev/cl/590956 mentions this issue: ssh: fail keyboard-interactive auth with unexpectedMessageError() when auth fails before receiving the UserAuthInfoRequest from server
CC @drakkan @golang/security via https://dev.golang.org/owners
Similar Issues
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
Go version
go version go1.22.3 linux/amd64
Output of
go env
in your module/workspace:What did you do?
It seems that Windows OpenSSH server behaves incorrectly w.r.t keyboard-interactive authentication:
When trying to connect to such host using a golang client that uses ssh.KeyboardInteractive() wrapped a into ssh.RetryableAuthMethod(), then ssh.RetryableAuthMethod() will retry ssh.KeyboardInteractive() even if the failure happens so early that password is never prompted from the user.
What did you see happen?
Running this test client against a Windows OpenSSH server (and assuming MaxAuthTries is 6) reveals that neither KeyboardInteractive nor PasswordCallback is called:
What did you expect to see?
Expected result is that PasswordCallback gets called: