All configured authentication methods failed when both privateKey and password

Describe the bug When setting up AuthenticationMethods publickey,password in sshd_config, All configured authentication methods failed error outcomes. I confirmed my password. Without that setting in ssh, worked well, also worked well connect through terminal sftp not vscode-sftp.

To Reproduce Steps to reproduce the behavior:

Setting up AuthenticationMethods publickey,password in /etc/ssh/sshd_config
Run command 'service ssh restart'

Setting up sftp.json

{
"protocol": "sftp",
"host": "server.example.com",
"port": 22,
"username": "****",
"remotePath": "remotePath",
"privateKeyPath": "/home/~~~/key.pem",
"uploadOnSave": true,
"password": "******"
}

View: Show SFTP or Upload or Download

Expected behavior I want to use ssh authentication methods both key and password, also in vscode-sftp

Desktop (please complete the following information):

OS: [Linux:ubuntu-16.04]
VSCode Version [1.28.2]
Extension Version [1.7.4]

Extension Logs - required

[info] config at /home/user/example {"remotePath":"/home/project/test/example","uploadOnSave":true,"downloadOnOpen":false,"ignore":[],"concurrency":4,"protocol":"sftp","connectTimeout":10000,"interactiveAuth":false,"secure":false,"passive":false,"remoteTimeOffsetInHours":0,"port":22,"host":"server.example.com","username":"******","privateKeyPath":"/home/user/Documents/key.pem","password":"******"}
[error] Error: [server.example.com]: All configured authentication methods failed
    at Client.client.on.on.err (/home/user/.vscode/extensions/liximomo.sftp-1.7.4/out/src/core/remote-client/sshClient.js:229:28)
    at emitOne (events.js:121:20)
    at Client.emit (events.js:211:7)
    at tryNextAuth (/home/user/.vscode/extensions/liximomo.sftp-1.7.4/node_modules/ssh2/lib/client.js:394:12)
    at SSH2Stream.onUSERAUTH_FAILURE (/home/user/.vscode/extensions/liximomo.sftp-1.7.4/node_modules/ssh2/lib/client.js:599:5)
    at emitTwo (events.js:126:13)
    at SSH2Stream.emit (events.js:214:7)
    at parsePacket (/home/user/.vscode/extensions/liximomo.sftp-1.7.4/node_modules/ssh2-streams/lib/ssh.js:3930:10)
    at SSH2Stream._transform (/home/user/.vscode/extensions/liximomo.sftp-1.7.4/node_modules/ssh2-streams/lib/ssh.js:671:13)
    at SSH2Stream.Transform._read (_stream_transform.js:186:10)
    at SSH2Stream._read (/home/user/.vscode/extensions/liximomo.sftp-1.7.4/node_modules/ssh2-streams/lib/ssh.js:253:15)
    at SSH2Stream.Transform._write (_stream_transform.js:174:12)
    at doWrite (_stream_writable.js:387:12)
    at writeOrBuffer (_stream_writable.js:373:5)
    at SSH2Stream.Writable.write (_stream_writable.js:290:11)
    at Socket.ondata (_stream_readable.js:639:20)
    at emitOne (events.js:116:13)
    at Socket.emit (events.js:211:7)
    at addChunk (_stream_readable.js:263:12)
    at readableAddChunk (_stream_readable.js:250:11)
    at Socket.Readable.push (_stream_readable.js:208:10)
    at TCP.onread (net.js:594:20)

That makes no sense, password and privateKeyPath should not be used at the same time

Today, I installed the package and had the same issue (MacBook Pro). However the error is not exactly about having both password and privateKeyPath at the same time, but to be able to use the plugin either using password or using a private key. Of course, the server has to be able to allow both, just to reproduce the issue.

As I mentioned, you can have both mechanisms activated on the remote end.

For example, I have a Raspberry Pi and I'm working on a domotics project on it. I can connect through SSH/SFTP either using password or using a private key. The private key is better, because you enter directly.

So, briefly, the plugin fails to connect using the password authentication when both authentication methods are setup in the destination host.:

{
    "name": "central-unit",
    "protocol": "sftp",
    "host": "192.168.1.37",
    "port": 22,
    "username": "pi",
    "password": "*******",
    "remotePath": "sources/domo",
    "uploadOnSave": true
}

The plugin outputs the error: [error] Error: [192.168.1.37]: All configured authentication methods failed

However, if you use this configuration:

{
    "name": "central-unit",
    "protocol": "sftp",
    "host": "192.168.1.37",
    "port": 22,
    "username": "pi",
    "remotePath": "sources/domo",
    "privateKeyPath": "/Users/jmcc/.ssh/id_rsa_code",
    "uploadOnSave": true
}

It works perfectly:

[info] [file-save] /Users/jmcc/sources/domo/src/storage.cpp
[info] local -> remote /Users/jmcc/sources/domo/src/storage.cpp

I tried with the original package and the debug one; both are having the same issue.

Thank you.

@elelement Check your password!

Hi. I'm pretty sure the password is ok. I've checked it more than twice and even copy-pasted it. It works.

The issue, IMHO is that, when both mechanisms are enabled in the destination host, when using password instead of private key, the client fails to connect.

Why? I think it is because:

It tries to read .ssh/config file. There's no such file, so it goes to the default /etc/ssh/sshd_config.
It then tries every private key in the .ssh directory.
It tries the first key and fails, because that key is not authorized. The plugin fails in this first attempt to autenticate.
Instead of cointinuing next authentication method or key, it exits before going to fallback mechanism: password.

Look at a normal ssh connection without using private key:

> $ ssh pi@192.168.1.37 -v
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 192.168.1.37 [192.168.1.37] port 22.
debug1: Connection established.
[...]
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Raspbian-5+deb8u4
debug1: match: OpenSSH_6.7p1 Raspbian-5+deb8u4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.37:22 as 'pi'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
[...]
SHA256:QhdjXrNBWAeore7ZDIEf67eCXziDhbO1k+q97WuHM8c
debug1: Will attempt key: /Users/jmcc/.ssh/id_dsa
debug1: Will attempt key: /Users/jmcc/.ssh/id_ecdsa
debug1: Will attempt key: /Users/jmcc/.ssh/id_ed25519
debug1: Will attempt key: /Users/jmcc/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/jmcc/.ssh/id_rsa RSA SHA256:QhdjXrNBWAeore7ZDIEf67eCXziDhbO1k+q97WuHM8c
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/jmcc/.ssh/id_dsa
debug1: Trying private key: /Users/jmcc/.ssh/id_ecdsa
debug1: Trying private key: /Users/jmcc/.ssh/id_ed25519
debug1: Trying private key: /Users/jmcc/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
Password:

As you can see, it tries everything before ending up asking for password. If I try with the correct private key, the flow is as follows:

> $ ssh -i /Users/jmcc/.ssh/id_rsa_code pi@192.168.1.37 -v
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 192.168.1.37 [192.168.1.37] port 22.
debug1: Connection established.
debug1: identity file /Users/jmcc/.ssh/id_rsa_code type 0
debug1: identity file /Users/jmcc/.ssh/id_rsa_code-cert type -1
[...]
debug1: Host '192.168.1.37' is known and matches the ECDSA host key.
debug1: Found key in /Users/jmcc/.ssh/known_hosts:25
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /Users/jmcc/.ssh/id_rsa_code RSA SHA256:ih2dYHNEN8gQeagm6fp6RkU8bW/7yjWMCLsyTfZ1m5I explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/jmcc/.ssh/id_rsa_code RSA SHA256:ih2dYHNEN8gQeagm6fp6RkU8bW/7yjWMCLsyTfZ1m5I explicit
debug1: Server accepts key: /Users/jmcc/.ssh/id_rsa_code RSA SHA256:ih2dYHNEN8gQeagm6fp6RkU8bW/7yjWMCLsyTfZ1m5I explicit
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.37 ([192.168.1.37]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = es_ES.UTF-8
debug1: Sending env LC_CTYPE = es_ES.UTF-8

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Dec 21 16:38:00 2018 from 192.168.1.42
pi@raspberrypi:~ $

The plugin should ignore private key errors and fallback to the password mechanism. When specifying a key, it should use the key, of course. And when specifying both, use first the key.

Thank you for your time!!

@elelement

Please provide Extension Logs from Startup

Open User Settings.
- On Windows/Linux - File > Preferences > Settings
- On macOS - Code > Preferences > Settings
Set sftp.debug to true and reload vscode.
Reproduce the problem, get the logs from View > Output > sftp.

I've attached the trace from a normal ssh login to be able to compare both login processes. In VSCode it is not clear enough why it fails (except for this: [debug] Client: password auth failed).

Using password:
- VSCode: https://pastebin.com/hBUKw0vy
- Shell output using ssh (for comparing): https://pastebin.com/KLRzJ3SA
Using a private key: https://pastebin.com/zfK28YAi

@elelement You should enable the ssh server side log.

I'm having a same problem, and here's a debug log;


[01-17 14:24:39] [debug] Outgoing: Writing DISCONNECT (BY_APPLICATION)
[01-17 14:24:39] [info] config at /Users/jin.hyon@ibm.com/Documents/Db2/WorkItem/wsdbu01429580_optimizer2 {"remotePath":"/home/jinhyon/wsdbu01429580","uploadOnSave":true,"downloadOnOpen":false,"ignore":[],"concurrency":4,"protocol":"sftp","connectTimeout":10000,"interactiveAuth":false,"secure":false,"remoteTimeOffsetInHours":0,"name":"My Server","host":"hotellnx113.torolab.ibm.com","username":"******","password":"******"}
[01-17 14:24:40] [debug] Outgoing: Writing CHANNEL_CLOSE (0)
[01-17 14:24:43] [trace] run command 'Sync Local To Remote'
[01-17 14:24:43] [trace] handle sync local ➞ remote for /Users/jin.hyon@ibm.com/Documents/Db2/WorkItem/wsdbu01429580_optimizer2
[01-17 14:24:43] [debug] Local ident: 'SSH-2.0-ssh2js0.4.5'
[01-17 14:24:43] [debug] Client: Trying hotellnx113.torolab.ibm.com on port 22 ...
[01-17 14:24:44] [debug] Client: Connected
[01-17 14:24:44] [debug] Remote ident: 'SSH-2.0-OpenSSH_6.6.1'
[01-17 14:24:44] [debug] Outgoing: Writing KEXINIT
[01-17 14:24:44] [debug] DEBUG: Comparing KEXINITs ...
[01-17 14:24:44] [debug] (local) KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
[01-17 14:24:44] [debug] (remote) KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[01-17 14:24:44] [debug] KEX algorithm: ecdh-sha2-nistp256
[01-17 14:24:44] [debug] (local) Host key formats: ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
[01-17 14:24:44] [debug] (remote) Host key formats: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
[01-17 14:24:44] [debug] Host key format: ssh-ed25519
[01-17 14:24:44] [debug] (local) Client->Server ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
[01-17 14:24:44] [debug] (remote) Client->Server ciphers: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
[01-17 14:24:44] [debug] Client->Server Cipher: aes128-ctr
[01-17 14:24:44] [debug] (local) Server->Client ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
[01-17 14:24:44] [debug] (remote) Server->Client ciphers: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
[01-17 14:24:44] [debug] Server->Client Cipher: aes128-ctr
[01-17 14:24:44] [debug] (local) Client->Server HMAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1
[01-17 14:24:44] [debug] (remote) Client->Server HMAC algorithms: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
[01-17 14:24:44] [debug] Client->Server HMAC algorithm: hmac-sha2-256
[01-17 14:24:44] [debug] (local) Server->Client HMAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1
[01-17 14:24:44] [debug] (remote) Server->Client HMAC algorithms: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
[01-17 14:24:44] [debug] Server->Client HMAC algorithm: hmac-sha2-256
[01-17 14:24:44] [debug] (local) Client->Server compression algorithms: none,zlib@openssh.com,zlib
[01-17 14:24:44] [debug] (remote) Client->Server compression algorithms: none,zlib@openssh.com
[01-17 14:24:44] [debug] Client->Server compression algorithm: none
[01-17 14:24:44] [debug] (local) Server->Client compression algorithms: none,zlib@openssh.com,zlib
[01-17 14:24:44] [debug] (remote) Server->Client compression algorithms: none,zlib@openssh.com
[01-17 14:24:44] [debug] Server->Client compression algorithm: none
[01-17 14:24:44] [debug] Outgoing: Writing KEXECDH_INIT
[01-17 14:24:44] [debug] DEBUG: Checking host key format
[01-17 14:24:44] [debug] DEBUG: Checking signature format
[01-17 14:24:44] [debug] DEBUG: Verifying host fingerprint
[01-17 14:24:44] [debug] DEBUG: Host accepted by default (no verification)
[01-17 14:24:44] [debug] DEBUG: Verifying signature
[01-17 14:24:44] [debug] Outgoing: Writing NEWKEYS
[01-17 14:24:44] [debug] Outgoing: Writing SERVICE_REQUEST (ssh-userauth)
[01-17 14:24:44] [debug] Outgoing: Writing USERAUTH_REQUEST (none)
[01-17 14:24:44] [debug] Client: none auth failed
[01-17 14:24:44] [debug] Outgoing: Writing USERAUTH_REQUEST (password)
[01-17 14:24:44] [debug] Client: password auth failed
[01-17 14:24:44] [debug] Outgoing: Writing DISCONNECT (BY_APPLICATION)
[01-17 14:24:44] [debug] Outgoing: Writing DISCONNECT (BY_APPLICATION)
[01-17 14:24:44] [debug] Outgoing: Writing DISCONNECT (BY_APPLICATION)
[01-17 14:24:44] [debug] Outgoing: Writing DISCONNECT (BY_APPLICATION)
[01-17 14:24:44] [error] Error: [hotellnx113.torolab.ibm.com]: All configured authentication methods failed
    at Client.<anonymous> (/Users/jin.hyon@ibm.com/.vscode/extensions/liximomo.sftp-1.12.9/dist/extension.js:70:107548)
    at Client.emit (events.js:205:15)
    at doNextAuth (/Users/jin.hyon@ibm.com/.vscode/extensions/liximomo.sftp-1.12.9/node_modules/ssh2/lib/client.js:415:12)
    at tryNextAuth (/Users/jin.hyon@ibm.com/.vscode/extensions/liximomo.sftp-1.12.9/node_modules/ssh2/lib/client.js:484:5)
    at SSH2Stream.onUSERAUTH_FAILURE (/Users/jin.hyon@ibm.com/.vscode/extensions/liximomo.sftp-1.12.9/node_modules/ssh2/lib/client.js:597:5)
    at SSH2Stream.emit (events.js:200:13)
    at parsePacket (/Users/jin.hyon@ibm.com/.vscode/extensions/liximomo.sftp-1.12.9/node_modules/ssh2-streams/lib/ssh.js:3772:10)
    at SSH2Stream._transform (/Users/jin.hyon@ibm.com/.vscode/extensions/liximomo.sftp-1.12.9/node_modules/ssh2-streams/lib/ssh.js:694:13)
    at SSH2Stream.Transform._read (_stream_transform.js:189:10)
    at SSH2Stream._read (/Users/jin.hyon@ibm.com/.vscode/extensions/liximomo.sftp-1.12.9/node_modules/ssh2-streams/lib/ssh.js:253:15)
    at SSH2Stream.Transform._write (_stream_transform.js:177:12)
    at doWrite (_stream_writable.js:417:12)
    at writeOrBuffer (_stream_writable.js:401:5)
    at SSH2Stream.Writable.write (_stream_writable.js:301:11)
    at Socket.ondata (_stream_readable.js:713:22)
    at Socket.emit (events.js:200:13)
    at addChunk (_stream_readable.js:294:12)
    at readableAddChunk (_stream_readable.js:275:11)
    at Socket.Readable.push (_stream_readable.js:210:10)
    at TCP.onStreamRead (internal/stream_base_commons.js:166:17) ```

I'm facing the same issue? any updates? thanks!

liximomo / vscode-sftp

All configured authentication methods failed when both privateKey and password #392