search

mwarning / trigger

Android app to lock/unlock/ring doors. Supports generic HTTPS/SSH/Bluetooth/MQTT and Nuki Smartlock.
GNU General Public License v3.0
130 stars 22 forks source link

SSH authentication with pubkey and password #56

Closed CantBelieveThisWorks closed 3 years ago

CantBelieveThisWorks commented 3 years ago

Hello, I have set up my sshd_config on the target system using the following commands:

PubkeyAuthentication yes
PasswordAuthentication yes
AuthenticationMethods publickey,password

As such both the publickey has to be an authorized key, as well as the password of the user account has to match. Unfortunately, this combination did not work for me in the app. When a password is set the pubkey is not used, and when the password field is left blank, the key is used but obviously the password is missing. Expected behaviour with a key pair set and a password set would be to use both, rather than only one depending on the state of the password field. version tried was 3.3.1

mwarning commented 3 years ago

Afaik, there is no way for SSH to be able to use a password and public key authentication a public key for authentication. As such, Trigger uses the password OR the public key pair (depending on which is set).

CantBelieveThisWorks commented 3 years ago

This feature was added to OpenSSH a while back, see here:https://systemoverlord.com/2018/03/03/openssh-two-factor-authentication-but-not-service-accounts.html

kulak commented 3 years ago

password applies to private key, not public key and thus request title is misleading

mwarning commented 3 years ago

@kulak this is not about password encrypted keys which I think is what you are referring to. :-)

mwarning commented 3 years ago

Fixed here: https://github.com/mwarning/trigger/commit/5ca5cf9ff7de467dc0e2452443af67184042b2e6

CantBelieveThisWorks commented 2 years ago

Thanks for the quick fix! However, I noticed that SSH auth is, at least for me, broken since 3.3.1. I will open a separate issue for this.