Closed baoyachi closed 10 months ago
openssh-sftp-client
only provides the sftp client and the ssh client is provided by openssh
.
I will transfer this issue to openssh
Transfer is done.
For openssh, the only way to use password authentication is to create the ssh multiplex master yourself and asks password from the user, then use Session::resume
or Session::resume_mux
to create a openssh::Session
.
Then you can spawn sftp session by simply calling Sftp::from_session
on the Session
you get.
Thx,I'm try it
Casued error: "kex_exchange_identification: connection closed by remote host"
@baoyachi Can you show me the code so that I can help you debug the problem?
I will send PR later to solve this issue.
@NobodyXu Currently, openssh supports username, and the password can be seen here. If possible, I can submit a PR.
openssh-extension: Based on openssh extension。
Currently, openssh only supports public key authentication methods. However, in certain specific scenarios, it may still be necessary to use user password for sftp login.
This repository is based on Openssh and extends support for sftp user password authentication.
@baoyachi I'm willing to accept a PR for this.
Regarding the opendal, isn't there already official support for sftp using openssh + openssh_sftp_client?
Yes, currently opendal does not support SFTP username and password login. Due to different dependencies, I have implemented compatibility. If this PR is merged by openssh, openssh-sftp-client,the latest version of openssh, openssh-sftp-client feature can be updated in the future of opendal
Thanks for explanation, I am willing to accpet PR for password login.
@baoyachi Reading your implementation for password login, I do found an issue: The password is passed via commandline.
This means that it can be discovered by looking at /proc/<pid>/cmdline
, which is very problematic.
I do find a solution that is called sshpass
which workarounds this by emulating a tty and pass the password.
I think we could do the same in openssh here.
Here's its main.c
:
Can we proceed in two steps?
The first step is that OpenSSH supports username and password.
Step 2: Transform the sshpass function.
@baoyachi Yes, I'm ok with the plan, but then we would have to add a warning to its doc first, and ideally I'd like step 2 to be done before next release is out.
@baoyachi Yes, I'm ok with the plan, but then we would have to add a warning to its doc first, and ideally I'd like step 2 to be done before next release is out.
I agree.
@baoyachi I've found pty-process
for creating pty for a subprocess and it can be used with tokio::proess
.
sshpass
implementation is pretty simple in principle: It reads from pty and search for "assword", once it is found the password will be written to the pty.
@NobodyXu pty-process build error on macos system.
@NobodyXu pty-process build error on macos system.
Can you report an error to upstream please?
I recommend just declaring this feature as explicitly unsupported. It is generally less secure, and once you have to hook into things to provide passwords on STDIN, it becomes a hassle to make sure you don't keep the password in memory for too long, etc. Besides, turning a password-based SSH host into a pubkey one is a one-time:
ssh-keygen
ssh-copy-id <target>
and that feels much much better than trying to force in password-every-time.
Is there have an example of connect on SFTP username and password?