SFTP keyboard-interactive authentication

Suspected Bug
1

What is the problem you are having with rclone?

Issue using sftp with keyboard-interactive authentication. The program does not give prompts for interactive session.

Run the command 'rclone version' and share the full output of the command.

rclone v1.59.0-beta.6065.27176cc6b

  • os/version: darwin 12.1 (64 bit)
  • os/kernel: 21.2.0 (x86_64)
  • os/type: darwin
  • os/arch: amd64
  • go/version: go1.18
  • go/linking: dynamic
  • go/tags: none

Which cloud storage system are you using? (eg Google Drive)

sftp to private server

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone copy -vvP --sftp-subsystem sftp-internal Terra:cal_solvated.log

The rclone config contents with secrets removed.

[Terra]
type = sftp
host = hostname
user = username
pass = mypassword

A log from the command with the -vv flag

2022/04/11 22:54:54 DEBUG : rclone: Version "v1.59.0-beta.6065.27176cc6b" starting with parameters ["./rclone" "copy" "-vvP" "--sftp-subsystem" "sftp-internal" "Terra:cal_solvated.log" "."]
2022/04/11 22:54:54 DEBUG : Creating backend with remote "Terra:cal_solvated.log"
2022/04/11 22:54:54 DEBUG : Using config file from "/Users/wandadmin/.config/rclone/rclone.conf"
2022/04/11 22:54:54 DEBUG : Terra: detected overridden config - adding "{vc3zw}" suffix to name
2022/04/11 22:54:58 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested
2022/04/11 22:55:00 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested
2022/04/11 22:55:01 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested
2022/04/11 22:55:02 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested
2022/04/11 22:55:04 DEBUG : sftp://usernamep@hostname:22/cal_solvated.log: keyboard interactive auth requested
2022/04/11 22:55:04 DEBUG : pacer: low level retry 1/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password keyboard-interactive], no supported methods remain)
2022/04/11 22:55:04 DEBUG : pacer: Rate limited, increasing sleep to 200ms
^C
2

I made some modifications to the sftp/sftp.go backend to try to resolve this problem myself. It seems as though the original code was written to send the password in the config as a response to each interactive question, if I am interpreting that right (Golang isn't my strongest).

Now I am able to get the appropriate interactive questions from the sever (a password request followed by a request to send a push notification to my phone), but It continously asks the questions over and over (successfully sending the push notifications and accepting the password)

If I run using my attempted fix, the following command

rclone copy -vvP --sftp-subsystem sftp-internal Terra:cal_solvated.log

I get

2022/04/11 23:06:41 DEBUG : rclone: Version "v1.59.0-beta.6066.b3dccf263.fix-sftp-keyboard-interactive" starting with parameters ["./rclone" "copy" "-vvP" "Terra:cal_solvated.log" "."]
2022/04/11 23:06:41 DEBUG : Creating backend with remote "Terra:cal_solvated.log"
2022/04/11 23:06:41 DEBUG : Using config file from "/Users/wandadmin/.config/rclone/rclone.conf"
2022/04/11 23:06:45 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested

Password: 
2022/04/11 23:06:56 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested

Duo two-factor login for username

Enter a passcode or select one of the following options:

 1. Duo Push to XXX-XXX-####
 2. Phone call to XXX-XXX-####

Passcode or option (1-2): 1
2022/04/11 23:07:02 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested

2022/04/11 23:07:02 DEBUG : sftp://username@hostname:22/cal_solvated.log: New connection 192.168.1.1.1:49971->192.168.1.1.2 to "SSH-2.0-OpenSSH_7.4"
2022/04/11 23:07:02 DEBUG : pacer: low level retry 1/10 (error couldn't initialise SFTP: ssh: unexpected packet in response to channel open: <nil>)
2022/04/11 23:07:02 DEBUG : pacer: Rate limited, increasing sleep to 200ms
2022/04/11 23:07:08 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested

Password: 
2022/04/11 23:07:18 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested

Duo two-factor login for username

Enter a passcode or select one of the following options:

 1. Duo Push to XXX-XXX-####
 2. Phone call to XXX-XXX-####

Passcode or option (1-2): 1
2022/04/11 23:07:23 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested

2022/04/11 23:07:23 DEBUG : sftp://username@hostname:22/cal_solvated.log: New connection 192.168.1.1.1:50010->192.168.1.1.2 to "SSH-2.0-OpenSSH_7.4"
2022/04/11 23:07:23 DEBUG : pacer: low level retry 2/10 (error couldn't initialise SFTP: ssh: unexpected packet in response to channel open: <nil>)
2022/04/11 23:07:23 DEBUG : pacer: Rate limited, increasing sleep to 400ms
2022/04/11 23:07:26 DEBUG : sftp://username@hostname:22/cal_solvated.log: keyboard interactive auth requested

Password:

Could there be a configuration error on the server end that is causing this issue?

3

Rclone will open more than one connection and I expect auth is needed for each one.

It uses --checkers connections for scanning the disk and --transfers connections for making transfers. I think there is a max connections option too for the sftp backend.

Maybe rclone should be making more sftp connections within the one SSH connection I'm not sure...

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.