As you probably know, it is possible to have 2FA for SSH/SFTP connections, so a client is additionally prompted with a 2FA/OTP code (aside from the "usual" password/key).
To make it less annoying, one can use ControlMaster feature, so only the very first connection would be prompted with entering the 2FA code, and all the consequent connections will just use the "cached" socket.
Here's an example of an SSH config entry for such a host:
Host some
HostName some.example.com
IdentityFile ~/.ssh/some
User somebody
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p # that socket thing
ControlPersist 10m
But is it possible to configure a remote in rclone to use that socket thing too? Or somehow tell rclone to use the SSH config (~/.ssh/config
) instead of its own remotes config? Otherwise, one cannot(?) work with such SFTP hosts, as rclone errors out like this:
NewFs: couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
I've been using rclone to transfer files to/from this SFTP host just fine until administration has enabled 2FA on this server (and disabling it is not an option, unfortunately).
My current rclone remote config for this host:
[some]
type = sftp
host = some.example.com
user = somebody
key_file = ~/.ssh/some
md5sum_command = md5sum
sha1sum_command = sha1sum
shell_type = unix
Version:
$ rclone --version
rclone v1.68.2
- os/version: darwin 14.7.2 (64 bit)
- os/kernel: 23.6.0 (arm64)
- os/type: darwin
- os/arch: arm64 (ARMv8 compatible)
- go/version: go1.23.3
- go/linking: dynamic
- go/tags: none
The -vv
output:
$ rclone lsd some: -vv
2025/01/03 17:50:52 DEBUG : rclone: Version "v1.68.2" starting with parameters ["rclone" "lsd" "some:" "-vv"]
2025/01/03 17:50:52 DEBUG : Creating backend with remote "some:"
2025/01/03 17:50:52 DEBUG : Using config file from "/Users/USERNAME/.config/rclone/rclone.conf"
2025/01/03 17:50:53 DEBUG : pacer: low level retry 1/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain)
2025/01/03 17:50:53 DEBUG : pacer: Rate limited, increasing sleep to 200ms
2025/01/03 17:50:53 DEBUG : pacer: low level retry 2/10 (error couldn't connect SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain)
...