Connecting with Password AND Private Key File using SftpClient

Mar 20, 2014 at 3:36 PM
Hello, I am using lib and it works great for sftpclient connections either with password or privatekeyfile. I have a situation where the host requires a password AND a private key file. What's more they require a certain order during connection - user, key file, password.

I am able to connect to their SFTP site using Filezilla for example, but not using the lib. There is no signature to connect using both.

I understand that this is unusual.

If someone can shed some light on this situation, I would much appreciate it!

Mar 20, 2014 at 3:56 PM
Not sure if it works, but maybe you can use the generic SshClient with ConnectionInfo.
            var coninfo = new ConnectionInfo("", "peter", new PasswordAuthenticationMethod("peter", "peter"),
                new PrivateKeyAuthenticationMethod("peter", new PrivateKeyFile("foo.key")));
            var client = new SshClient(coninfo);
Mar 20, 2014 at 4:09 PM
Good, thought, I missed that signature. Unfortunately it didn't work... here's the error:
    A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected 
    host has failed to respond ...
Mar 20, 2014 at 4:36 PM
Hm, looks like they have this in their config:
AuthenticationMethods pubkey,password 
So user have to auth with a valid pubkey and password.
A "quite new" feature of SSH from march last year, I don't think it is part of the SSH.Net yet.

I think you have to wait for a developer to help you with that.
Mar 20, 2014 at 4:38 PM
Ignore my previous post - it worked! I had a wrong port..

thanks again!
Mar 20, 2014 at 4:53 PM
ah! awesome! good to know for me too! :)
Mar 20, 2014 at 5:25 PM
I just tried it with following line in my sshd_config:
AuthenticationMethods password,password
So I have to enter the password twice. Which is totally valid.

Works fine with Putty or openssh, but fails with SSH.Net.
SSH.Net tries to be clever and counts/filters allowed auths vs. tried auths.
Which why it ignores the PartialSuccess-Message of the first password attempt.

following diffs fixes this:
--- a/Renci.SshNet/ConnectionInfo.cs
+++ b/Renci.SshNet/ConnectionInfo.cs
@@ -411,7 +411,7 @@ public bool Authenticate(Session session)
             while (authenticated != AuthenticationResult.Success)
                 // Find first authentication method
-                var method = this.AuthenticationMethods.Where((a) => allowedAuthentications.Contains(a.Name) && !triedAuthentications.Contains(a.Name)).FirstOrDefault();
+                var method = this.AuthenticationMethods.Where((a) => allowedAuthentications.Contains(a.Name)).FirstOrDefault();
                 if (method == null)
                     throw new SshAuthenticationException("No suitable authentication method found to complete authentication.");

@@ -419,7 +419,7 @@ public bool Authenticate(Session session)

                 authenticated = method.Authenticate(session);

-                if (authenticated == AuthenticationResult.PartialSuccess || (method.AllowedAuthentications != null && method.AllowedAuthentications.Count() < allowedAuthentications.Count()))
+                if (authenticated == AuthenticationResult.PartialSuccess || (method.AllowedAuthentications != null))
                     // If further authentication is required then continue to try another method
                     allowedAuthentications = method.AllowedAuthentications;
@@ -427,7 +427,7 @@ public bool Authenticate(Session session)

                 // If authentication Fail, and all the authentication have been tried.
-                if (authenticated == AuthenticationResult.Failure && (triedAuthentications.Count() == allowedAuthentications.Count()))
+                if (authenticated == AuthenticationResult.Failure)
I will open an issue.
Mar 20, 2014 at 7:37 PM
On a related note, using "SftpClient(host, port, user, password)" signature doesn't work for certain hosts, but used to work with the Tamir.SharpSsh lib.

I get back "Bad packet length 3217085959" message on connect.

Do I need to do something special for password authentications that I am not doing?

Mar 20, 2014 at 8:05 PM
What does certain hosts mean? Do they differ from others?
There is nothing special needed i know of.
Mar 20, 2014 at 8:36 PM
It works if I connect to some hosts with user/password, but not others. I can't list them here unfortunately...
Mar 21, 2014 at 10:25 AM
But you can give some informations about the servers?
Like OS, SSH Version etc.

Maybe this can give us a hint how they differ.
May 7, 2014 at 8:08 PM
This issue was fixed in changeset 34957:
Marked as answer by drieseng on 5/7/2014 at 1:08 PM