[Libguestfs] [PATCH nbdkit] ssh: Improve the error message when all authentication methods fail

The current error message: nbdkit: ssh[1]: error: all possible authentication methods failed is confusing and non-actionable. It's hard even for experts to understand the relationship between the authentication methods offered by a server and what we require. Try to improve the error message in some common situations, especially where password authentication on the server side is disabled but the client supplied a password=... parameter. After this change, you will see an actionable error: nbdkit: ssh[1]: error: the server does not offer password authentication, but you tried to use a password; if you have root access to the server, try editing 'sshd_config' and setting 'PasswordAuthentication yes'; otherwise try using an SSH agent with a passphrase Also remove an incidental comment left over when I copied the libssh example code. See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2158300 --- plugins/ssh/ssh.c | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/plugins/ssh/ssh.c b/plugins/ssh/ssh.c index 6cf40c26f..23c0b46f9 100644 --- a/plugins/ssh/ssh.c +++ b/plugins/ssh/ssh.c @@ -355,14 +355,35 @@ authenticate (struct ssh_handle *h) rc = authenticate_pubkey (h->session); if (rc == SSH_AUTH_SUCCESS) return 0; } + else if (password == NULL) { + /* Because the password method below requires a password, we know + * that it will fail, so print an actionable error message and + * bail now. + */ + nbdkit_error ("the server does not offer SSH agent authentication; " + "try using a password=... parameter, see the " + "nbdkit-ssh-plugin(1) manual page"); + return -1; + } - /* Example code tries keyboard-interactive here, but we cannot use - * that method from a server. - */ - - if (password != NULL && (method & SSH_AUTH_METHOD_PASSWORD)) { - rc = authenticate_password (h->session, password); - if (rc == SSH_AUTH_SUCCESS) return 0; + if (password != NULL) { + if (method & SSH_AUTH_METHOD_PASSWORD) { + rc = authenticate_password (h->session, password); + if (rc == SSH_AUTH_SUCCESS) return 0; + else { + nbdkit_error ("password authentication failed, " + "is the username and password correct?"); + return -1; + } + } + else { + nbdkit_error ("the server does not offer password authentication, " + "but you tried to use a password; if you have root access " + "to the server, try editing 'sshd_config' and setting " + "'PasswordAuthentication yes'; otherwise try using " + "an SSH agent with a passphrase"); + return -1; + } } nbdkit_error ("all possible authentication methods failed"); -- 2.37.3