[ssh/sftp] failure to do password auth with paramiko when server only supports 'keyboard-interactive'

Expected behaviour should have been to prompt for the authentication password. Then use the password to access the remote branch via sftp.

I am having the same problem.

I've installed from bzr-2.0.0-2-setup.exe file (downloaded today) and using both the TortoiseBzr or the bzr from command line I am unable to push/checkout/branch items from sftp sources. I get the error as shown below.

Connected (version 2.0, client OpenSSH_5.2)
bzr: ERROR: Connection error: Unable to authenticate to SSH host as user@host
supported auth types: ['publickey', 'keyboard-interactive']

Expected behaviour is same as above. TortoiseBzr & bzr cmdline show prompt for password.

I just downloaded the bzr-1.18.1-1-setup.exe, I uninstalled my bzr 2.0.

I created a test bzr repo and attempted to push to a server and am having the same problem. It errors out as shown below:

bzr: ERROR: Connection error: Unable to authenticate to SSH host as
  user@host
supported auth types: ['publickey', 'keyboard-interactive']

Again, the expected behaviour is for TortoiseBzr to prompt me for the password.

I removed bzr-1.18 and installed from bzr-1.17.2 and push/pull to sftp host works as expected - It prompts for a password.

Maybe this is caused by using putty rather than paramiko?

Does setting the environment variable BZR_SSH=paramiko fix it?

--
Martin <http://launchpad.net/~mbp/>

Not sure if I'm doing this right! But I tried this.

C:\wamp\www\sqfw-bzr>set BZR_SSH=paramiko

C:\wamp\www\sqfw-bzr>bzr push sftp://root@host//data/vcs/bzr/sqfw
Connected (version 2.0, client OpenSSH_5.2)
bzr: ERROR: Connection error: Unable to authenticate to SSH host as
  <email address hidden>
supported auth types: ['publickey', 'keyboard-interactive']

And I got the same error.

I found this error, maybe it relates to our problem here.. https://bugs.launchpad.net/bzr/+bug/414743

I also read in this https://bugs.launchpad.net/bzr/+bug/257322 that someone mentions having paramiko in the path. I don't see this program installed on my computer. Is this something that is packaged in the library files that comes with Bazaar or something I should be installing on my own?

Could you please paste the section of bzr.log containing the traceback
from the error?
--
Martin <http://launchpad.net/~mbp/>

I'd love to.. I've been digging around looking for the bzr log file and haven't found it yet. Sorry, I'm -real- new to Bazaar. I'm just now trying it for the first time. So, maybe you could tell me where the log file is? Or is there some specific command line arg I need for it to create a log?

bzr --version reports the location of the log file. On unix-like platforms, it's stored in ~/.bzr.log

Thanks.. On Vista - It apparently goes into the Users Documents folder.

-------------------------

C:\wamp\www\test>set BZR_SSH=paramiko

C:\wamp\www\test>bzr push --create-prefix sftp://<email address hidden>/tmp/bzr
Connected (version 2.0, client OpenSSH_5.2)
bzr: ERROR: Connection error: Unable to authenticate to SSH host as
  <email address hidden>
supported auth types: ['publickey', 'keyboard-interactive']

----------------------

Mon 2009-09-28 10:09:00 -0500
0.066 bzr arguments: [u'push', u'--create-prefix', u'sftp://root@host/tmp/bzr']
0.072 looking for plugins in C:/Users/username/AppData/Roaming/bazaar/2.0/plugins
0.072 looking for plugins in C:/Program Files/Bazaar/plugins
0.224 encoding stdout as sys.stdout encoding 'cp437'
0.269 opening working tree 'C:/wamp/www/test'
1.061 bzr-svn: using Subversion 1.5.6 ()
1.133 failed to load system host keys: [Errno 2] No such file or directory: 'U:\\/.ssh/known_hosts'
[ 5668] 2009-09-28 10:09:02.160 INFO: Connected (version 2.0, client OpenSSH_5.2)
6.112 Traceback (most recent call last):
  File "bzrlib\commands.pyo", line 842, in exception_to_return_code
  File "bzrlib\commands.pyo", line 1037, in run_bzr
  File "bzrlib\commands.pyo", line 654, in run_argv_aliases
  File "bzrlib\builtins.pyo", line 1156, in run
  File "bzrlib\push.pyo", line 83, in _show_push_branch
  File "bzrlib\bzrdir.pyo", line 874, in open_from_transport
  File "bzrlib\transport\__init__.pyo", line 1642, in do_catching_redirections
  File "bzrlib\bzrdir.pyo", line 861, in find_format
  File "bzrlib\bzrdir.pyo", line 1797, in find_format
  File "bzrlib\bzrdir.pyo", line 1807, in probe_transport
  File "bzrlib\transport\sftp.pyo", line 427, in get
  File "bzrlib\transport\sftp.pyo", line 399, in _get_sftp
  File "bzrlib\transport\sftp.pyo", line 391, in _create_connection
  File "bzrlib\transport\ssh.pyo", line 325, in connect_sftp
  File "bzrlib\transport\ssh.pyo", line 321, in _connect
  File "bzrlib\transport\ssh.pyo", line 510, in _paramiko_auth
ConnectionError: Connection error: Unable to authenticate to SSH host as
  root@host
supported auth types: ['publickey', 'keyboard-interactive']

6.113 return code 3

----------------------

Not sure how to tell if it's using putty or paramiko. I see it's having some issue with my known_host file..

It's using paramiko.

I think I see the bug: bzrlib.transport.ssh doesn't know how to use keyboard-interactive auth, just publickey and password auth. Paramiko will actually attempt to use "keyboard-interactive" if necessary when you call auth_password, but bzrlib is erroneously bailing out too soon.

A comment in the paramiko source says that some hosts, particularly Debian and Gentoo ones, disable password auth in their SSH server by default (the comment says this is due to a misguided belief that keyboard-interactive is more secure).

I'll attach a fix.

I've pushed a proposed fix to <lp:~spiv/bzr/paramiko-keyboard-interactive>. It would be great if an affected user could test it, although I realise that's pretty inconvenient without a Windows installer for that branch :(

(It's not a Windows specific bug per se, but paramiko is usually only the default SSH client on Windows, so that would be why it's mainly affecting Windows users.)

I will happily test it. I clicked the link and its still updating. What will I need to do in order to test it though without the setup program?

Bruce: Unfortunately it's not easy to take a branch and build a full Windows installer from it. You could try installing all the components separately (Python, paramiko, plus any plugins you use) and then get a checkout of my branch and run that, but it's a pretty big hassle.

I have tested locally on my Ubuntu system by changing my OpenSSH sshd_config to have ChallengeResponseAuthentication yes and PasswordAuthentication no, and setting BZR_SSH=paramiko. Without my patch it fails as described in this original report (and separately I can see that the server only allows 'publickey' and 'keyboard-interactive' with that configuration). With my patch it prompts for a password and succeeds.

So, I'm confident enough that it's fixed that I'll close the bug. The fix should be included in the 2.0.1 release (and 2.1).

Andrew: You're right.. I got everything installed and got to point of compiling bzr and it stopped me saying it also wanted Visual Studio 2003 installed... :(

Anyhow, if it wasn't obvious by Andrews post. If you are having this problem on Gentoo system a work around solution

edit /etc/ssh/sshd_config and change PasswordAuthentication from no to yes

Then restart (/etc/init.d/sshd restart) ssh. Doing this got me working :)