Fix partial success not passing when using agent authentication #1215
Conversation
|
I think for behavior like this, you're better off using custom authentication handling since "partial success" could mean different things to different servers. |
|
Partial success is defined pretty clearly in RFC4252, and I believe this is how most clients handle it. Implementing a custom authHandler also won't help, because it's directly calling the tryNextAgentKey function |
|
@mscdex I'm trying to replicate the same behavior as openssh client in my vscode extension and I'm already using a custom auth handler |
| const key = curAuth.agentCtx.currentKey(); | ||
| proto.authPK(curAuth.username, key, (buf, cb) => { | ||
| curAuth.agentCtx.sign(key, buf, {}, (err, signed) => { | ||
| if (err) { | ||
| err.level = 'agent'; | ||
| this.emit('error', err); | ||
| } else { | ||
| return cb(signed); | ||
| } | ||
|
|
||
| return tryNextAgentKey(); | ||
| }); | ||
| }); |
There was a problem hiding this comment.
@lucasvbeek is this actually needed? I'm cherry picking this PR and noticed that with this USERAUTH_FAILURE gets called again, just checking for partialSuccess seems enough and I can connect successfully.
if (!partialSuccess) {
debug && debug(`Client: Agent key #${pos + 1} failed`);
return tryNextAgentKey();
}
There was a problem hiding this comment.
Looks like it should be fine with just the check, I copied the full block from USERAUTH_PK_OK to make sure I didn't miss anything. Thanks for checking
3 participants
Currently the partialSuccess variable is ignored when using agent authentication, and the client skips to the next agent key. This causes connections to fail when using an agent key + a second authentication method (like 2FA using keyboard-interactive).
With this PR, the client skips to the next authentication method instead of the next agent key when receiving a partial success.