Details
-
Type:
Bug
-
Status:
Open
-
Priority:
Unknown
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
Description
If you specify the following in ~/.ssh/config
PasswordAuthentication yes
knife ssh will proceed to only use password authentication, failing if your system requires key based authentication. This behavior is counter-intuitive since, according to the SSH documentation, the default is yes
Specifies whether to use password authentication. The argument to this keyword must be "yes" or "no". The default is "yes".
Further, this is different from the behavior of openssh, which will still attempt other authentication methods even when PasswordAuthentication yes is explicitly defined.
This is likely because of the underlying Net::SSH behavior. As can be seen here: https://github.com/net-ssh/net-ssh/blob/master/lib/net/ssh/config.rb#L156 Net::SSH appends values to the auth_methods hash if it sees any of ssh's Authentication configuration directives.
This hash then overrides the list of default methods. Thus, if you explicitely specify one method, you must explicitly specify all methods you would like, even if they default to Yes in most implementations.
Upstream bug
http://net-ssh.lighthouseapp.com/projects/36253-net-ssh/tickets/2-passwordauthentication-in-ssh_config-excludes-all-other-auth-methods