parallel-ssh
parallel-ssh copied to clipboard
Password authentication failure on OpenSSH 8.2 servers
I'm trying to run a single command on multiple servers, my server provider is vultr. But I get a AuthenticationException.
Code:
from pssh.clients import ParallelSSHClient
hosts = []
pw = 'xxx'
client = ParallelSSHClient(hosts, user='root', password=pw)
output = client.run_command('python -V')
for host_out in output:
for line in host_out.stdout:
print(line)
exit_code = host_out.exit_code
Error:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 208, in _auth_retry
self.auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 355, in auth
self._password_auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/native/single.py", line 229, in _password_auth
self.session.userauth_password(self.user, self.password)
File "ssh2/session.pyx", line 321, in ssh2.session.Session.userauth_password
File "ssh2/utils.pyx", line 166, in ssh2.utils.handle_error_codes
ssh2.exceptions.AuthenticationError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 208, in _auth_retry
self.auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 355, in auth
self._password_auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/native/single.py", line 229, in _password_auth
self.session.userauth_password(self.user, self.password)
File "ssh2/session.pyx", line 321, in ssh2.session.Session.userauth_password
File "ssh2/utils.pyx", line 166, in ssh2.utils.handle_error_codes
ssh2.exceptions.AuthenticationError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 208, in _auth_retry
self.auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 355, in auth
self._password_auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/native/single.py", line 229, in _password_auth
self.session.userauth_password(self.user, self.password)
File "ssh2/session.pyx", line 321, in ssh2.session.Session.userauth_password
File "ssh2/utils.pyx", line 166, in ssh2.utils.handle_error_codes
ssh2.exceptions.AuthenticationError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/run/media/kobej/D/trabro2/test/testParallelSsh.py", line 19, in <module>
output = client.run_command('python -V')
File "/usr/lib/python3.9/site-packages/pssh/clients/native/parallel.py", line 213, in run_command
return BaseParallelSSHClient.run_command(
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 197, in run_command
return self._get_output_from_cmds(cmds, raise_error=stop_on_errors,
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 204, in _get_output_from_cmds
finished = joinall(_cmds, raise_error=True)
File "src/gevent/greenlet.py", line 1057, in gevent._gevent_cgreenlet.joinall
File "src/gevent/greenlet.py", line 1073, in gevent._gevent_cgreenlet.joinall
File "src/gevent/greenlet.py", line 371, in gevent._gevent_cgreenlet.Greenlet._raise_exception
File "/usr/lib/python3.9/site-packages/gevent/_compat.py", line 65, in reraise
raise value.with_traceback(tb)
File "src/gevent/greenlet.py", line 906, in gevent._gevent_cgreenlet.Greenlet.run
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 216, in _get_output_from_greenlet
raise ex
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 209, in _get_output_from_greenlet
host_out = cmd.get()
File "src/gevent/greenlet.py", line 803, in gevent._gevent_cgreenlet.Greenlet.get
File "src/gevent/greenlet.py", line 371, in gevent._gevent_cgreenlet.Greenlet._raise_exception
File "/usr/lib/python3.9/site-packages/gevent/_compat.py", line 65, in reraise
raise value.with_traceback(tb)
File "src/gevent/greenlet.py", line 906, in gevent._gevent_cgreenlet.Greenlet.run
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 285, in _run_command
raise ex
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 277, in _run_command
_client = self._make_ssh_client(host_i, host)
File "/usr/lib/python3.9/site-packages/pssh/clients/native/parallel.py", line 239, in _make_ssh_client
_client = SSHClient(
File "/usr/lib/python3.9/site-packages/pssh/clients/native/single.py", line 123, in __init__
super(SSHClient, self).__init__(
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 195, in __init__
self._init()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 200, in _init
self._auth_retry()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 212, in _auth_retry
return self._auth_retry(retries=retries+1)
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 212, in _auth_retry
return self._auth_retry(retries=retries+1)
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 214, in _auth_retry
raise AuthenticationError(msg, self.host, self.port, ex)
pssh.exceptions.AuthenticationError: ('Authentication error while connecting to %s:%s - %s', '198.13.47.107', 22, AuthenticationError())
System:
- Linux (Manjaro KDE)
- Python 3.9
- parallel-ssh version 2.5.4
Hi there,
Thanks for the interest. Best to check authentication works with regular ssh first, then try using the library with the same authentication method. Typically root logins are not allowed.
Not seeing an issue with library, closing.
Yeah I'm able to connect to the servers with regular ssh. But yeah I'm using the root account, isn't there a workaround to login with a root?
Login works with root using the ssh
binary? Can you show ssh -v root@<..>
output? And output of ssh -V
from the server.
If that does work, can try the client from pssh.client.ssh import ParallelSSHClient
as an alternative. Not aware of any issues with password auth, assuming server config allows it. Server configuration is out of scope for the library, see man sshd_config
.
Output of ssh -v root@<...>
:
C:\Users\kobej>ssh -v [email protected]
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to 198.13.47.107 [198.13.47.107] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\kobej/.ssh/id_rsa type -1
debug1: identity file C:\\Users\\kobej/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\kobej/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\kobej/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\kobej/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\kobej/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\kobej/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\kobej/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\kobej/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\kobej/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 198.13.47.107:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:kiNxa9VW6mnO0Mxgol8uCsu400u18UR164WZhCeK26c
debug1: Host '198.13.47.107' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\kobej/.ssh/known_hosts:5
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_rsa
debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\kobej/.ssh/id_rsa
debug1: Trying private key: C:\\Users\\kobej/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\kobej/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\kobej/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\kobej/.ssh/id_xmss
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory
[email protected]'s password:
debug1: Authentication succeeded (password).
Authenticated to 198.13.47.107 ([198.13.47.107]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug1: client_input_global_request: rtype [email protected] want_reply 0
Output of ssh -V
from the server:
OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f 31 Mar 2020
If that does work, can try the client
from pssh.client.ssh import ParallelSSHClient
as an alternative. Not aware of any issues with password auth, assuming server config allows it. Server configuration is out of scope for the library, seeman sshd_config
.
When trying this I get this error (my password is correct though)
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 208, in _auth_retry
self.auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/ssh/single.py", line 168, in auth
return super(SSHClient, self).auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 355, in auth
self._password_auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/ssh/single.py", line 171, in _password_auth
self.session.userauth_password(self.user, self.password)
File "ssh/session.pyx", line 463, in ssh.session.Session.userauth_password
File "ssh/utils.pyx", line 109, in ssh.utils.handle_auth_error_codes
ssh.exceptions.AuthenticationDenied: b"Access denied for 'password'. Authentication that can continue: publickey,password"
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 208, in _auth_retry
self.auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/ssh/single.py", line 168, in auth
return super(SSHClient, self).auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 355, in auth
self._password_auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/ssh/single.py", line 171, in _password_auth
self.session.userauth_password(self.user, self.password)
File "ssh/session.pyx", line 463, in ssh.session.Session.userauth_password
File "ssh/utils.pyx", line 109, in ssh.utils.handle_auth_error_codes
ssh.exceptions.AuthenticationDenied: b"Access denied for 'password'. Authentication that can continue: publickey,password"
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 208, in _auth_retry
self.auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/ssh/single.py", line 168, in auth
return super(SSHClient, self).auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 355, in auth
self._password_auth()
File "/usr/lib/python3.9/site-packages/pssh/clients/ssh/single.py", line 171, in _password_auth
self.session.userauth_password(self.user, self.password)
File "ssh/session.pyx", line 463, in ssh.session.Session.userauth_password
File "ssh/utils.pyx", line 109, in ssh.utils.handle_auth_error_codes
ssh.exceptions.AuthenticationDenied: b"Access denied for 'password'. Authentication that can continue: publickey,password"
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/run/media/kobej/D/trabro2/test/testParallelSsh.py", line 21, in <module>
output = client.run_command('python -V')
File "/usr/lib/python3.9/site-packages/pssh/clients/ssh/parallel.py", line 224, in run_command
return BaseParallelSSHClient.run_command(
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 197, in run_command
return self._get_output_from_cmds(cmds, raise_error=stop_on_errors,
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 204, in _get_output_from_cmds
finished = joinall(_cmds, raise_error=True)
File "src/gevent/greenlet.py", line 1057, in gevent._gevent_cgreenlet.joinall
File "src/gevent/greenlet.py", line 1073, in gevent._gevent_cgreenlet.joinall
File "src/gevent/greenlet.py", line 371, in gevent._gevent_cgreenlet.Greenlet._raise_exception
File "/usr/lib/python3.9/site-packages/gevent/_compat.py", line 65, in reraise
raise value.with_traceback(tb)
File "src/gevent/greenlet.py", line 906, in gevent._gevent_cgreenlet.Greenlet.run
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 216, in _get_output_from_greenlet
raise ex
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 209, in _get_output_from_greenlet
host_out = cmd.get()
File "src/gevent/greenlet.py", line 803, in gevent._gevent_cgreenlet.Greenlet.get
File "src/gevent/greenlet.py", line 371, in gevent._gevent_cgreenlet.Greenlet._raise_exception
File "/usr/lib/python3.9/site-packages/gevent/_compat.py", line 65, in reraise
raise value.with_traceback(tb)
File "src/gevent/greenlet.py", line 906, in gevent._gevent_cgreenlet.Greenlet.run
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 285, in _run_command
raise ex
File "/usr/lib/python3.9/site-packages/pssh/clients/base/parallel.py", line 277, in _run_command
_client = self._make_ssh_client(host_i, host)
File "/usr/lib/python3.9/site-packages/pssh/clients/ssh/parallel.py", line 239, in _make_ssh_client
_client = SSHClient(
File "/usr/lib/python3.9/site-packages/pssh/clients/ssh/single.py", line 109, in __init__
super(SSHClient, self).__init__(
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 195, in __init__
self._init()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 200, in _init
self._auth_retry()
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 212, in _auth_retry
return self._auth_retry(retries=retries+1)
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 212, in _auth_retry
return self._auth_retry(retries=retries+1)
File "/usr/lib/python3.9/site-packages/pssh/clients/base/single.py", line 214, in _auth_retry
raise AuthenticationError(msg, self.host, self.port, ex)
pssh.exceptions.AuthenticationError: ('Authentication error while connecting to %s:%s - %s', '198.13.47.107', 22, AuthenticationDenied(b"Access denied for 'password'. Authentication that can continue: publickey,password"))
Output of
ssh -v root@<...>
:C:\Users\kobej>ssh -v [email protected] OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2 debug1: Connecting to 198.13.47.107 [198.13.47.107] port 22. debug1: Connection established. debug1: identity file C:\\Users\\kobej/.ssh/id_rsa type -1 debug1: identity file C:\\Users\\kobej/.ssh/id_rsa-cert type -1 debug1: identity file C:\\Users\\kobej/.ssh/id_dsa type -1 debug1: identity file C:\\Users\\kobej/.ssh/id_dsa-cert type -1 debug1: identity file C:\\Users\\kobej/.ssh/id_ecdsa type -1 debug1: identity file C:\\Users\\kobej/.ssh/id_ecdsa-cert type -1 debug1: identity file C:\\Users\\kobej/.ssh/id_ed25519 type -1 debug1: identity file C:\\Users\\kobej/.ssh/id_ed25519-cert type -1 debug1: identity file C:\\Users\\kobej/.ssh/id_xmss type -1 debug1: identity file C:\\Users\\kobej/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 198.13.47.107:22 as 'root' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:kiNxa9VW6mnO0Mxgol8uCsu400u18UR164WZhCeK26c debug1: Host '198.13.47.107' is known and matches the ECDSA host key. debug1: Found key in C:\\Users\\kobej/.ssh/known_hosts:5 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_rsa debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_dsa debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_ecdsa debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_ed25519 debug1: Will attempt key: C:\\Users\\kobej/.ssh/id_xmss debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: C:\\Users\\kobej/.ssh/id_rsa debug1: Trying private key: C:\\Users\\kobej/.ssh/id_dsa debug1: Trying private key: C:\\Users\\kobej/.ssh/id_ecdsa debug1: Trying private key: C:\\Users\\kobej/.ssh/id_ed25519 debug1: Trying private key: C:\\Users\\kobej/.ssh/id_xmss debug1: Next authentication method: password debug1: read_passphrase: can't open /dev/tty: No such file or directory [email protected]'s password: debug1: Authentication succeeded (password). Authenticated to 198.13.47.107 ([198.13.47.107]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: pledge: network debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing debug1: client_input_global_request: rtype [email protected] want_reply 0
Output of
ssh -V
from the server:OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f 31 Mar 2020
By the way, you can hide ip. It seems reachable.
Do you think this issue is related to that this account is a root user? Would it be solved if I create normal users to connect to? Or is this an OpenSSH 8.2 bug/issue?
Possibly. Try with normal user and see if it connects.
I suspect it's a preferred key exchange algorithm method that has changed in 8.2 - will need to try and reproduce with that server.
I think I also bumped into that issue when using key-based authentication. I wanted to report this, but I didn't know how really. Do you want my logs too?
Hi @Keij0 ,
If you can provide details on how to reproduce that would be very helpful. Have not been able to reproduce as yet. Worth checking with latest version of this library and with both clients.