sake icon indicating copy to clipboard operation
sake copied to clipboard
verified publisher icon alajmo

Too many authentication failures when defining lots of servers

Open tbnguyen1407 opened this issue 3 years ago • 1 comments

  • [x] I have the latest version of sake
  • [x] I have searched through the existing issues

Info

  • OS

    • [x] Linux
    • [ ] Mac OS X
    • [x] Windows
    • [ ] other

  • Shell

    • [x] Bash
    • [ ] Zsh
    • [ ] Fish
    • [ ] Powershell
    • [ ] other
  • Version: 0.10.1

Problem / Steps to reproduce

  1. Define lots of servers with different pubkey
  2. Attempt any task
  3. Some servers will fail as ALL pubkeys are tried one by one, which may exceed MaxAuthTries on sshd
ssh: handshake failed: ssh: disconnect, reason 2: Too many authentication failures

Observation

From the code here, all provided identities are collected and tried for each server with pubkey support.

https://github.com/alajmo/sake/blob/47cdac64f3ae4329a18293828a464204bf9a7fbd/core/run/exec.go#L163-L166

This should not be the case, each server should only try with (own) provided and global identity.

Also this approach is not very efficient as N servers with same pubkey will generate N identical identities. If a server using pubkey2 is declared below 100 servers using pubkey1, it will need to try 100 wrong identities before it can make connection, if even can pass the MaxAuthTries.

tbnguyen1407 avatar Jul 18 '22 12:07 tbnguyen1407

Thanks for the bug report and finding the inefficiencies, will check it out after vacation.

alajmo avatar Jul 20 '22 21:07 alajmo

Should be fixed now with v0.10.3, please re-open if the issue persists.

alajmo avatar Aug 26 '22 19:08 alajmo