I can't get this to work for me. After setting AuthenticationMethods publickey,password in my sshd_config, trying to clone my repository with the SSH Key connection mode fails here

https://github.com/android-password-store/Android-Password-Store/pull/825/files#diff-efe0564ca4779571d8e3340b0d88a26dR43 Ugh, didn't work. GitOperation.kt, line 43.

I can't get this to work for me. After setting AuthenticationMethods publickey,password in my sshd_config, trying to clone my repository with the SSH Key connection mode fails here

https://github.com/android-password-store/Android-Password-Store/pull/825/files#diff-efe0564ca4779571d8e3340b0d88a26dR43 Ugh, didn't work. GitOperation.kt, line 43.

Sorry, that require shouldn't have made it in in that form: #826.

Doesn't throw anymore but still doesn't seem to work, tried both my SSH key as well as password and SSHJ always fails saying all authentication methods were exhausted. I'll try to debug some more on my end...

uhh

@FabianHenneke can you rebase this and #807 when you get a chance? I have the weekend off so I'm going to try and create a docker setup to allow me to test this.

@FabianHenneke can you rebase this and #807 when you get a chance? I have the weekend off so I'm going to try and create a docker setup to allow me to test this.

Done, but EDCSA keys remain broken for now. Everything else should work as before.

@FabianHenneke would you be able to rebase this some time over the next week? Should leave us enough time to be able to review and test this before the September release.

@FabianHenneke would you be able to rebase this some time over the next week? Should leave us enough time to be able to review and test this before the September release.

Please review and merge #1084 first.
We are currently offering password authentication implicitly after publickey authentication in both possible cases: As a follow-up authentication mode when publickey auth succeeded and as an alternative authentication mode when it failed. I don't think there is an easy way to differntiate between the two without delving into SSHJ internals, so we should first agree on whether this behavior is okay or not.

@FabianHenneke would you be able to rebase this some time over the next week? Should leave us enough time to be able to review and test this before the September release.

Please review and merge #1084 first.
We are currently offering password authentication implicitly after publickey authentication in both possible cases: As a follow-up authentication mode when publickey auth succeeded and as an alternative authentication mode when it failed. I don't think there is an easy way to differntiate between the two without delving into SSHJ internals, so we should first agree on whether this behavior is okay or not.

I think it's acceptable. I assume we'd only be offering password authentication for servers that do advertise password or keyboard-interactive authentication methods alongside publickey?

@FabianHenneke would you be able to rebase this some time over the next week? Should leave us enough time to be able to review and test this before the September release.

Please review and merge #1084 first.
We are currently offering password authentication implicitly after publickey authentication in both possible cases: As a follow-up authentication mode when publickey auth succeeded and as an alternative authentication mode when it failed. I don't think there is an easy way to differntiate between the two without delving into SSHJ internals, so we should first agree on whether this behavior is okay or not.

I think it's acceptable. I assume we'd only be offering password authentication for servers that do advertise password or keyboard-interactive authentication methods alongside publickey?

That should be true based on my understanding of the SSHJ code, but I don't have the setup to test it properly.

Maybe we should rethink our AuthMode switches though. If we could make the switches shown depend on whether or not the URL starts with http:// or https://, we could show either a choice between "Password" and "None" (HTTP) or "Public key", "Public key (via OpenKeychain)" or "Password only" (SSH).

Maybe we should rethink our AuthMode switches though. If we could make the switches shown depend on whether or not the URL starts with http:// or https://, we could show either a choice between "Password" and "None" (HTTP) or "Public key", "Public key (via OpenKeychain)" or "Password only" (SSH).

Should certainly not be impossible, I can take a stab at it. Do you want it to go in with this PR?

Maybe we should rethink our AuthMode switches though. If we could make the switches shown depend on whether or not the URL starts with http:// or https://, we could show either a choice between "Password" and "None" (HTTP) or "Public key", "Public key (via OpenKeychain)" or "Password only" (SSH).

Should certainly not be impossible, I can take a stab at it. Do you want it to go in with this PR?

I would prefer to have this go in as is. The other change would be almost purely UI-related while this does not touch the UI at all, so I would prefer them to remain separate.

I tried cloning from a server which only had password authentication after setting authentication mode to SSH key in the app and did not get prompted for a password, but from my understanding of the changes here, that shouldn't have been the case?

I tried cloning from a server which only had password authentication after setting authentication mode to SSH key in the app and did not get prompted for a password, but from my understanding of the changes here, that shouldn't have been the case?

Yes, if that doesn't work and there is nothing else that's wrong here, then I fear sshj doesn't properly deal with multiple auth methods.

Could you send me the sshj log output?

I tried cloning from a server which only had password authentication after setting authentication mode to SSH key in the app and did not get prompted for a password, but from my understanding of the changes here, that shouldn't have been the case?

Yes, if that doesn't work and there is nothing else that's wrong here, then I fear sshj doesn't properly deal with multiple auth methods.

Could you send me the sshj log output?

Obviously simply taking a log made it behave 😑