267819 – misc/mc Midnight Commander cannot SFTP into FreeBSD with PasswordAuthentication set to no and UsePAM set to yes

Bug 267819 - misc/mc Midnight Commander cannot SFTP into FreeBSD with PasswordAuthentication set to no and UsePAM set to yes

Summary: misc/mc Midnight Commander cannot SFTP into FreeBSD with PasswordAuthenticati...

Status:	Open

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Alexey Dokuchaev

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-11-17 02:59 UTC by iio7
Modified:	2022-11-22 08:44 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (danfe)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description iio7 2022-11-17 02:59:59 UTC

The default SSH authentication mechanism is to ask for a username and a password, which is what OpenSSH does when PasswordAuthentication is said to "yes". When the option is changed to "no", using a password doesn't work and you have to login by e.g. a key. However, the FreeBSD 13.1 version also has the option "UsePAM", which is default set to "yes". So this means that PAM is authenticating users.

With that setup regular SSH and SFTP into the FreeBSD box via the console works, but using Midnight Commander to SFTP into the FreeBSD box doesn't work and it fails with 'Cannot chdir to "/sftp://foo"'

Changing the "PasswordAuthentication" option to "yes" solves the issue.

I am not sure why Midnight Commander fails when it's PAM that is authenticating users, but I suspect it has to do with the format of the command being send.

Steps to recreate the issue:

1. Have a FreeBSD box with SSH access running. Make sure the defaults settings are set, "PasswordAuthentication" is "no" and "UsePAM" is "yes".

2. Open Midnight Commander and use the MENU option F9. Choose "SFTP Link" and input the username, password, hostname, etc. of the FreeBSD box with SSH running. 
Midnight Commander fails.

3. Change the "PasswordAuthentication" option to "yes" and restart sshd and try again, Midnight Commander can now access the host via SFTP.

Kind regards.

Comment 1 Alexey Dokuchaev freebsd_committer

2022-11-22 08:44:05 UTC

It looks like a bug in libssh2 (or the way MidCom uses it, cf. bug #264375) and is not specific to FreeBSD: the same happens on Ubuntu 20.04 (mc 4.8.24, libssh2 1.8.0).

Using sftp(1) which is part of OpenSSH works fine.  Running /usr/sbin/sshd -D -d -p 2222 on the console and comparing both outputs, it might be something to do with missing do_pam_account() calls.

This is part of the log for midc/libssh2:

debug1: auth2_challenge_start: trying authentication method 'pam' [preauth]
Postponed keyboard-interactive for user from ... ssh2 [preauth]
PAM: Authentication error for user from host
Failed keyboard-interactive/pam for user from ... ssh2

And this is the same place but against sftp/OpenSSH:

debug1: auth2_challenge_start: trying authentication method 'pam' [preauth]
Postponed keyboard-interactive for user ... ssh2 [preauth]
debug1: do_pam_account: called
debug1: PAM: num PAM env strings 1
Postponed keyboard-interactive/pam for user ... ssh2 [preauth]
debug1: do_pam_account: called
Accepted keyboard-interactive/pam for user ... ssh2