Bazaar

Merge lp:~spiv/bzr/paramiko-keyboard-interactive into lp:bzr/2.0

  1. paramiko-keyboard-interactive
  2. Merge into 2.0
Proposed by Andrew Bennetts
Status: Merged
Approved by: Robert Collins
Approved revision: no longer in the source branch.
Merged at revision: not available
Proposed branch: lp:~spiv/bzr/paramiko-keyboard-interactive
Merge into: lp:bzr/2.0
Diff against target: 36 lines
2 files modified
NEWS (+4/-0)
bzrlib/transport/ssh.py (+10/-1)
To merge this branch: bzr merge lp:~spiv/bzr/paramiko-keyboard-interactive
Reviewer Review Type Date Requested Status
bzr-core Pending
Review via email: mp+12559@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Andrew Bennetts (spiv) wrote :

This is a simple change that hopefully fixes bug 433846. Ideally I'd want an affected user to confirm that it fixes the problem for them before merging, but I think this simple change makes sense.

I think this bug fix would be a good candidate for inclusion 2.0.1.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'NEWS'
2--- NEWS 2009-09-28 02:02:30 +0000
3+++ NEWS 2009-09-29 02:06:15 +0000
4@@ -18,6 +18,10 @@
5 filename will issue a warning and skip over those files.
6 (Robert Collins, #3918)
7
8+* bzr will attempt to authenticate with SSH servers that support
9+ ``keyboard-interactive`` auth but not ``password`` auth when using
10+ Paramiko. (Andrew Bennetts, #433846)
11+
12 Improvements
13 ************
14
15
16=== modified file 'bzrlib/transport/ssh.py'
17--- bzrlib/transport/ssh.py 2009-08-22 05:01:55 +0000
18+++ bzrlib/transport/ssh.py 2009-09-29 02:06:15 +0000
19@@ -504,7 +504,16 @@
20 except paramiko.SSHException, e:
21 # Don't know what happened, but just ignore it
22 pass
23- if 'password' not in supported_auth_types:
24+ # We treat 'keyboard-interactive' and 'password' auth methods identically,
25+ # because Paramiko's auth_password method will automatically try
26+ # 'keyboard-interactive' auth (using the password as the response) if
27+ # 'password' auth is not available. Apparently some Debian and Gentoo
28+ # OpenSSH servers require this.
29+ # XXX: It's possible for a server to require keyboard-interactive auth that
30+ # requires something other than a single password, but we currently don't
31+ # support that.
32+ if ('password' not in supported_auth_types and
33+ 'keyboard-interactive' not in supported_auth_types):
34 raise errors.ConnectionError('Unable to authenticate to SSH host as'
35 '\n %s@%s\nsupported auth types: %s'
36 % (username, host, supported_auth_types))

Subscribers

People subscribed via source and target branches