"Auth error" against freebsd

[ct-ln]

I try to use ssh-rs to authenticate to a freebsd 11 vm (same problem against freebsd 13 btw).
BSD VM is freshly installed.
Only change: root login allowed.
Source VM is Ubuntu 22.
Username and password work from the same VM with commandline ssh.

ssh [email protected]
[..]
Welcome to FreeBSD!

Program:

fn main() {
    let mut session = ssh::create_session()
        .username("root")
        .password("root")
        .connect("192.168.216.153:22");
    match session{
        Ok(_) => {
            println!("ok");
        }
        Err(e) => {
            println!("err {}",e);
        }
    }
}

Logs on the BSD box:

root@bsd:~ # tail /var/log/auth.log 
May  9 14:55:54 bsd login: ROOT LOGIN (root) ON ttyv0
May  9 14:56:38 bsd sshd[698]: user root login class  [preauth]
May  9 14:56:38 bsd sshd[698]: Connection closed by authenticating user root 192.168.216.13 port 32866 [preauth]

logging enabled on ssh-rs:

2024-05-09T13:08:44.053725Z  INFO ssh::session: start for version negotiation.
2024-05-09T13:08:44.053820Z  INFO ssh::config::version: client version: [SSH-2.0-SSH_RS-0.5.0]
2024-05-09T13:08:44.077655Z  INFO ssh::config::version: server version: [SSH-2.0-OpenSSH_7.5 FreeBSD-20170903]
2024-05-09T13:08:44.077955Z  INFO ssh::config::algorithm: server key exchange: ["curve25519-sha256", "[email protected]", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"]
2024-05-09T13:08:44.078037Z  INFO ssh::config::algorithm: server public key: ["ssh-rsa", "rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"]
2024-05-09T13:08:44.078075Z  INFO ssh::config::algorithm: server c2s encryption: ["[email protected]", "aes128-ctr", "aes192-ctr", "aes256-ctr", "[email protected]", "[email protected]", "aes128-cbc", "aes192-cbc", "aes256-cbc"]
2024-05-09T13:08:44.078133Z  INFO ssh::config::algorithm: server s2c encryption: ["[email protected]", "aes128-ctr", "aes192-ctr", "aes256-ctr", "[email protected]", "[email protected]", "aes128-cbc", "aes192-cbc", "aes256-cbc"]
2024-05-09T13:08:44.078186Z  INFO ssh::config::algorithm: server c2s mac: ["[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]
2024-05-09T13:08:44.078222Z  INFO ssh::config::algorithm: server s2c mac: ["[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]
2024-05-09T13:08:44.078265Z  INFO ssh::config::algorithm: server c2s compression: ["none", "[email protected]"]
2024-05-09T13:08:44.078288Z  INFO ssh::config::algorithm: server s2c compression: ["none", "[email protected]"]
2024-05-09T13:08:44.078311Z DEBUG ssh::config::algorithm: converted server algorithms: [kex: "curve25519-sha256,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1", pubkey: "rsa-sha2-512,rsa-sha2-256,ssh-ed25519", c_enc: "[email protected],aes128-ctr,aes192-ctr,aes256-ctr", s_enc: "[email protected],aes128-ctr,aes192-ctr,aes256-ctr", c_mac: "hmac-sha2-256,hmac-sha2-512,hmac-sha1", s_mac: "hmac-sha2-256,hmac-sha2-512,hmac-sha1", c_compress: "none,[email protected]", s_compress: "none,[email protected]"]
2024-05-09T13:08:44.078384Z  INFO ssh::client::client_kex: start for key negotiation.
2024-05-09T13:08:44.078404Z  INFO ssh::client::client_kex: send client algorithm list.
2024-05-09T13:08:44.078422Z  INFO ssh::config::algorithm: client algorithms: [kex: "curve25519-sha256,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1", pubkey: "rsa-sha2-512,rsa-sha2-256", c_enc: "[email protected],aes128-ctr,aes192-ctr,aes256-ctr", s_enc: "[email protected],aes128-ctr,aes192-ctr,aes256-ctr", c_mac: "hmac-sha2-256,hmac-sha2-512,hmac-sha1", s_mac: "hmac-sha2-256,hmac-sha2-512,hmac-sha1", c_compress: "none,[email protected]", s_compress: "none,[email protected]"]
2024-05-09T13:08:44.078616Z  INFO ssh::config::algorithm: matched algorithms [kex: "curve25519-sha256", pubkey: "rsa-sha2-512", c_enc: "[email protected]", s_enc: "[email protected]", c_mac: "hmac-sha2-256", s_mac: "hmac-sha2-256", c_compress: "none", s_compress: "none"]
2024-05-09T13:08:44.188255Z  INFO ssh::client::client_kex: signature verification success.
2024-05-09T13:08:44.188307Z  INFO ssh::client::client_kex: send new keys
2024-05-09T13:08:44.190780Z  INFO ssh::client::client_kex: key negotiation successful.
2024-05-09T13:08:44.190798Z  INFO ssh::client::client_auth: Auth start
2024-05-09T13:08:44.357752Z  INFO ssh::client::client_auth: password authentication.
2024-05-09T13:08:44.366677Z ERROR ssh::client::client_auth: user auth failure. (password)

[HsuJv]

Hi there, can you help provide the debug info on the server side?

$ sudo `which sshd` -p 888 -ddd

[ct-ln]

Thanks for the quick reply.
Interesting:
Unrecognized authentication method "password"

[HsuJv]

Did you uncomment the line

PasswordAuthentication yes

in your /etc/ssh/sshd_config?
If not, uncomment it and restart the sshd service and try again.

BRs

[ct-ln]

Yes, if I do that, ssh-rs can login.

But (just to make sure), that does not mean that you cannot not log in by password. (I guess technically the mode is "keyboard-interactive"/"ChallengeResponse")

In FreeBSD´s default setting (where ssh-rs fails), this python code can login just fine:

client = paramiko.client.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(host, username="root", password="root")

So can ssh tools like filezilla, and obviously commandline ssh, etc.