21

I tried to connect to one of my virtual machines using SSH and Go. It works perfectly fine via command line if i do it like so:

ssh root@my_host

I type in the password and it works all good. I tried to do it in Go, here is my code:

package main

import (
    "golang.org/x/crypto/ssh"
    "fmt"
)

func connectViaSsh(user, host string, password string) (*ssh.Client, *ssh.Session) {
    config := &ssh.ClientConfig{
        User: user,
        Auth: []ssh.AuthMethod{ssh.Password(password)},
        HostKeyCallback: ssh.InsecureIgnoreHostKey(),
    }

    client, err := ssh.Dial("tcp", host, config)
    fmt.Println(err)

    session, err := client.NewSession()
    fmt.Println(err)

    return client, session
}


func main() {
    client, _ := connectViaSsh("root", "host:22", "password")
    client.Close()
}

If i run it it returns an error:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

Does anyone have any idea what might cause such an error. It works just fine using paramiko in Python, and in shell but fails in Go. Is there something i'm missing?

4
  • 7
    Your server probably doesn't use "password" authentication. Connect using the ssh command with verbose output and see exactly what the authentication mechanism is.
    – JimB
    Nov 4, 2017 at 2:30
  • 1
    In addition to Jim's comment, please see related question in golang-nuts
    – putu
    Nov 6, 2017 at 4:43
  • I don't understand this bounty. You answered the question and offered a bounty (stating that an answer is exemplary and worth the bounty), but you can't award bounty to yourself...
    – icza
    Nov 13, 2017 at 8:36
  • 2
    @icza i thought someone would create a better answer or more complete answer and i would award bounty to him/her
    – midori
    Nov 13, 2017 at 19:19

2 Answers 2

16

As pointed by @JimB and @putu my server doesn't have Password Authentication enabled.

To verify that i ran ssh with verbose option and it gave me back all supported authentication methods. In my case it turned out to be following:

debug1 : Authentications that can continue: publickey,keyboard-interactive,hostbased

So i had 2 options to go with, either enable password authentication on the server or use other method to authenticate.

To enable password authentication connect to your server and open sshd config file like so:

vi /etc/ssh/sshd_config

Find line saying: PasswordAuthentication no

Change it to yes, save changes and restart sshd service: service ssh restart

After that password authentication method starts to work as expected.

Alternatively other methods can be used, i decided to try keyboard-interactive, the one user usually has when connects over the terminal using ssh.

Here is the code snippet that does just that, sends password after password question is asked by remote server:

package main
import (
    "bytes"
    "golang.org/x/crypto/ssh"
    "fmt"
)

func connectViaSsh(user, host string, password string) (*ssh.Client, *ssh.Session) {
    config := &ssh.ClientConfig{
        User: user,
        Auth: []ssh.AuthMethod{
            ssh.KeyboardInteractive(SshInteractive),
        },
        HostKeyCallback: ssh.InsecureIgnoreHostKey(),
    }
    client, err := ssh.Dial("tcp", host, config)
    fmt.Println(err)
    session, err := client.NewSession()
    fmt.Println(err)

    return client, session
}

func SshInteractive(user, instruction string, questions []string, echos []bool) (answers []string, err error) {
    answers = make([]string, len(questions))
    // The second parameter is unused
    for n, _ := range questions {
        answers[n] = "your_password"
    }

    return answers, nil
}

func main() {
    var b bytes.Buffer
    client, session := connectViaSsh("root", "host:22", "password")

    session.Stdout = &b
    session.Run("ls")
    fmt.Println(b.String())

    client.Close()
}

In my case server asks only one question which is password, if your server asks more than that you would need to build an entire chain of answers to feed back in.

0
0

If you are running locally on a Mac and you are scratching your head because the ssh handshake keeps failing with similar Go code, and the server requires both a key and passphrase (and you do not have access to the server configurations), add your key to keychain using an ssh agent:

ssh-add --apple-use-keychain /path/to/ssh_key

If you are not on a mac, you can simply remove the '--apple-use-keychain' (as long as you are in some linux distro).

Here is an explanation of the issue for the ones who can solve it by doing ssh-add.

When deploying to your environment keep in mind you would need an ssh agent for this to work, but the point of this answer is to point anyone with this punctual setup/issue in the right direction.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.