Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Another Exhausted available authentication methods

See original GitHub issue

I am using the latest version of SSHJ on Java 8.

When attempting to authenticate to a given FTP server using a password, authentication fails with the message Exhausted available authentication methods There are multiple related issues with the same error message, but this one is special: It happens for one of two users authenticating to the same exact FTP server in the same exact application running on the same exact machine.

Here is the log for the working user:

2018-12-19 13:04:25,838 WARN  [main] TrustEverythingTrustManager: This trust manager trusts every certificate, effectively disabling peer verification. This is convenient for local development but prone to man-in-the-middle attacks. Please see http://www.rabbitmq.com/ssl.html#validating-cerficates to learn more about peer certificate validation.
2018-12-19 13:04:27,607 INFO  [main] BouncyCastleRandom: Generating random seed from SecureRandom.
2018-12-19 13:04:27,608 DEBUG [main] BouncyCastleRandom: Creating random seed took 1 ms
2018-12-19 13:04:27,665 DEBUG [main] DefaultConfig: Available cipher factories: [aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, blowfish-cbc, blowfish-ctr, cast128-cbc, cast128-ctr, idea-cbc, idea-ctr, serpent128-cbc, serpent128-ctr, serpent192-cbc, serpent192-ctr, serpent256-cbc, serpent256-ctr, 3des-cbc, 3des-ctr, twofish128-cbc, twofish128-ctr, twofish192-cbc, twofish192-ctr, twofish256-cbc, twofish256-ctr, twofish-cbc, arcfour, arcfour128, arcfour256]
2018-12-19 13:04:27,707 INFO  [main] TransportImpl: Client identity string: SSH-2.0-SSHJ_0.26.0
2018-12-19 13:04:27,728 INFO  [main] TransportImpl: Server identity string: SSH-2.0-BIS FileExchange Gateway 2.26.5-3631
2018-12-19 13:04:27,729 DEBUG [main] Promise: Setting <<kex done>> to `null`
2018-12-19 13:04:27,729 DEBUG [main] KeyExchanger: Sending SSH_MSG_KEXINIT
2018-12-19 13:04:27,731 DEBUG [reader] KeyExchanger: Received SSH_MSG_KEXINIT
2018-12-19 13:04:27,731 DEBUG [reader] Promise: Awaiting <<kexinit sent>>
2018-12-19 13:04:27,735 DEBUG [main] Promise: Setting <<kexinit sent>> to `SOME`
2018-12-19 13:04:27,736 DEBUG [main] Promise: Awaiting <<kex done>>
2018-12-19 13:04:27,736 DEBUG [reader] KeyExchanger: Negotiated algorithms: [ kex=diffie-hellman-group-exchange-sha256; sig=ssh-rsa; c2sCipher=aes128-cbc; s2cCipher=aes128-cbc; c2sMAC=hmac-sha1; s2cMAC=hmac-sha1; c2sComp=none; s2cComp=none ]
2018-12-19 13:04:27,751 DEBUG [reader] DHGexSHA256: Sending KEX_DH_GEX_REQUEST
2018-12-19 13:04:27,835 DEBUG [reader] KeyExchanger: Received kex followup data
2018-12-19 13:04:27,835 DEBUG [reader] DHGexSHA256: Got message KEXDH_31
2018-12-19 13:04:27,835 DEBUG [reader] DHGexSHA256: Received server p bitlength 2048
2018-12-19 13:04:27,886 DEBUG [reader] DHGexSHA256: Sending KEX_DH_GEX_INIT
2018-12-19 13:04:28,150 DEBUG [reader] KeyExchanger: Received kex followup data
2018-12-19 13:04:28,150 DEBUG [reader] DHGexSHA256: Got message KEX_DH_GEX_REPLY
2018-12-19 13:04:28,200 DEBUG [reader] KeyExchanger: Trying to verify host key with net.schmizz.sshj.transport.verification.FingerprintVerifier$1@75b0d884
2018-12-19 13:04:28,202 DEBUG [reader] KeyExchanger: Sending SSH_MSG_NEWKEYS
2018-12-19 13:04:28,202 DEBUG [reader] KeyExchanger: Received SSH_MSG_NEWKEYS
2018-12-19 13:04:28,211 DEBUG [reader] Promise: Setting <<kexinit sent>> to `null`
2018-12-19 13:04:28,211 DEBUG [reader] Promise: Setting <<kex done>> to `SOME`
2018-12-19 13:04:28,211 DEBUG [main] SSHClient: Key exchange took 0.483 seconds
2018-12-19 13:04:28,216 DEBUG [main] Promise: Setting <<service accept>> to `null`
2018-12-19 13:04:28,217 DEBUG [main] TransportImpl: Sending SSH_MSG_SERVICE_REQUEST for ssh-userauth
2018-12-19 13:04:28,217 DEBUG [main] Promise: Awaiting <<service accept>>
2018-12-19 13:04:28,241 DEBUG [reader] Promise: Setting <<service accept>> to `SOME`
2018-12-19 13:04:28,241 DEBUG [main] TransportImpl: Setting active service to ssh-userauth
2018-12-19 13:04:28,242 DEBUG [main] Promise: Setting <<authenticated>> to `null`
2018-12-19 13:04:28,242 DEBUG [main] UserAuthImpl: Trying `password` auth...
2018-12-19 13:04:28,242 DEBUG [main] AuthPassword: Requesting password for [AccountResource] XXX@XXX.com@xxx.com
2018-12-19 13:04:28,243 DEBUG [main] Promise: Awaiting <<authenticated>>
2018-12-19 13:04:28,868 DEBUG [reader] TransportImpl: Setting active service to ssh-connection
2018-12-19 13:04:28,868 DEBUG [reader] Promise: Setting <<authenticated>> to `true`
2018-12-19 13:04:28,868 DEBUG [main] UserAuthImpl: `password` auth successful
2018-12-19 13:04:28,877 DEBUG [main] ConnectionImpl: Attaching `session` channel (#0)
2018-12-19 13:04:28,878 DEBUG [main] Promise: Awaiting <<chan#0 / open>>
2018-12-19 13:04:29,812 DEBUG [reader] SessionChannel: Initialized - < session channel: id=0, recipient=0, localWin=[winSize=2097152], remoteWin=[winSize=0] >
2018-12-19 13:04:29,812 DEBUG [reader] Promise: Setting <<chan#0 / open>> to `SOME`
2018-12-19 13:04:29,813 INFO  [main] SessionChannel: Will request `sftp` subsystem
2018-12-19 13:04:29,813 DEBUG [main] SessionChannel: Sending channel request for `subsystem`
2018-12-19 13:04:29,814 DEBUG [main] Promise: Awaiting <<chan#0 / chanreq for subsystem>>
2018-12-19 13:04:29,847 DEBUG [reader] SessionChannel: Received window adjustment for 524288 bytes
2018-12-19 13:04:29,847 DEBUG [reader] Window$Remote: Increasing by 524288 up to 524288
2018-12-19 13:04:29,848 DEBUG [reader] Promise: Setting <<chan#0 / chanreq for subsystem>> to `SOME`
2018-12-19 13:04:29,850 DEBUG [main] Window$Remote: Consuming by 9 down to 524279
2018-12-19 13:04:29,920 DEBUG [reader] Window$Local: Consuming by 38 down to 2097114
2018-12-19 13:04:29,920 DEBUG [main] SFTPEngine: Server version 3

And here is the log for the failing one:

2018-12-19 13:10:10,911 WARN  [main] TrustEverythingTrustManager: This trust manager trusts every certificate, effectively disabling peer verification. This is convenient for local development but prone to man-in-the-middle attacks. Please see http://www.rabbitmq.com/ssl.html#validating-cerficates to learn more about peer certificate validation.
2018-12-19 13:10:12,629 INFO  [main] BouncyCastleRandom: Generating random seed from SecureRandom.
2018-12-19 13:10:12,630 DEBUG [main] BouncyCastleRandom: Creating random seed took 1 ms
2018-12-19 13:10:12,693 DEBUG [main] DefaultConfig: Available cipher factories: [aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr, blowfish-cbc, blowfish-ctr, cast128-cbc, cast128-ctr, idea-cbc, idea-ctr, serpent128-cbc, serpent128-ctr, serpent192-cbc, serpent192-ctr, serpent256-cbc, serpent256-ctr, 3des-cbc, 3des-ctr, twofish128-cbc, twofish128-ctr, twofish192-cbc, twofish192-ctr, twofish256-cbc, twofish256-ctr, twofish-cbc, arcfour, arcfour128, arcfour256]
2018-12-19 13:10:12,734 INFO  [main] TransportImpl: Client identity string: SSH-2.0-SSHJ_0.26.0
2018-12-19 13:10:12,755 INFO  [main] TransportImpl: Server identity string: SSH-2.0-BIS FileExchange Gateway 2.26.5-3631
2018-12-19 13:10:12,755 DEBUG [main] Promise: Setting <<kex done>> to `null`
2018-12-19 13:10:12,756 DEBUG [main] KeyExchanger: Sending SSH_MSG_KEXINIT
2018-12-19 13:10:12,757 DEBUG [reader] KeyExchanger: Received SSH_MSG_KEXINIT
2018-12-19 13:10:12,758 DEBUG [reader] Promise: Awaiting <<kexinit sent>>
2018-12-19 13:10:12,761 DEBUG [main] Promise: Setting <<kexinit sent>> to `SOME`
2018-12-19 13:10:12,762 DEBUG [main] Promise: Awaiting <<kex done>>
2018-12-19 13:10:12,763 DEBUG [reader] KeyExchanger: Negotiated algorithms: [ kex=diffie-hellman-group-exchange-sha256; sig=ssh-rsa; c2sCipher=aes128-cbc; s2cCipher=aes128-cbc; c2sMAC=hmac-sha1; s2cMAC=hmac-sha1; c2sComp=none; s2cComp=none ]
2018-12-19 13:10:12,777 DEBUG [reader] DHGexSHA256: Sending KEX_DH_GEX_REQUEST
2018-12-19 13:10:12,815 DEBUG [reader] KeyExchanger: Received kex followup data
2018-12-19 13:10:12,816 DEBUG [reader] DHGexSHA256: Got message KEXDH_31
2018-12-19 13:10:12,816 DEBUG [reader] DHGexSHA256: Received server p bitlength 2048
2018-12-19 13:10:12,867 DEBUG [reader] DHGexSHA256: Sending KEX_DH_GEX_INIT
2018-12-19 13:10:13,107 DEBUG [reader] KeyExchanger: Received kex followup data
2018-12-19 13:10:13,107 DEBUG [reader] DHGexSHA256: Got message KEX_DH_GEX_REPLY
2018-12-19 13:10:13,151 DEBUG [reader] KeyExchanger: Trying to verify host key with net.schmizz.sshj.transport.verification.FingerprintVerifier$1@77891849
2018-12-19 13:10:13,152 DEBUG [reader] KeyExchanger: Sending SSH_MSG_NEWKEYS
2018-12-19 13:10:13,152 DEBUG [reader] KeyExchanger: Received SSH_MSG_NEWKEYS
2018-12-19 13:10:13,157 DEBUG [reader] Promise: Setting <<kexinit sent>> to `null`
2018-12-19 13:10:13,157 DEBUG [reader] Promise: Setting <<kex done>> to `SOME`
2018-12-19 13:10:13,157 DEBUG [main] SSHClient: Key exchange took 0.402 seconds
2018-12-19 13:10:13,161 DEBUG [main] Promise: Setting <<service accept>> to `null`
2018-12-19 13:10:13,161 DEBUG [main] TransportImpl: Sending SSH_MSG_SERVICE_REQUEST for ssh-userauth
2018-12-19 13:10:13,162 DEBUG [main] Promise: Awaiting <<service accept>>
2018-12-19 13:10:13,191 DEBUG [reader] Promise: Setting <<service accept>> to `SOME`
2018-12-19 13:10:13,191 DEBUG [main] TransportImpl: Setting active service to ssh-userauth
2018-12-19 13:10:13,192 DEBUG [main] Promise: Setting <<authenticated>> to `null`
2018-12-19 13:10:13,192 DEBUG [main] UserAuthImpl: Trying `password` auth...
2018-12-19 13:10:13,192 DEBUG [main] AuthPassword: Requesting password for [AccountResource] ser-xxx@xxx@xxx.com
2018-12-19 13:10:13,193 DEBUG [main] Promise: Awaiting <<authenticated>>
2018-12-19 13:10:13,782 DEBUG [reader] Promise: Setting <<authenticated>> to `false`
2018-12-19 13:10:13,783 DEBUG [main] UserAuthImpl: `password` auth failed
2018-12-19 13:10:13,783 DEBUG [main] Promise: Setting <<authenticated>> to `null`
2018-12-19 13:10:13,783 DEBUG [main] UserAuthImpl: Trying `keyboard-interactive` auth...
2018-12-19 13:10:13,783 DEBUG [main] Promise: Awaiting <<authenticated>>
2018-12-19 13:10:13,808 DEBUG [reader] UserAuthImpl: Asking `keyboard-interactive` method to handle USERAUTH_60 packet
2018-12-19 13:10:13,808 DEBUG [reader] PasswordResponseProvider: Challenge - name=`password`; instruction=`Enter password for xxx@xxx.com`
2018-12-19 13:10:13,809 DEBUG [reader] AuthKeyboardInteractive: Requesting response for challenge `Password:`; echo=false
2018-12-19 13:10:14,407 DEBUG [reader] Promise: Setting <<authenticated>> to `false`
2018-12-19 13:10:14,407 DEBUG [main] UserAuthImpl: `keyboard-interactive` auth failed

What could be happening here?

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:9 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
MatthiasVetscommented, Oct 8, 2020

I have had exactly the same problem with the § char. When we removed that symbol from the password the authentication was successful

1reaction
markusa380commented, Dec 19, 2018

Okay, I could fix it by changing the users password. The old password contained special characters like §, the new one is alphanumeric (while being longer).

Read more comments on GitHub >

github_iconTop Results From Across the Web

Solved: Exhausted available authentication methods - 24518
The " Exhausted available authentication methods" exception indicates that there is a misconfiguration on the host whereby the user specified cannot ...
Read more >
Connection failed. Exhausted available authentication methods
Exhausted available authentication methods means that SSH client tried all possible authentication methods and no one succeeded.
Read more >
SFTP Processors - Exhausted available authentication methods
In version 1.8 this works correctly. In superiors no. Any of the processors: ListSFTP, FetchSFTP, GetSFTP, PutSFTP when connecting to an ...
Read more >
Connection to '192.168.5.6' failed. Exhausted available ...
Exhausted available authentication methods ... I double checked second user credentials - they are valid (I am able to ssh for example via...
Read more >
Exhausted available authentication methods #351 - GitHub
Be sure to copy any password char[] array before passing into sshj API before attempting to re-use that same char[] again as you...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Public RSA-key of host is not verified

Next page

com.hierynomus.sshj.transport.DisconnectionTest > shouldNotThrowTimeoutOnDisconnect FAILED