Password fallback not working when SSH key authentication fails

[inureyes]

Problem / Background

When bssh attempts SSH connection to certain servers, OpenSSH succeeds but bssh fails.

Symptoms

• SSH connection and key exchange (kex) succeed
• Authentication is attempted with ~/.ssh/id_rsa key but server rejects it (userauth_failure)
• Password fallback logic was implemented in PR fix: Add password fallback and improve SSH debugging for compatibility #80 and fix: Extend password fallback to handle SSH agent authentication failures #85, but it does not work in practice

Reproduction Environment

• When user's id_rsa public key is not registered on the server
• OpenSSH succeeds by falling back to password after key failure
• bssh fails because connection is dropped after key failure

Root Cause Analysis

Root Cause: The russh library disconnects the connection before returning is_authenticated.success() == false when key authentication fails

Log Flow

userauth_failure → drop handle → disconnected SshError(Disconnect)

Issue Details

1. Password fallback logic in connection.rs does not receive KeyAuthFailed error
2. Instead, it receives SshError(Disconnect) or other errors
3. SshError(Disconnect) is excluded from fallback condition matching, so password prompt is not displayed

Proposed Solutions

Apply one or more of the following approaches:

1. Improve error handling after russh authenticate_publickey call

   • Check connection state before and after authentication attempt and handle appropriately

2. Add all error types returned on authentication failure to password fallback conditions

   • Handle additional error types like SshError(Disconnect) as fallback triggers

3. Negotiate password authentication method during SSH algorithm negotiation phase

   • Switch to password authentication on the same connection when key authentication fails

Acceptance Criteria

• Password prompt is displayed correctly when key authentication fails
• Same fallback behavior as OpenSSH is implemented
• Related unit tests added
• Verified testing on various SSH server environments

Technical Considerations

• Analysis of russh library behavior on authentication failure required
• Logic needed to distinguish between connection drop and authentication failure
• For security, password fallback should only work when explicitly allowed by user

References

• PR fix: Add password fallback and improve SSH debugging for compatibility #80: Initial password fallback implementation
• PR fix: Extend password fallback to handle SSH agent authentication failures #85: Additional improvement attempt