fix: Fixed issue with SSH authentication

if the key is resolved and it fails to authenticate, if a password is provided, try to authenticate with the password before returning an error

Author: veeso

CHANGELOG.md

@@ -1,6 +1,7 @@
 # Changelog
 
 - [Changelog](#changelog)
+  - [0.6.3](#063)
   - [0.6.2](#062)
   - [0.6.1](#061)
   - [0.6.0](#060)
@@ -20,6 +21,13 @@
 
 ---
 
+## 0.6.3
+
+Released on 21/07/2025
+
+- Fixed issue with SSH authentication:
+  - if the key is resolved and it fails to authenticate, if a password is provided, try to authenticate with the password before returning an error.
+
 ## 0.6.2
 
 Released on 16/05/2025

Cargo.toml

@@ -10,7 +10,7 @@ license = "MIT"
 name = "remotefs-ssh"
 readme = "README.md"
 repository = "https://github.com/remotefs-rs/remotefs-rs-ssh"
-version = "0.6.2"
+version = "0.6.3"
 rust-version = "1.85.1"
 
 [dependencies]

src/ssh/commons.rs

@@ -15,6 +15,13 @@ use super::SshOpts;
 use super::config::Config;
 use crate::SshAgentIdentity;
 
+/// Authentication method
+#[derive(Debug, Clone, PartialEq, Eq)]
+enum Authentication {
+    RsaKey(PathBuf),
+    Password(String),
+}
+
 // -- connect
 
 /// Establish connection with remote server and in case of success, return the generated [`Session`]
@@ -96,30 +103,44 @@ pub fn connect(opts: &SshOpts) -> RemoteResult<Session> {
 
     // Authenticate with password or key
     if !session.authenticated() {
-        match opts.key_storage.as_ref().and_then(|x| {
+        let mut methods = vec![];
+        // first try with ssh agent
+        if let Some(rsa_key) = opts.key_storage.as_ref().and_then(|x| {
             x.resolve(ssh_config.host.as_str(), ssh_config.username.as_str())
                 .or(x.resolve(
                     ssh_config.resolved_host.as_str(),
                     ssh_config.username.as_str(),
                 ))
         }) {
-            Some(rsa_key) => {
-                session_auth_with_rsakey(
-                    &mut session,
-                    &ssh_config.username,
-                    rsa_key.as_path(),
-                    opts.password.as_deref(),
-                    ssh_config.params.identity_file.as_deref(),
-                )?;
-            }
-            None => {
-                session_auth_with_password(
-                    &mut session,
-                    &ssh_config.username,
-                    opts.password.as_deref(),
-                )?;
+            methods.push(Authentication::RsaKey(rsa_key.clone()));
+        }
+        // then try with password
+        if let Some(password) = opts.password.as_ref() {
+            methods.push(Authentication::Password(password.clone()));
+        }
+
+        // try with methods
+        let mut last_err = None;
+        for auth_method in methods {
+            match session_auth(&mut session, opts, &ssh_config, auth_method) {
+                Ok(_) => {
+                    info!("Authenticated successfully");
+                    return Ok(session);
+                }
+                Err(err) => {
+                    error!("Authentication failed: {err}",);
+                    last_err = Some(err);
+                }
             }
         }
+
+        return Err(match last_err {
+            Some(err) => err,
+            None => RemoteError::new_ex(
+                RemoteErrorType::AuthenticationFailed,
+                "no authentication method provided",
+            ),
+        });
     }
     // Return session
     Ok(session)
@@ -282,15 +303,36 @@ fn session_auth_with_rsakey(
     ))
 }
 
+/// Authenticate on session with the provided [`Authentication`] method.
+fn session_auth(
+    session: &mut Session,
+    opts: &SshOpts,
+    ssh_config: &Config,
+    authentication: Authentication,
+) -> RemoteResult<()> {
+    match authentication {
+        Authentication::RsaKey(private_key) => session_auth_with_rsakey(
+            session,
+            &ssh_config.username,
+            private_key.as_path(),
+            opts.password.as_deref(),
+            ssh_config.params.identity_file.as_deref(),
+        ),
+        Authentication::Password(password) => {
+            session_auth_with_password(session, &ssh_config.username, &password)
+        }
+    }
+}
+
 /// Authenticate on session with username and password
 fn session_auth_with_password(
     session: &mut Session,
     username: &str,
-    password: Option<&str>,
+    password: &str,
 ) -> RemoteResult<()> {
     // Username / password
     debug!("Authenticating with username '{}' and password", username);
-    if let Err(err) = session.userauth_password(username, password.unwrap_or("")) {
+    if let Err(err) = session.userauth_password(username, password) {
         error!("Authentication failed: {}", err);
         Err(RemoteError::new_ex(
             RemoteErrorType::AuthenticationFailed,

src/ssh/sftp.rs

@@ -386,7 +386,7 @@ impl RemoteFs for SftpFs {
             .unwrap()
             .rename(src.as_path(), dest.as_path(), Some(RenameFlags::OVERWRITE))
             .map_err(|e| {
-                error!("Move failed: {}", e);
+                error!("Move failed: {e}",);
                 RemoteError::new_ex(RemoteErrorType::FileCreateDenied, e)
             })
     }
@@ -415,7 +415,7 @@ impl RemoteFs for SftpFs {
             .map(SftpWriteStream::from)
             .map(WriteStream::from)
             .map_err(|e| {
-                error!("Append failed: {}", e);
+                error!("Append failed: {e}",);
                 RemoteError::new_ex(RemoteErrorType::CouldNotOpenFile, e)
             })
         } else {
@@ -437,7 +437,7 @@ impl RemoteFs for SftpFs {
             .map(SftpWriteStream::from)
             .map(WriteStream::from)
             .map_err(|e| {
-                error!("Create failed: {}", e);
+                error!("Create failed: {e}",);
                 RemoteError::new_ex(RemoteErrorType::FileCreateDenied, e)
             })
         } else {
@@ -460,7 +460,7 @@ impl RemoteFs for SftpFs {
             .map(SftpReadStream::from)
             .map(ReadStream::from)
             .map_err(|e| {
-                error!("Open failed: {}", e);
+                error!("Open failed: {e}",);
                 RemoteError::new_ex(RemoteErrorType::CouldNotOpenFile, e)
             })
     }
@@ -481,20 +481,20 @@ impl RemoteFs for SftpFs {
             while bytes < transfer_size {
                 let mut buffer: [u8; 65535] = [0; 65535];
                 let bytes_read = reader.read(&mut buffer).map_err(|e| {
-                    error!("Failed to read from file: {}", e);
+                    error!("Failed to read from file: {e}",);
                     RemoteError::new_ex(RemoteErrorType::IoError, e)
                 })?;
                 let mut delta = 0;
                 while delta < bytes_read {
                     delta += stream.write(&buffer[delta..bytes_read]).map_err(|e| {
-                        error!("Failed to write to stream: {}", e);
+                        error!("Failed to write to stream: {e}",);
                         RemoteError::new_ex(RemoteErrorType::IoError, e)
                     })?;
                 }
                 bytes += bytes_read;
             }
             self.on_written(stream)?;
-            trace!("Written {} bytes to destination", bytes);
+            trace!("Written {bytes} bytes to destination",);
             Ok(bytes as u64)
         } else {
             Err(RemoteError::new(RemoteErrorType::NotConnected))
@@ -515,20 +515,20 @@ impl RemoteFs for SftpFs {
             while bytes < transfer_size {
                 let mut buffer: [u8; 65535] = [0; 65535];
                 let bytes_read = reader.read(&mut buffer).map_err(|e| {
-                    error!("Failed to read from file: {}", e);
+                    error!("Failed to read from file: {e}",);
                     RemoteError::new_ex(RemoteErrorType::IoError, e)
                 })?;
                 let mut delta = 0;
                 while delta < bytes_read {
                     delta += stream.write(&buffer[delta..bytes_read]).map_err(|e| {
-                        error!("Failed to write to stream: {}", e);
+                        error!("Failed to write to stream: {e}",);
                         RemoteError::new_ex(RemoteErrorType::IoError, e)
                     })?;
                 }
                 bytes += bytes_read;
             }
             self.on_written(stream)?;
-            trace!("Written {} bytes to destination", bytes);
+            trace!("Written {bytes} bytes to destination",);
             Ok(bytes as u64)
         } else {
             Err(RemoteError::new(RemoteErrorType::NotConnected))
@@ -544,20 +544,20 @@ impl RemoteFs for SftpFs {
             while bytes < transfer_size {
                 let mut buffer: [u8; 65535] = [0; 65535];
                 let bytes_read = stream.read(&mut buffer).map_err(|e| {
-                    error!("Failed to read from stream: {}", e);
+                    error!("Failed to read from stream: {e}");
                     RemoteError::new_ex(RemoteErrorType::IoError, e)
                 })?;
                 let mut delta = 0;
                 while delta < bytes_read {
                     delta += dest.write(&buffer[delta..bytes_read]).map_err(|e| {
-                        error!("Failed to write to file: {}", e);
+                        error!("Failed to write to file: {e}",);
                         RemoteError::new_ex(RemoteErrorType::IoError, e)
                     })?;
                 }
                 bytes += bytes_read;
             }
             self.on_read(stream)?;
-            trace!("Copied {} bytes to destination", bytes);
+            trace!("Copied {bytes} bytes to destination",);
             Ok(bytes as u64)
         } else {
             Err(RemoteError::new(RemoteErrorType::NotConnected))