Menu

Saved Password gets authentication failure

2019-07-18
2019-07-29
  • Scott Steeves

    Scott Steeves - 2019-07-18

    Per this old discussion, https://sourceforge.net/p/poderosa/discussion/455997/thread/ee29663d/#ebe5, I changed org.poderosa.protocols.readSerializedPassword and org.poderosa.protocols.savePassword to True. I then created a new SSH connection and entered the password and logged in. I then exited Poderosa, started it again and selected that site from the MRU list. I immediately got "User authentication failed." I also tried setting the PlainText option to true, but that didn't help.

    Do saved password work for anyone else in 4.4.4?
    Am I doing something wrong?

     
  • Iwasa Kazmi

    Iwasa Kazmi - 2019-07-20

    To make the Poderosa remember the password, these three internal options must be set.

    org.poderosa.protocols.readSerializedPassword = True
    org.poderosa.protocols.retainPassphrase = True
    org.poderosa.protocols.savePassword = True

     
  • Scott Steeves

    Scott Steeves - 2019-07-22

    I set these, created a new SSH connected to a new host, and logged in.
    I then exited Poderosa and started it again. When I attempted to log into that host I got the same error, "User authentication failed"

     
  • Iwasa Kazmi

    Iwasa Kazmi - 2019-07-23

    When the "New Session" dialog is opened for the first time, the remembered password will be shown in the "Passphrase" box as the masked text.
    (see attachment image)
    If the Passphrase box was empty, the password is not saved correctly.
    You can check the saved settings in the %APPDATA%\Poderosa\options.conf.

    If you are using public key authentication, the message "User authentication failed" means that
    the password was correct, but the key was not accepted by the server.

    If you are using password authentication, the message means that the password is incorrect.
    Maybe the remembered password is broken.
    It should not be happened, but I have not faced such case.

     
  • Scott Steeves

    Scott Steeves - 2019-07-23

    I set those settings. See attached image 1_settings.png.
    I then created a new SSH session, entered Host, Account and Passphrase. See attached image 2_session.png.
    I logged in. I then logged out, and closed the window.
    I clicked on File... and the MRU entry for that new entry.
    The password field is already filled in. See attached image 3_login.png.
    I clicked the OK button and I connected. I then logged out and closed Poderosa.

    options.conf contains:

      org.poderosa.protocols {
        retainPassphrase=True
        cipherAlgorithmOrder=AES256CTR;AES256;AES192CTR;AES192;AES128CTR;AES128;Blowfish;TripleDES
        hostKeyAlgorithmOrder=ED25519;ECDSA_SHA2_NISTP521;ECDSA_SHA2_NISTP384;ECDSA_SHA2_NISTP256;RSA;DSA
        readSerializedPassword=True
        savePassword=True
      }
    

    and

          Poderosa.Usability.MRUItem {
              Poderosa.Protocols.SSHLoginParameter {
              destination=10.189.55.101
              account=admin
              password=raU/eXXXXXXXXXX6g1Aw==
              enableAgentForwarding=False
              enableX11Forwarding=False
            }
            Poderosa.Terminal.TerminalSettings {
              encoding=UTF8
              caption=10.189.55.101
            }
          }
    

    I then started Poderosa again. I clicked on File... and the MRU entry for this host.
    After a few seconds, I get an error box "User authentication failed." See attached image 4_failed.png.

    I exited Poderosa.
    options.conf has changed the password line for that host. As shown above it was:
    password=raU/eNeioXXXXXXVL6g1Aw==
    But it is now:
    password=tnOWXXXX7qU=
    Note the differences in length of the string and the trailing == vs =

    I deleted that MRU entry from options.conf and started Poderosa.
    I then set savePlainTextPassword=True
    I recreated that MRU entry, logged in, logged out and exited Poderosa.
    options.conf showed the password in plain text, as expected.
    passphrase=SwoXXX1sh
    Note that this says "passphrase" this time, not "password" as above, even though everything was identical, just the PlainText setting changed.

    I started Poderosa again, and tried to connect to that host. I got the same error as above, User authentication failed.
    I exited Poderosa.
    In options.conf, the password was now set to an empty string:
    passphrase=

     

    Last edit: Scott Steeves 2019-07-23
  • Iwasa Kazmi

    Iwasa Kazmi - 2019-07-24

    Thank you for the detailed information!

    I could find the root cause.
    The connecting from MRU has problem.

    1. Poderosa always clears password when a new connection was attempted from MRU.
      The internal options to remember the password are not respected.

    2. Poderosa skips showing simple dialog on the first attempt to connect from MRU.
      It is a bug.

    I will fix them this weekend.

     
  • Scott Steeves

    Scott Steeves - 2019-07-24

    Awesome. Thanks!

     
  • Iwasa Kazmi

    Iwasa Kazmi - 2019-07-28

    Poderosa 4.4.5 has been released.
    When a new connection was opened from MRU, remembered password is used silently.

    The option "org.poderosa.protocols.retainPassphrase" was obsoleted.
    So only these two options have to be set for remembering passwords.

    org.poderosa.protocols.readSerializedPassword = True
    org.poderosa.protocols.savePassword = True

     
  • Scott Steeves

    Scott Steeves - 2019-07-29

    Many thanks! It works perfectly.

     

Log in to post a comment.