Dual Authentication (Key + Password)

[sevsev9]

Hi!

I've been trying to get SFTP to work with a server that requires both key and username/password authentication, but I can't seem to make it work.

I've been combing through the examples and the docs.rs (client::Config, etc.) but I can't seem to figure it out.

Is this feature currently supported? Has anyone done it before?

Any help would be greatly appreciated.

Thanks!

OpenSSH Server Configuration

1. /etc/ssh/sshd_config:

PasswordAuthentication yes
PubkeyAuthentication yes
AuthenticationMethods publickey,password

Restart the SSH service:

sudo systemctl restart ssh

2. Running SSH manually on the same machine works fine:

ssh -i /path/to/private_key [email protected]

Environment:

• russh crate version: 0.49
• russh-sftp crate version: 2.0.6
• russh-keys crate version: 0.49
• Rust version: rustc 1.86.0
• OS: Ubuntu 24.04 LTS
• SSH Server: OpenSSH_8.9p1

[Eugeny]

Hard to say without the code, but you don't need to do anything except call authenticate_password, receive the expected Ok(false), and then call authenticate_publickey

[sevsev9]

Thanks! I've got it working almost as you said (first key, then password). Should I maybe distil an example for this?

[Eugeny]

I'd say it's implementation specific as the SSH protocol has no actual provision for requiring multiple authentication methods.
There is no physical distinction between the server rejecting the key because it's wrong and rejecting it because it's right but it needs a password too.