SFTP authentication failure errors are ugly and confusing
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Bazaar |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Here's an example transcript reported on #launchpad recently:
matt@kalliope:
The authenticity of host 'bazaar.
RSA key fingerprint is 9d:38:3a:
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bazaar.
Permission denied (publickey).
bzr: ERROR: exceptions.
at /usr/lib/
in _read_all
First, nowhere does this say something simple and clear like "Login failed", which is the problem.
Also, the traceback shouldn't be shown to the user, it obscures the "Permission denied (publickey)" which is the most informative part of the output at the moment. To be fair to the current message, it's good that this mentions the type of authentication method(s) involved, as this can vary depending on the server (e.g. bazaar.
Finally, it should report the username that it failed to log in, as that's a common cause of confusion, particularly with the bazaar.
i.e., here's what I'd hope to see:
matt@kalliope:
[...warnings about host keys, if any...]
bzr: ERROR: Failed to login user "matt" (publickey).
Reporting the username may require changes to OpenSSH, I don't think bzr has any way of knowing what username it tried at the moment.
| John A Meinel (jameinel) wrote | #1 |
| Changed in bzr: | |
| importance: | Untriaged → Medium |
| status: | Unconfirmed → Confirmed |
| John A Meinel (jameinel) wrote | #2 |
| Changed in bzr: | |
| status: | Confirmed → Fix Released |
In general, we need to handle EOFError from SFTPSubprocess better.
Not really a blocker for 0.9, though.