SSH in Go: unable to authenticate, attempted methods [none], no supported methods remain

Question

I tried to connect to one of my virtual machines using SSH and Go. It works perfectly fine via command line if i do it like so:

ssh root@my_host

I type in the password and it works all good. I tried to do it in Go, here is my code:

package main

import (
    "golang.org/x/crypto/ssh"
    "fmt"
)

func connectViaSsh(user, host string, password string) (*ssh.Client, *ssh.Session) {
    config := &ssh.ClientConfig{
        User: user,
        Auth: []ssh.AuthMethod{ssh.Password(password)},
        HostKeyCallback: ssh.InsecureIgnoreHostKey(),
    }

    client, err := ssh.Dial("tcp", host, config)
    fmt.Println(err)

    session, err := client.NewSession()
    fmt.Println(err)

    return client, session
}


func main() {
    client, _ := connectViaSsh("root", "host:22", "password")
    client.Close()
}

If i run it it returns an error:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

Does anyone have any idea what might cause such an error. It works just fine using paramiko in Python, and in shell but fails in Go. Is there something i'm missing?

Answer 1

As pointed by @JimB and @putu my server doesn't have Password Authentication enabled.

To verify that i ran ssh with verbose option and it gave me back all supported authentication methods. In my case it turned out to be following:

debug1 : Authentications that can continue: publickey,keyboard-interactive,hostbased

So i had 2 options to go with, either enable password authentication on the server or use other method to authenticate.

To enable password authentication connect to your server and open sshd config file like so:

vi /etc/ssh/sshd_config

Find line saying: PasswordAuthentication no

Change it to yes, save changes and restart sshd service: service ssh restart

After that password authentication method starts to work as expected.

Alternatively other methods can be used, i decided to try keyboard-interactive, the one user usually has when connects over the terminal using ssh.

Here is the code snippet that does just that, sends password after password question is asked by remote server:

package main
import (
    "bytes"
    "golang.org/x/crypto/ssh"
    "fmt"
)

func connectViaSsh(user, host string, password string) (*ssh.Client, *ssh.Session) {
    config := &ssh.ClientConfig{
        User: user,
        Auth: []ssh.AuthMethod{
            ssh.KeyboardInteractive(SshInteractive),
        },
        HostKeyCallback: ssh.InsecureIgnoreHostKey(),
    }
    client, err := ssh.Dial("tcp", host, config)
    fmt.Println(err)
    session, err := client.NewSession()
    fmt.Println(err)

    return client, session
}

func SshInteractive(user, instruction string, questions []string, echos []bool) (answers []string, err error) {
    answers = make([]string, len(questions))
    // The second parameter is unused
    for n, _ := range questions {
        answers[n] = "your_password"
    }

    return answers, nil
}

func main() {
    var b bytes.Buffer
    client, session := connectViaSsh("root", "host:22", "password")

    session.Stdout = &b
    session.Run("ls")
    fmt.Println(b.String())

    client.Close()
}

In my case server asks only one question which is password, if your server asks more than that you would need to build an entire chain of answers to feed back in.