[crypto] ssh: Make error message deterministic

11 views
Skip to first unread message

Han-Wen Nienhuys (Gerrit)

unread,
Jun 22, 2020, 5:36:29 PM6/22/20
to Gerrit Bot, Julian Kornberger, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Gobot Gobot, Filippo Valsorda, golang-co...@googlegroups.com

Han-Wen Nienhuys submitted this change.

View Change

Approvals: Han-Wen Nienhuys: Looks good to me, approved; Run TryBots Gobot Gobot: TryBots succeeded 
ssh: Make error message deterministic

By using a slice instead of a map for tried authentication methods the order is always the same. Small slices are also faster than maps.

Before the change sometimes I get the error:

    ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

and sometimes:

    ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain

Change-Id: I06507d57e9eef497ff05bce088d52607e69dde3e
GitHub-Last-Rev: 3a46aae4c6e3e5f52ca4b04384b3cc4efc039aa6
GitHub-Pull-Request: golang/crypto#142
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/239171
Reviewed-by: Han-Wen Nienhuys <han...@google.com>
Run-TryBot: Han-Wen Nienhuys <han...@google.com>
TryBot-Result: Gobot Gobot <go...@golang.org>
---
M ssh/client_auth.go
1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/ssh/client_auth.go b/ssh/client_auth.go
index 0590070..f326565 100644
--- a/ssh/client_auth.go
+++ b/ssh/client_auth.go
@@ -36,7 +36,7 @@
 
 	// during the authentication phase the client first attempts the "none" method
 	// then any untried methods suggested by the server.
-	tried := make(map[string]bool)
+	var tried []string
 	var lastMethods []string
 
 	sessionID := c.transport.getSessionID()
@@ -49,7 +49,9 @@
 			// success
 			return nil
 		} else if ok == authFailure {
-			tried[auth.method()] = true
+			if m := auth.method(); !contains(tried, m) {
+				tried = append(tried, m)
+			}
 		}
 		if methods == nil {
 			methods = lastMethods
@@ -61,7 +63,7 @@
 	findNext:
 		for _, a := range config.Auth {
 			candidateMethod := a.method()
-			if tried[candidateMethod] {
+			if contains(tried, candidateMethod) {
 				continue
 			}
 			for _, meth := range methods {
@@ -72,16 +74,16 @@
 			}
 		}
 	}
-	return fmt.Errorf("ssh: unable to authenticate, attempted methods %v, no supported methods remain", keys(tried))
+	return fmt.Errorf("ssh: unable to authenticate, attempted methods %v, no supported methods remain", tried)
 }
 
-func keys(m map[string]bool) []string {
-	s := make([]string, 0, len(m))
-
-	for key := range m {
-		s = append(s, key)
+func contains(list []string, e string) bool {
+	for _, s := range list {
+		if s == e {
+			return true
+		}
 	}
-	return s
+	return false
 }
 
 // An AuthMethod represents an instance of an RFC 4252 authentication method.

To view, visit change 239171. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: crypto
Gerrit-Branch: master
Gerrit-Change-Id: I06507d57e9eef497ff05bce088d52607e69dde3e
Gerrit-Change-Number: 239171
Gerrit-PatchSet: 4
Gerrit-Owner: Gerrit Bot <letsus...@gmail.com>
Gerrit-Reviewer: Gobot Gobot <go...@golang.org>
Gerrit-Reviewer: Han-Wen Nienhuys <han...@google.com>
Gerrit-Reviewer: Julian Kornberger <goo...@digineo.de>
Gerrit-CC: Filippo Valsorda <fil...@golang.org>
Gerrit-MessageType: merged
Reply all
Reply to author
Forward
0 new messages