I'm looking into this issue and so far, I have not been able to reproduce it. I tried the following code:
string username = "test01";
string password = null;
SshPrivateKey key = SshPrivateKey.Generate();
sftp.Login(username, password, key);
But instead of a
NullReferenceException thrown by the second
Login() call, an
ArgumentNullException is thrown by the first
"It would be nice if Sftp would instead proceed to try password authentication if the password is non-null and only throw an exception if that doesn't work."
I understand that this would be useful for your scenario, but it might not be a good idea generally. In most use cases, if a private key is rejected by the server, it means that something is wrong - and still trying the password despite one failure would only waste resources and complicate debugging.
However, we can add an option that would instruct the
Login(userName, password, privateKey) method to try password authentication first. This way, if it succeeded, no private key authentication would occur and it would not matter whether the key is correct or not. This should work for you as well. What do you think?