Authentication exception - server requires additional authentication with: 'gssapi-with-mic,password'

0 votes
asked Jul 1, 2010 by Doug (130 points)
edited Jul 1, 2010

The administrator of an FTP site recently changed their server configuration, and I am now receiving the following error:

Rebex.Net.SftpException: Authentication was partially successful, but server requires additional authentication with: 'gssapi-with-mic,password'

The release notes seem to indicate that Build 3479 supports GSSAPI (I'm using build 3793), but I haven't been able to find any examples of how to enable GSSAPI (and I freely admit I don't know anything about GSSAPI).

Here is the code snippet I'm using to connect using SFTP:

        _connection = new Sftp();

        _connection.Connect(hostname);

        Assembly assembly = Assembly.GetExecutingAssembly();

        using (Stream stream = assembly.GetManifestResourceStream(keyFileName))
        {
            SshPrivateKey key = new SshPrivateKey(stream, sshPassword);

            _connection.Login(userName, key);
        }

What do I need to change to get GSSAPI working?

Applies to: Rebex SFTP

1 Answer

+1 vote
answered Jul 1, 2010 by Lukas Pokorny (102,170 points)
edited Jul 1, 2010

I'm not sure that using GSSAPI is really a necessity. The most likely explanation of this issue is thatthe SFTP site used to accept private-key-based authentication until recently, but changed their policy to require a password authentication in addition to private-key authentication. This additional authentication can be done either by "password" or "gssapi-with-mic" authentication methods. I that case, I would expect them to inform you about this and make it possible to set the password. The you could simply change your code to:

_connection.Login(userName, password, key)

With GSSAPI, it is also possible to perform a password-less authentication, but for this to work, some kind of trust would have to be established between your Windows domain and their SFTP server's domain, otherwise password would be needed as well. If you don't know what GSSAPI is, it's far more likely that GSSAPI is just one of the authentication algorithms the server supports, not that you must use it.

Asking the SFTP server administrator looks like the best thing to do.

Rebex SFTP doesn't currently support a combined private-key/GSSAPI authetication, but if it turns out this is required in this case, we are ready to add it to the next release.

Are you able to connect to this server using any third-part SFTP client?

...