The test failure seems to be because the test ssh server ratelimits after wg attempts kb-interactive which then leads to a timeout. Given the current flow it will always attempt it once per connection if mentioned as possible method and key or password fails.

Ideally you'd pick up on the partial success result, so it only attempts is if pw or key already succeeded individually. However AuthResult does not seem to provide this feedback, any idea for a workaround to still pick that up? @Eugeny

russh indeed doesn't expose the partial_success flag yet. But I think I've fixed your issue in #1274 - can you please merge or rebase?

Previously Warpgate would try the same RSA key three times with different hash algs, exhausting OpenSSH's auth attempt budget.

Ah I made a mistake in merging indeed, you caught it quicker than me xD

I wonder if it actually works like this, as at the end we will still worst case attempt n*2 attempts when we also attempt keyboard-interactive for every failed connection. Oh well lets see what the test does.

It should work in reality except the cases where the auth limit is <=4 or (very artificial) rsa-sha2-x signature algos are disabled like in that one test - because right now it ends up with:

• Ed25519 attempt
• K-I attempt
• RSA + (best hash) attempt
• K-I attempt
• ssh-rsa fallback
• (OpenSSH default limit of 5 is here)
• K-I attempt

I'll try to add support for partial_success to russh soon 😅

It should work in reality except the cases where the auth limit is <=4 or (very artificial) rsa-sha2-x signature algos are disabled like in that one test - because right now it ends up with:

* Ed25519 attempt

* K-I attempt

* RSA + (best hash) attempt

* K-I attempt

* ssh-rsa fallback

* (OpenSSH default limit of 5 is here)

* K-I attempt

I'll try to add support for partial_success to russh soon 😅

Indeed, succeeds now. Thanks for your help! Support for partial_success would be awesome indeed, as it would simplify this too. However no rush (no pun intended), I think this is one of the very few cases where it is actually nice to have and for now this workaround is good enough.

Also overall Warpgate really is an awesome project, thanks for all your time and dedication in it 😄. And its been a nice way so far for me to dig some more into rust, as I usually work with different toolchains.

Thanks! And thanks for contributing as always

If the stars align I'll have time to try adding partial_success tonight