[sshd] Better user feedback on authentication failure

When authentication fails, JGit produces an exception with an error
message telling the user that it could not log in (including the host
name). The causal chain has an SshException from Apache MINA sshd with
message "No more authentication methods available".

This is not very helpful. The user was left without any indication why
authentication failed.

Include in the exception message a log of all attempted authentications.
That way, the user can see which keys were tried, in which order and
with which signature algorithms. The log also reports authentication
attempts for gssapi-with-mic or password authentication. For
keyboard-interactive Apache MINA sshd is lacking a callback interface.

The way Apache MINA sshd loads keys from files, the file names are lost
in higher layers. Add a mechanism to record on the session for each
key fingerprint the file it was loaded from, if any. That way the
exception message can refer to keys by file name, which is easier to
understand by users than the rather cryptic key fingerprints.

Bug: 571390
Change-Id: Ic4b6ce6b99f307d5e798fcc91b16b9ffd995d224
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

12 files changed, 586 insertions, 61 deletions

diff --git a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
index 3d7c7651c1..a8fcca7b8e 100644
--- a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
+++ b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -789,4 +789,76 @@ public class ApacheSshTest extends SshTestBase {
 			session.disconnect();
 		}
 	}
+
+	private void verifyAuthLog(String message, String first) {
+		assertTrue(message.contains(System.lineSeparator()));
+		String[] lines = message.split(System.lineSeparator());
+		int pubkeyIndex = -1;
+		int passwordIndex = -1;
+		for (int i = 0; i < lines.length; i++) {
+			String line = lines[i];
+			if (i == 0) {
+				assertTrue(line.contains(first));
+			}
+			if (line.contains("publickey:")) {
+				if (pubkeyIndex < 0) {
+					pubkeyIndex = i;
+					assertTrue(line.contains("/userkey"));
+				}
+			} else if (line.contains("password:")) {
+				if (passwordIndex < 0) {
+					passwordIndex = i;
+					assertTrue(line.contains("attempt 1"));
+				}
+			}
+		}
+		assertTrue(pubkeyIndex > 0 && passwordIndex > 0);
+		assertTrue(pubkeyIndex < passwordIndex);
+	}
+
+	@Test
+	public void testAuthFailureMessageCancel() throws Exception {
+		File userKey = new File(getTemporaryDirectory(), "userkey");
+		copyTestResource("id_ed25519", userKey);
+		File publicKey = new File(getTemporaryDirectory(), "userkey.pub");
+		copyTestResource("id_ed25519.pub", publicKey);
+		// Don't set this as the user's key; we do want to try with a wrong key.
+		server.enablePasswordAuthentication();
+		TestCredentialsProvider provider = new TestCredentialsProvider(
+				"wrongpass");
+		TransportException e = assertThrows(TransportException.class,
+				() -> cloneWith("ssh://git/doesntmatter", defaultCloneDir,
+						provider, //
+						"Host git", //
+						"HostName localhost", //
+						"Port " + testPort, //
+						"User " + TEST_USER, //
+						"IdentityFile " + userKey.getAbsolutePath(), //
+						"PreferredAuthentications publickey,password"));
+		verifyAuthLog(e.getMessage(), "canceled");
+	}
+
+	@Test
+	public void testAuthFailureMessage() throws Exception {
+		File userKey = new File(getTemporaryDirectory(), "userkey");
+		copyTestResource("id_ed25519", userKey);
+		File publicKey = new File(getTemporaryDirectory(), "userkey.pub");
+		copyTestResource("id_ed25519.pub", publicKey);
+		// Don't set this as the user's key; we do want to try with a wrong key.
+		server.enablePasswordAuthentication();
+		// Enough passwords not to cancel authentication
+		TestCredentialsProvider provider = new TestCredentialsProvider(
+				"wrongpass", "wrongpass", "wrongpass");
+		TransportException e = assertThrows(TransportException.class,
+				() -> cloneWith("ssh://git/doesntmatter", defaultCloneDir,
+						provider, //
+						"Host git", //
+						"HostName localhost", //
+						"Port " + testPort, //
+						"User " + TEST_USER, //
+						"IdentityFile " + userKey.getAbsolutePath(), //
+						"PreferredAuthentications publickey,password"));
+		verifyAuthLog(e.getMessage(), "log in");
+	}
+
 }
diff --git a/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties b/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties
index 4f735bab34..c676221800 100644
--- a/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties
+++ b/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties
@@ -1,5 +1,22 @@
 authenticationCanceled=SSH authentication canceled: no password given
 authenticationOnClosedSession=Authentication canceled: session is already closing or closed
+authGssApiAttempt={0}: trying mechanism OID {1}
+authGssApiExhausted={0}: no more mechanisms to try
+authGssApiFailure={0}: server refused authentication; mechanism {1}
+authGssApiNotTried={0}: not tried
+authGssApiPartialSuccess={0}: partial success with mechanism OID {1}, continue with authentication methods {2}
+authPasswordAttempt={0}: attempt {1}
+authPasswordChangeAttempt={0}: attempt {1} with password change
+authPasswordExhausted={0}: no more attempts
+authPasswordFailure={0}: server refused (wrong password)
+authPasswordNotTried={0}: not tried
+authPasswordPartialSuccess={0}: partial success, continue with authentication methods {1}
+authPubkeyAttempt={0}: trying {1} key {2} with signature type {3}
+authPubkeyAttemptAgent={0}: trying {1} key {2} from SSH agent with signature type {3}
+authPubkeyExhausted={0}: no more keys to try
+authPubkeyFailure={0}: server refused {1} key {2}
+authPubkeyNoKeys={0}: no keys to try
+authPubkeyPartialSuccess={0}: partial success for {1} key {2}, continue with authentication methods {3}
 cannotReadPublicKey=Cannot read public key from file {0}
 closeListenerFailed=Ssh session close listener failed
 configInvalidPath=Invalid path in ssh config key {0}: {1}
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/AuthenticationLogger.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/AuthenticationLogger.java
new file mode 100644
index 0000000000..add79b35c9
--- /dev/null
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/AuthenticationLogger.java
@@ -0,0 +1,238 @@
+/*
+ * Copyright (C) 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Distribution License v. 1.0 which is available at
+ * https://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+package org.eclipse.jgit.internal.transport.sshd;
+
+import static org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider.getKeyId;
+
+import java.security.KeyPair;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.sshd.client.auth.password.PasswordAuthenticationReporter;
+import org.apache.sshd.client.auth.password.UserAuthPassword;
+import org.apache.sshd.client.auth.pubkey.PublicKeyAuthenticationReporter;
+import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;
+import org.apache.sshd.client.session.ClientSession;
+import org.apache.sshd.common.config.keys.KeyUtils;
+
+/**
+ * Provides a log of authentication attempts for a {@link ClientSession}.
+ */
+public class AuthenticationLogger {
+
+	private final List<String> messages = new ArrayList<>();
+
+	// We're interested in this log only in the failure case, so we don't need
+	// to log authentication success.
+
+	private final PublicKeyAuthenticationReporter pubkeyLogger = new PublicKeyAuthenticationReporter() {
+
+		private boolean hasAttempts;
+
+		@Override
+		public void signalAuthenticationAttempt(ClientSession session,
+				String service, KeyPair identity, String signature)
+				throws Exception {
+			hasAttempts = true;
+			String message;
+			if (identity.getPrivate() == null) {
+				// SSH agent key
+				message = MessageFormat.format(
+						SshdText.get().authPubkeyAttemptAgent,
+						UserAuthPublicKey.NAME, KeyUtils.getKeyType(identity),
+						getKeyId(session, identity), signature);
+			} else {
+				message = MessageFormat.format(
+						SshdText.get().authPubkeyAttempt,
+						UserAuthPublicKey.NAME, KeyUtils.getKeyType(identity),
+						getKeyId(session, identity), signature);
+			}
+			messages.add(message);
+		}
+
+		@Override
+		public void signalAuthenticationExhausted(ClientSession session,
+				String service) throws Exception {
+			String message;
+			if (hasAttempts) {
+				message = MessageFormat.format(
+						SshdText.get().authPubkeyExhausted,
+						UserAuthPublicKey.NAME);
+			} else {
+				message = MessageFormat.format(SshdText.get().authPubkeyNoKeys,
+						UserAuthPublicKey.NAME);
+			}
+			messages.add(message);
+			hasAttempts = false;
+		}
+
+		@Override
+		public void signalAuthenticationFailure(ClientSession session,
+				String service, KeyPair identity, boolean partial,
+				List<String> serverMethods) throws Exception {
+			String message;
+			if (partial) {
+				message = MessageFormat.format(
+						SshdText.get().authPubkeyPartialSuccess,
+						UserAuthPublicKey.NAME, KeyUtils.getKeyType(identity),
+						getKeyId(session, identity), serverMethods);
+			} else {
+				message = MessageFormat.format(
+						SshdText.get().authPubkeyFailure,
+						UserAuthPublicKey.NAME, KeyUtils.getKeyType(identity),
+						getKeyId(session, identity));
+			}
+			messages.add(message);
+		}
+	};
+
+	private final PasswordAuthenticationReporter passwordLogger = new PasswordAuthenticationReporter() {
+
+		private int attempts;
+
+		@Override
+		public void signalAuthenticationAttempt(ClientSession session,
+				String service, String oldPassword, boolean modified,
+				String newPassword) throws Exception {
+			attempts++;
+			String message;
+			if (modified) {
+				message = MessageFormat.format(
+						SshdText.get().authPasswordChangeAttempt,
+						UserAuthPassword.NAME, Integer.valueOf(attempts));
+			} else {
+				message = MessageFormat.format(
+						SshdText.get().authPasswordAttempt,
+						UserAuthPassword.NAME, Integer.valueOf(attempts));
+			}
+			messages.add(message);
+		}
+
+		@Override
+		public void signalAuthenticationExhausted(ClientSession session,
+				String service) throws Exception {
+			String message;
+			if (attempts > 0) {
+				message = MessageFormat.format(
+						SshdText.get().authPasswordExhausted,
+						UserAuthPassword.NAME);
+			} else {
+				message = MessageFormat.format(
+						SshdText.get().authPasswordNotTried,
+						UserAuthPassword.NAME);
+			}
+			messages.add(message);
+			attempts = 0;
+		}
+
+		@Override
+		public void signalAuthenticationFailure(ClientSession session,
+				String service, String password, boolean partial,
+				List<String> serverMethods) throws Exception {
+			String message;
+			if (partial) {
+				message = MessageFormat.format(
+						SshdText.get().authPasswordPartialSuccess,
+						UserAuthPassword.NAME, serverMethods);
+			} else {
+				message = MessageFormat.format(
+						SshdText.get().authPasswordFailure,
+						UserAuthPassword.NAME);
+			}
+			messages.add(message);
+		}
+	};
+
+	private final GssApiWithMicAuthenticationReporter gssLogger = new GssApiWithMicAuthenticationReporter() {
+
+		private boolean hasAttempts;
+
+		@Override
+		public void signalAuthenticationAttempt(ClientSession session,
+				String service, String mechanism) {
+			hasAttempts = true;
+			String message = MessageFormat.format(
+					SshdText.get().authGssApiAttempt,
+					GssApiWithMicAuthFactory.NAME, mechanism);
+			messages.add(message);
+		}
+
+		@Override
+		public void signalAuthenticationExhausted(ClientSession session,
+				String service) {
+			String message;
+			if (hasAttempts) {
+				message = MessageFormat.format(
+						SshdText.get().authGssApiExhausted,
+						GssApiWithMicAuthFactory.NAME);
+			} else {
+				message = MessageFormat.format(
+						SshdText.get().authGssApiNotTried,
+						GssApiWithMicAuthFactory.NAME);
+			}
+			messages.add(message);
+			hasAttempts = false;
+		}
+
+		@Override
+		public void signalAuthenticationFailure(ClientSession session,
+				String service, String mechanism, boolean partial,
+				List<String> serverMethods) {
+			String message;
+			if (partial) {
+				message = MessageFormat.format(
+						SshdText.get().authGssApiPartialSuccess,
+						GssApiWithMicAuthFactory.NAME, mechanism,
+						serverMethods);
+			} else {
+				message = MessageFormat.format(
+						SshdText.get().authGssApiFailure,
+						GssApiWithMicAuthFactory.NAME, mechanism);
+			}
+			messages.add(message);
+		}
+	};
+
+	/**
+	 * Creates a new {@link AuthenticationLogger} and configures the
+	 * {@link ClientSession} to report authentication attempts through this
+	 * instance.
+	 *
+	 * @param session
+	 *            to configure
+	 */
+	public AuthenticationLogger(ClientSession session) {
+		session.setPublicKeyAuthenticationReporter(pubkeyLogger);
+		session.setPasswordAuthenticationReporter(passwordLogger);
+		session.setAttribute(
+				GssApiWithMicAuthenticationReporter.GSS_AUTHENTICATION_REPORTER,
+				gssLogger);
+		// TODO: keyboard-interactive? sshd 2.8.0 has no callback
+		// interface for it.
+	}
+
+	/**
+	 * Retrieves the log messages for the authentication attempts.
+	 *
+	 * @return the messages as an unmodifiable list
+	 */
+	public List<String> getLog() {
+		return Collections.unmodifiableList(messages);
+	}
+
+	/**
+	 * Drops all previously recorded log messages.
+	 */
+	public void clear() {
+		messages.clear();
+	}
+}
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java
index 79b3637caa..cbd6a64140 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -11,6 +11,7 @@ package org.eclipse.jgit.internal.transport.sshd;
 
 import static java.text.MessageFormat.format;
 
+import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Files;
@@ -19,18 +20,24 @@ import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
 import java.security.KeyPair;
 import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.NoSuchElementException;
 import java.util.concurrent.CancellationException;
 
 import javax.security.auth.DestroyFailedException;
 
+import org.apache.sshd.common.AttributeRepository.AttributeKey;
+import org.apache.sshd.client.session.ClientSession;
 import org.apache.sshd.common.NamedResource;
 import org.apache.sshd.common.config.keys.FilePasswordProvider;
+import org.apache.sshd.common.config.keys.KeyUtils;
 import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
 import org.apache.sshd.common.session.SessionContext;
 import org.apache.sshd.common.util.io.resource.IoResource;
@@ -43,6 +50,14 @@ import org.eclipse.jgit.transport.sshd.KeyCache;
 public class CachingKeyPairProvider extends FileKeyPairProvider
 		implements Iterable<KeyPair> {
 
+	/**
+	 * An attribute set on the {@link SessionContext} recording loaded keys by
+	 * fingerprint. This enables us to provide nicer output by showing key
+	 * paths, if possible. Users can identify key identities used easier by
+	 * filename than by fingerprint.
+	 */
+	public static final AttributeKey<Map<String, Path>> KEY_PATHS_BY_FINGERPRINT = new AttributeKey<>();
+
 	private final KeyCache cache;
 
 	/**
@@ -78,6 +93,33 @@ public class CachingKeyPairProvider extends FileKeyPairProvider
 		return () -> iterator(session);
 	}
 
+	static String getKeyId(ClientSession session, KeyPair identity) {
+		String fingerprint = KeyUtils.getFingerPrint(identity.getPublic());
+		Map<String, Path> registered = session
+				.getAttribute(KEY_PATHS_BY_FINGERPRINT);
+		if (registered != null) {
+			Path path = registered.get(fingerprint);
+			if (path != null) {
+				Path home = session
+						.resolveAttribute(JGitSshClient.HOME_DIRECTORY);
+				if (home != null && path.startsWith(home)) {
+					try {
+						path = home.relativize(path);
+						String pathString = path.toString();
+						if (!pathString.isEmpty()) {
+							return "~" + File.separator + pathString; //$NON-NLS-1$
+						}
+					} catch (IllegalArgumentException e) {
+						// Cannot be relativized. Ignore, and work with the
+						// original path
+					}
+				}
+				return path.toString();
+			}
+		}
+		return fingerprint;
+	}
+
 	private KeyPair loadKey(SessionContext session, Path path)
 			throws IOException, GeneralSecurityException {
 		if (!Files.exists(path)) {
@@ -123,13 +165,23 @@ public class CachingKeyPairProvider extends FileKeyPairProvider
 						SshdText.get().identityFileUnsupportedFormat, path));
 			}
 			KeyPair result = keys.next();
+			PublicKey pk = result.getPublic();
+			if (pk != null) {
+				Map<String, Path> registered = session
+						.getAttribute(KEY_PATHS_BY_FINGERPRINT);
+				if (registered == null) {
+					registered = new HashMap<>();
+					session.setAttribute(KEY_PATHS_BY_FINGERPRINT, registered);
+				}
+				registered.put(KeyUtils.getFingerPrint(pk), path);
+			}
 			if (keys.hasNext()) {
 				log.warn(format(SshdText.get().identityFileMultipleKeys, path));
 				keys.forEachRemaining(k -> {
-					PrivateKey pk = k.getPrivate();
-					if (pk != null) {
+					PrivateKey priv = k.getPrivate();
+					if (priv != null) {
 						try {
-							pk.destroy();
+							priv.destroy();
 						} catch (DestroyFailedException e) {
 							// Ignore
 						}
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthentication.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthentication.java
index c3cac0c1df..df01db316b 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthentication.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthentication.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -18,6 +18,7 @@ import java.net.SocketAddress;
 import java.net.UnknownHostException;
 import java.util.Collection;
 import java.util.Iterator;
+import java.util.List;
 
 import org.apache.sshd.client.auth.AbstractUserAuth;
 import org.apache.sshd.client.session.ClientSession;
@@ -71,7 +72,10 @@ public class GssApiWithMicAuthentication extends AbstractUserAuth {
 		if (context != null) {
 			close(false);
 		}
+		GssApiWithMicAuthenticationReporter reporter = session.getAttribute(
+				GssApiWithMicAuthenticationReporter.GSS_AUTHENTICATION_REPORTER);
 		if (!nextMechanism.hasNext()) {
+			reporter.signalAuthenticationExhausted(session, service);
 			return false;
 		}
 		state = ProtocolState.STARTED;
@@ -79,6 +83,7 @@ public class GssApiWithMicAuthentication extends AbstractUserAuth {
 		// RFC 4462 states that SPNEGO must not be used with ssh
 		while (GssApiMechanisms.SPNEGO.equals(currentMechanism)) {
 			if (!nextMechanism.hasNext()) {
+				reporter.signalAuthenticationExhausted(session, service);
 				return false;
 			}
 			currentMechanism = nextMechanism.next();
@@ -102,6 +107,10 @@ public class GssApiWithMicAuthentication extends AbstractUserAuth {
 			state = ProtocolState.FAILED;
 			return false;
 		}
+		if (reporter != null) {
+			reporter.signalAuthenticationAttempt(session, service,
+					currentMechanism.toString());
+		}
 		Buffer buffer = session
 				.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST);
 		buffer.putString(session.getUsername());
@@ -246,4 +255,26 @@ public class GssApiWithMicAuthentication extends AbstractUserAuth {
 		return false;
 	}
 
+	@Override
+	public void signalAuthMethodSuccess(ClientSession session, String service,
+			Buffer buffer) throws Exception {
+		GssApiWithMicAuthenticationReporter reporter = session.getAttribute(
+				GssApiWithMicAuthenticationReporter.GSS_AUTHENTICATION_REPORTER);
+		if (reporter != null) {
+			reporter.signalAuthenticationSuccess(session, service,
+					currentMechanism.toString());
+		}
+	}
+
+	@Override
+	public void signalAuthMethodFailure(ClientSession session, String service,
+			boolean partial, List<String> serverMethods, Buffer buffer)
+			throws Exception {
+		GssApiWithMicAuthenticationReporter reporter = session.getAttribute(
+				GssApiWithMicAuthenticationReporter.GSS_AUTHENTICATION_REPORTER);
+		if (reporter != null) {
+			reporter.signalAuthenticationFailure(session, service,
+					currentMechanism.toString(), partial, serverMethods);
+		}
+	}
 }
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthenticationReporter.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthenticationReporter.java
new file mode 100644
index 0000000000..201a131650
--- /dev/null
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiWithMicAuthenticationReporter.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Distribution License v. 1.0 which is available at
+ * https://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+package org.eclipse.jgit.internal.transport.sshd;
+
+import java.util.List;
+
+import org.apache.sshd.client.session.ClientSession;
+import org.apache.sshd.common.AttributeRepository.AttributeKey;
+
+/**
+ * Callback interface for recording authentication state in
+ * {@link GssApiWithMicAuthentication}.
+ */
+public interface GssApiWithMicAuthenticationReporter {
+
+	/**
+	 * An {@link AttributeKey} for a {@link ClientSession} holding the
+	 * {@link GssApiWithMicAuthenticationReporter}.
+	 */
+	static final AttributeKey<GssApiWithMicAuthenticationReporter> GSS_AUTHENTICATION_REPORTER = new AttributeKey<>();
+
+	/**
+	 * Called when a new authentication attempt is made.
+	 *
+	 * @param session
+	 *            the {@link ClientSession}
+	 * @param service
+	 *            the name of the requesting SSH service name
+	 * @param mechanism
+	 *            the OID of the mechanism used
+	 */
+	default void signalAuthenticationAttempt(ClientSession session,
+			String service, String mechanism) {
+		// nothing
+	}
+
+	/**
+	 * Called when there are no more mechanisms to try.
+	 *
+	 * @param session
+	 *            the {@link ClientSession}
+	 * @param service
+	 *            the name of the requesting SSH service name
+	 */
+	default void signalAuthenticationExhausted(ClientSession session,
+			String service) {
+		// nothing
+	}
+
+	/**
+	 * Called when authentication was succeessful.
+	 *
+	 * @param session
+	 *            the {@link ClientSession}
+	 * @param service
+	 *            the name of the requesting SSH service name
+	 * @param mechanism
+	 *            the OID of the mechanism used
+	 */
+	default void signalAuthenticationSuccess(ClientSession session,
+			String service, String mechanism) {
+		// nothing
+	}
+
+	/**
+	 * Called when the authentication was not successful.
+	 *
+	 * @param session
+	 *            the {@link ClientSession}
+	 * @param service
+	 *            the name of the requesting SSH service name
+	 * @param mechanism
+	 *            the OID of the mechanism used
+	 * @param partial
+	 *            {@code true} if authentication was partially successful,
+	 *            meaning one continues with additional authentication methods
+	 *            given by {@code serverMethods}
+	 * @param serverMethods
+	 *            the {@link List} of authentication methods that can continue
+	 */
+	default void signalAuthenticationFailure(ClientSession session,
+			String service, String mechanism, boolean partial,
+			List<String> serverMethods) {
+		// nothing
+	}
+}
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java
index ff8caaacc0..33c3c608f6 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -11,13 +11,11 @@ package org.eclipse.jgit.internal.transport.sshd;
 
 import static org.apache.sshd.core.CoreModuleProperties.PASSWORD_PROMPTS;
 
-import org.apache.sshd.client.auth.keyboard.UserInteraction;
 import org.apache.sshd.client.auth.password.UserAuthPassword;
 import org.apache.sshd.client.session.ClientSession;
 
 /**
- * A password authentication handler that uses the {@link JGitUserInteraction}
- * to ask the user for the password. It also respects the
+ * A password authentication handler that respects the
  * {@code NumberOfPasswordPrompts} ssh config.
  */
 public class JGitPasswordAuthentication extends UserAuthPassword {
@@ -35,30 +33,11 @@ public class JGitPasswordAuthentication extends UserAuthPassword {
 	}
 
 	@Override
-	protected boolean sendAuthDataRequest(ClientSession session, String service)
-			throws Exception {
+	protected String resolveAttemptedPassword(ClientSession session,
+			String service) throws Exception {
 		if (++attempts > maxAttempts) {
-			return false;
+			return null;
 		}
-		UserInteraction interaction = session.getUserInteraction();
-		if (!interaction.isInteractionAllowed(session)) {
-			return false;
-		}
-		String password = getPassword(session, interaction);
-		if (password == null) {
-			throw new AuthenticationCanceledException();
-		}
-		// sendPassword takes a buffer as first argument, but actually doesn't
-		// use it and creates its own buffer...
-		sendPassword(null, session, password, password);
-		return true;
-	}
-
-	private String getPassword(ClientSession session,
-			UserInteraction interaction) {
-		String[] results = interaction.interactive(session, null, null, "", //$NON-NLS-1$
-				new String[] { SshdText.get().passwordPrompt },
-				new boolean[] { false });
-		return (results == null || results.length == 0) ? null : results[0];
+		return super.resolveAttemptedPassword(session, service);
 	}
 }
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
index 71e8e61585..72f0bdb6ee 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -87,6 +87,11 @@ public class JGitSshClient extends SshClient {
 	public static final AttributeKey<String> PREFERRED_AUTHENTICATIONS = new AttributeKey<>();
 
 	/**
+	 * An attribute key for the home directory.
+	 */
+	public static final AttributeKey<Path> HOME_DIRECTORY = new AttributeKey<>();
+
+	/**
 	 * An attribute key for storing an alternate local address to connect to if
 	 * a local forward from a ProxyJump ssh config is present. If set,
 	 * {@link #connect(HostConfigEntry, AttributeRepository, SocketAddress)}
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitUserInteraction.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitUserInteraction.java
index c51a75bc6f..2a725ea16a 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitUserInteraction.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitUserInteraction.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -120,15 +120,16 @@ public class JGitUserInteraction implements UserInteraction {
 				return null;
 			}).filter(s -> s != null).toArray(String[]::new);
 		}
-		// TODO What to throw to abort the connection/authentication process?
-		// In UserAuthKeyboardInteractive.getUserResponses() it's clear that
-		// returning null is valid and signifies "an error"; we'll try the
-		// next authentication method. But if the user explicitly canceled,
-		// then we don't want to try the next methods...
-		//
-		// Probably not a serious issue with the typical order of public-key,
-		// keyboard-interactive, password.
-		return null;
+		throw new AuthenticationCanceledException();
+	}
+
+	@Override
+	public String resolveAuthPasswordAttempt(ClientSession session)
+			throws Exception {
+		String[] results = interactive(session, null, null, "", //$NON-NLS-1$
+				new String[] { SshdText.get().passwordPrompt },
+				new boolean[] { false });
+		return (results == null || results.length == 0) ? null : results[0];
 	}
 
 	@Override
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java
index 19ad85c83d..39332d9fca 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -29,6 +29,23 @@ public final class SshdText extends TranslationBundle {
 	// @formatter:off
 	/***/ public String authenticationCanceled;
 	/***/ public String authenticationOnClosedSession;
+	/***/ public String authGssApiAttempt;
+	/***/ public String authGssApiExhausted;
+	/***/ public String authGssApiFailure;
+	/***/ public String authGssApiNotTried;
+	/***/ public String authGssApiPartialSuccess;
+	/***/ public String authPasswordAttempt;
+	/***/ public String authPasswordChangeAttempt;
+	/***/ public String authPasswordExhausted;
+	/***/ public String authPasswordFailure;
+	/***/ public String authPasswordNotTried;
+	/***/ public String authPasswordPartialSuccess;
+	/***/ public String authPubkeyAttempt;
+	/***/ public String authPubkeyAttemptAgent;
+	/***/ public String authPubkeyExhausted;
+	/***/ public String authPubkeyFailure;
+	/***/ public String authPubkeyNoKeys;
+	/***/ public String authPubkeyPartialSuccess;
 	/***/ public String closeListenerFailed;
 	/***/ public String cannotReadPublicKey;
 	/***/ public String configInvalidPath;
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java
index b742f5ea42..b94ccc6d4f 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -52,6 +52,8 @@ import org.apache.sshd.sftp.common.SftpException;
 import org.eclipse.jgit.annotations.NonNull;
 import org.eclipse.jgit.errors.TransportException;
 import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile;
+import org.eclipse.jgit.internal.transport.sshd.AuthenticationCanceledException;
+import org.eclipse.jgit.internal.transport.sshd.AuthenticationLogger;
 import org.eclipse.jgit.internal.transport.sshd.JGitSshClient;
 import org.eclipse.jgit.internal.transport.sshd.SshdText;
 import org.eclipse.jgit.transport.FtpChannel;
@@ -119,6 +121,7 @@ public class SshdSession implements RemoteSession2 {
 		ClientSession resultSession = null;
 		ClientSession proxySession = null;
 		PortForwardingTracker portForward = null;
+		AuthenticationLogger authLog = null;
 		try {
 			if (!hops.isEmpty()) {
 				URIish hop = hops.remove(0);
@@ -165,6 +168,7 @@ public class SshdSession implements RemoteSession2 {
 				resultSession.addCloseFutureListener(listener);
 			}
 			// Authentication timeout is by default 2 minutes.
+			authLog = new AuthenticationLogger(resultSession);
 			resultSession.auth().verify(resultSession.getAuthTimeout());
 			return resultSession;
 		} catch (IOException e) {
@@ -173,15 +177,32 @@ public class SshdSession implements RemoteSession2 {
 			close(resultSession, e);
 			if (e instanceof SshException && ((SshException) e)
 					.getDisconnectCode() == SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE) {
-				// Ensure the user gets to know on which URI the authentication
-				// was denied.
+				String message = format(SshdText.get().loginDenied, host,
+						Integer.toString(port));
 				throw new TransportException(target,
-						format(SshdText.get().loginDenied, host,
-								Integer.toString(port)),
-						e);
+						withAuthLog(message, authLog), e);
+			} else if (e instanceof SshException && e
+					.getCause() instanceof AuthenticationCanceledException) {
+				String message = e.getCause().getMessage();
+				throw new TransportException(target,
+						withAuthLog(message, authLog), e.getCause());
 			}
 			throw e;
+		} finally {
+			if (authLog != null) {
+				authLog.clear();
+			}
+		}
+	}
+
+	private String withAuthLog(String message, AuthenticationLogger authLog) {
+		if (authLog != null) {
+			String log = String.join(System.lineSeparator(), authLog.getLog());
+			if (!log.isEmpty()) {
+				return message + System.lineSeparator() + log;
+			}
 		}
+		return message;
 	}
 
 	private ClientSession connect(HostConfigEntry config,
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
index 58cf8e1ddd..c792c1889c 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -13,6 +13,7 @@ import java.io.Closeable;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 import java.security.KeyPair;
 import java.time.Duration;
@@ -34,7 +35,6 @@ import org.apache.sshd.client.auth.UserAuthFactory;
 import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory;
 import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
 import org.apache.sshd.common.NamedFactory;
-import org.apache.sshd.common.SshException;
 import org.apache.sshd.common.compression.BuiltinCompressions;
 import org.apache.sshd.common.config.keys.FilePasswordProvider;
 import org.apache.sshd.common.config.keys.loader.openssh.kdf.BCryptKdfOptions;
@@ -44,7 +44,6 @@ import org.apache.sshd.common.signature.Signature;
 import org.eclipse.jgit.annotations.NonNull;
 import org.eclipse.jgit.errors.TransportException;
 import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile;
-import org.eclipse.jgit.internal.transport.sshd.AuthenticationCanceledException;
 import org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider;
 import org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthFactory;
 import org.eclipse.jgit.internal.transport.sshd.JGitPasswordAuthFactory;
@@ -243,6 +242,12 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
 							JGitSshClient.PREFERRED_AUTHENTICATIONS,
 							defaultAuths);
 				}
+				try {
+					jgitClient.setAttribute(JGitSshClient.HOME_DIRECTORY,
+							home.getAbsoluteFile().toPath());
+				} catch (SecurityException | InvalidPathException e) {
+					// Ignore
+				}
 				// Other things?
 				return client;
 			});
@@ -255,13 +260,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
 			if (e instanceof TransportException) {
 				throw (TransportException) e;
 			}
-			Throwable cause = e;
-			if (e instanceof SshException && e
-					.getCause() instanceof AuthenticationCanceledException) {
-				// Results in a nicer error message
-				cause = e.getCause();
-			}
-			throw new TransportException(uri, cause.getMessage(), cause);
+			throw new TransportException(uri, e.getMessage(), e);
 		}
 	}