Add handling for missing or wrong key file password

Pennyw0rth · Jan 2, 2025 · b02fff7 · b02fff7
1 parent 1219423
commit b02fff7
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/nxc/protocols/ssh.py b/nxc/protocols/ssh.py
@@ -187,7 +187,6 @@ def check_if_admin_sudo(self):
     def plaintext_login(self, username, password, private_key=""):
         self.username = username
         self.password = password
-        stdout = None
         try:
             if self.args.key_file or private_key:
                 self.logger.debug(f"Logging {self.host} with username: {username}, keyfile: {self.args.key_file}")
@@ -228,12 +227,15 @@ def plaintext_login(self, username, password, private_key=""):
             # Some IOT devices will not raise exception in self.conn._transport.auth_password / self.conn._transport.auth_publickey
             _, stdout, _ = self.conn.exec_command("id")
             stdout = stdout.read().decode(self.args.codec, errors="ignore")
-        except AuthenticationException:
-            self.logger.fail(f"{username}:{process_secret(password)}")
+        except AuthenticationException as e:
+            if "Private key file is encrypted" in str(e):
+                self.logger.fail(f"{username}:{process_secret(password)} Could not load private key, error: {e}")
+            else:
+                self.logger.fail(f"{username}:{process_secret(password)}")
         except SSHException as e:
             if "Invalid key" in str(e):
-                self.logger.fail(f"{username}:{process_secret(password)} Could not decrypt private key, error: {e}")
-            if "Error reading SSH protocol banner" in str(e):
+                self.logger.fail(f"{username}:{process_secret(password)} Could not decrypt private key, invalid password")
+            elif "Error reading SSH protocol banner" in str(e):
                 self.logger.error(f"Internal Paramiko error for {username}:{process_secret(password)}, {e}")
             else:
                 self.logger.exception(e)