From 01484eb5380926953edb50907ce88652e7c5340b Mon Sep 17 00:00:00 2001
From: Zygmunt Krynicki <me@zygoon.pl>
Date: Mon, 30 Jun 2025 07:47:28 +0200
Subject: [PATCH] Add support for keyboard-interactive authentication

This makes spread able to authenticate to systems that do not allow
plaintext passwords but DO allow keyboard-interactive authentication.
Some newer systems use such method as there are some PAM interactions
that prevent plaintext passwords from working (Gentoo).

Fixes: https://github.com/canonical/spread/issues/243

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
---
 spread/client.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/spread/client.go b/spread/client.go
index 9615d532..ec13273c 100644
--- a/spread/client.go
+++ b/spread/client.go
@@ -37,8 +37,20 @@ type Client struct {
 
 func Dial(server Server, username, password string) (*Client, error) {
 	config := &ssh.ClientConfig{
-		User:            username,
-		Auth:            []ssh.AuthMethod{ssh.Password(password)},
+		User: username,
+		Auth: []ssh.AuthMethod{
+			ssh.Password(password),
+			ssh.KeyboardInteractive(func(user, instruction string, questions []string, echos []bool) ([]string, error) {
+				answers := make([]string, len(questions))
+				for i, _ := range questions {
+					if questions[i] == "Password: " {
+						answers[i] = password
+					}
+				}
+
+				return answers, nil
+			}),
+		},
 		Timeout:         10 * time.Second,
 		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
 	}