Invalid Credentials error from server when using correct credentials

Feb 6, 2012 at 9:15 PM

I am writing code to connect to a Sun Integrated Lights Out Management (ILOM) card. I can connect to this host via PuTTY. However, when I use the same credentials under SSH.Net, the server replies with "Invalid credentials." I'm trying to understand why. I've run this several times so I'm confident that I'm using the correct credentials.

I'm not 100% sure my code is correct; I'm hoping this is where the problem is and that someone else can point out what I've done wrong.

Can anyone suggest reasons that this won't work as expected?

 

private void DoTest(Test t)
        {
            KeyboardInteractiveConnectionInfo connectionInfo = new KeyboardInteractiveConnectionInfo(t.machineName, 22, username);
            connectionInfo.AuthenticationPrompt += kAuth_AuthenticationPrompt;
            SshClient ssh = new SshClient(connectionInfo);
            ssh.Connect();
            SshCommand cmd = ssh.RunCommand("show -d targets /SP/users");
            System.Diagnostics.Debug.WriteLine(cmd.Result);
        }

        void kAuth_AuthenticationPrompt(object sender, Renci.SshNet.Common.AuthenticationPromptEventArgs e)
        {
            Console.WriteLine(e.Instruction);

            foreach (var prompt in e.Prompts)
            {
                if (prompt.Request.Substring(0, 8).Equals("password", StringComparison.InvariantCultureIgnoreCase))
                {
                    prompt.Response = password;
                    System.Diagnostics.Debug.WriteLine("setting password to '" + password + "'");
                }
            }
        }

The output I get is:

SshNet.Logging Verbose: 1 : Initiating connect to ':22'.
SshNet.Logging Verbose: 1 : Server version '2.0' on 'OpenSSH_3.8.1p1'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'KeyExchangeInitMessage': 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 1 : SendMessage to server 'KeyExchangeInitMessage': 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 1 : SendMessage to server 'KeyExchangeDhGroupExchangeRequest': 'SSH_MSG_KEX_DH_GEX_REQUEST'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'KeyExchangeDhGroupExchangeGroup': 'SSH_MSG_KEX_DH_GEX_GROUP'.
SshNet.Logging Verbose: 1 : SendMessage to server 'KeyExchangeDhGroupExchangeInit': 'SSH_MSG_KEX_DH_GEX_INIT'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'KeyExchangeDhGroupExchangeReply': 'SSH_MSG_KEX_DH_GEX_REPLY'.
SshNet.Logging Verbose: 1 : SendMessage to server 'NewKeysMessage': 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'NewKeysMessage': 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 1 : SendMessage to server 'ServiceRequestMessage': 'SSH_MSG_SERVICE_REQUEST'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'ServiceAcceptMessage': 'SSH_MSG_SERVICE_ACCEPT'.
SshNet.Logging Verbose: 1 : SendMessage to server 'RequestMessageNone': 'SSH_MSG_USERAUTH_REQUEST'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'FailureMessage': 'SSH_MSG_USERAUTH_FAILURE'.
SshNet.Logging Verbose: 1 : SendMessage to server 'RequestMessageKeyboardInteractive': 'SSH_MSG_USERAUTH_REQUEST'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'InformationRequestMessage': 'SSH_MSG_USERAUTH_INFO_REQUEST'.
setting password to 'xxxxxxxx'

SshNet.Logging Verbose: 1 : SendMessage to server 'InformationResponseMessage': 'SSH_MSG_USERAUTH_INFO_RESPONSE'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'InformationRequestMessage': 'SSH_MSG_USERAUTH_INFO_REQUEST'.

SshNet.Logging Verbose: 1 : SendMessage to server 'InformationResponseMessage': 'SSH_MSG_USERAUTH_INFO_RESPONSE'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'SuccessMessage': 'SSH_MSG_USERAUTH_SUCCESS'.
SshNet.Logging Verbose: 1 : SendMessage to server 'ChannelOpenMessage': 'SSH_MSG_CHANNEL_OPEN : #0'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'ChannelOpenConfirmationMessage': 'SSH_MSG_CHANNEL_OPEN_CONFIRMATION : #0'.
SshNet.Logging Verbose: 1 : SendMessage to server 'ChannelRequestMessage': 'SSH_MSG_CHANNEL_REQUEST : #0'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'ChannelWindowAdjustMessage': 'SSH_MSG_CHANNEL_WINDOW_ADJUST : #0'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'ChannelSuccessMessage': 'SSH_MSG_CHANNEL_SUCCESS : #0'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'ChannelDataMessage': 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'ChannelDataMessage': 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'ChannelRequestMessage': 'SSH_MSG_CHANNEL_REQUEST : #0'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'ChannelEofMessage': 'SSH_MSG_CHANNEL_EOF : #0'.
SshNet.Logging Verbose: 1 : ReceiveMessage from server: 'ChannelCloseMessage': 'SSH_MSG_CHANNEL_CLOSE : #0'.
SshNet.Logging Verbose: 1 : SendMessage to server 'ChannelCloseMessage': 'SSH_MSG_CHANNEL_CLOSE : #0'.
shell: Invalid credentials
Coordinator
Feb 6, 2012 at 9:28 PM

Hi,

 

When it display you a prompt, does it only asks for password or also for username?

May be it also require you to provide username when it prompts you to?

 

Oleg

Feb 10, 2012 at 2:40 PM

Oleg, I appreciate your reply. I did put a breakpoint in the foreach loop and verified the only prompt I'm getting is for the password.

I'm banging my head on this one; I've double and triple checked my code and I'm confident that I'm sending the correct credentials.

Can anyone offer an explanation for what might be causing this?

Oleg, would using the Shell object rather than the SshCommand object make any difference here?

Coordinator
Feb 10, 2012 at 2:55 PM

Hi,

 

No, using sshcommand vs shell will not make any differnce since connection stage is the same for everything, no matter what you use.

 

I will try to take a look at it later as I am busy with reworking Shell and some other project.

 

Please bug me again some time next week.

 

Thanks,

Oleg

Feb 10, 2012 at 8:18 PM

Interestingly, when I log on with bad credentials through PuTTY, I get "Access denied." But going through SSH.NET I get "Invalid credentials."

I have no idea what to make of that. I'm afraid I don't know as much about SSH as I should to be able to properly troubleshoot this. If there's any further debug information I could generate that would be beneficial, please let me know.

Coordinator
Feb 10, 2012 at 8:44 PM

Well, just an idea,

to ensure that putty uses password authentication only , in Putty, go to Connection->SSH->Auth and uncheck "Attempt...." check boxes, this way it will use only password authentication....

I think :)

 

Let me know what it tells you or actually allows you to do.

 

Thanks,

Oleg

Feb 10, 2012 at 8:59 PM
Edited Feb 10, 2012 at 8:59 PM

PuTTY allows me to log on when only "Attempt keyboard-interactive auth" is checked. When none of the "Attempt..." boxes is checked, I type the username and before I get prompted for a password I get a messagebox that says, "Disconnected. No supported authentication methods available."

Coordinator
Feb 11, 2012 at 6:22 PM

Hi,

 

From "No supported authentication methods available." message it appears that server supports only keyboard interactive method.

 

I guess you have to investigate prompt more carefully and see what it wants as an input.

I think its server specific at this point. I can take a look at it if you like but you will need to provide me with some test username password to this server.

 

Hope it helps,

Thanks,

Oleg

Feb 13, 2012 at 5:14 PM

Oleg, I can't thank you enough for your help. I really wish I could provide you with a host to test with, but Big Corporate Governance won't let me.

I find that if I pass the correct username and password, the KeyboardInteractiveConnectinInfo shows IsAuthenticated = true after I connect, but I get an Invalid Credentials if I invoke SshCommand.Execute() on a command object created with CreateCommand() on an SshClient object to which I passed my KeyboardInteractiveConnectionInfo in the constructor.

If I pass bogus credentials, I get an exception when I call Connect().

I'm afraid I don't understand SSH well enough to discuss this intelligently. I wish I could provide more information to help you help me.

1 KeyboardInteractiveConnectionInfo connectionInfo = new KeyboardInteractiveConnectionInfo(t.machineName, username);
2 connectionInfo.AuthenticationPrompt += kAuth_AuthenticationPrompt;
3 SshClient ssh = new SshClient(connectionInfo);
4 ssh.Connect(); <--this appears to work with correct creds, exception otherwise
5 SshCommand cmd = ssh.CreateCommand("ls");
6 cmd.Execute(); <-- I get back "invalid credentials" in cmd.Result
7 ssh.Disconnect();

After line 4, connectionInfo.IsAuthenticated = true. (This line throws an exception if I pass known-bad username/password.)

Line 6 is where I get back "Invalid Credentials" from the server. Running this command via PuTTY works.

Am I missing a step in this sequence? Are there other options that I'm not setting or calls that I'm not making?

Here's the code where I handle the authentication prompts. I only get one prompt, and since I don't get an exception when I use the correct credentials, I assume it's working.

 void kAuth_AuthenticationPrompt(object sender, Renci.SshNet.Common.AuthenticationPromptEventArgs e)
        {
                       foreach (Renci.SshNet.Common.AuthenticationPrompt prompt in e.Prompts)
            {
                if (prompt.Request.Substring(0, 8).Equals("password", StringComparison.InvariantCultureIgnoreCase))
                {
                    prompt.Response = (password);
                }
            }
        }

 

KeyboardInteractiveConnectionInfo connectionInfo = new KeyboardInteractiveConnectionInfo(t.machineName, username);
            connectionInfo.AuthenticationPrompt += kAuth_AuthenticationPrompt;
            SshClient ssh = new SshClient(connectionInfo);
            System.Diagnostics.Debug.WriteLine("connecting...");
            ssh.Connect();
            System.Diagnostics.Debug.WriteLine("ssh.Connect() returned.");
            System.Diagnostics.Debug.WriteLine("SSH Connected: " + ssh.IsConnected);
            System.Diagnostics.Debug.WriteLine("Is authenticated: " + ssh.ConnectionInfo.IsAuthenticated);
            System.Diagnostics.Debug.WriteLine("Creating command...");
            SshCommand cmd = ssh.CreateCommand("ls");
            System.Diagnostics.Debug.WriteLine("Executing command...");
            cmd.Execute();
            System.Diagnostics.Debug.WriteLine("Command executed.");
            System.Diagnostics.Debug.WriteLine("Command result: " + cmd.Result);
            ssh.Disconnect();
KeyboardInteractiveConnectionInfo connectionInfo = new KeyboardInteractiveConnectionInfo(t.machineName, username);
            connectionInfo.AuthenticationPrompt += kAuth_AuthenticationPrompt;
            SshClient ssh = new SshClient(connectionInfo);
            ssh.Connect();
            SshCommand cmd = ssh.CreateCommand("ls");
            cmd.Execute();
            ssh.Disconnect();
Coordinator
Feb 13, 2012 at 11:23 PM

Well,

 

Without access to it I cant really help much.

 

The only thing I can offer at this point, since you say it works with putty, is to start logging on the putty, so it could record all packets it sends back and forth, execute the command and when you done send this log to me, privately of course, and I will be able to see if putty does anything differnt when it connects to your server.

 

Thanks,

Oleg