PrivateKeyFile auth failed

Feb 10, 2012 at 3:38 PM
PrivateKeyFile key = new PrivateKeyFile(keypath);
using (SshClient client = new SshClient(host, port, user, key))
{
    client.Connect();
    ........
}

It fails on line 546 of Session.cs
if (!this._isAuthenticated)
{
    throw new SshAuthenticationException("User cannot be authenticated.");
}

I have puttygen generated key (say mykey.ppk) from which I exported public key:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBeLMp7qKyC/G8vhVyT0EoPbcioSwj/uo4jB0+wwHx8j1NdOEQySAdPsuJBYJ5dWnB26wWI2BC+lr39KVF/tGDslGOa9St0PWbtCeWZGRtzvKARgAvTzzCeUK9VEjGRukf5AqfR2xBN8TLUx3AXguEi9vEKF+g+KZuElLC62zX86w== qmarco


This public key has been saved into ~/.ssh/authorized_keys file, making putty connect succesfully.
From ppk file I exported private key too and saved it (say keypath).
Key from keypath is red correctly, but when I try to connect I see this lines inside /var/log/auth.log:

Feb 10 15:03:32 ubuntusrv sshd[1280]: Connection from 192.168.1.2 port 3005
Feb 10 15:03:32 ubuntusrv sshd[1280]: debug1: Client protocol version 2.0; client software version Renci.SshNet.SshClient.0.0.1
Feb 10 15:03:32 ubuntusrv sshd[1280]: debug1: no match: Renci.SshNet.SshClient.0.0.1
Feb 10 15:03:32 ubuntusrv sshd[1280]: debug1: Enabling compatibility mode for protocol 2.0
Feb 10 15:03:32 ubuntusrv sshd[1280]: debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: PAM: initializing for "root"
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: PAM: setting PAM_RHOST to "qmarco.homenet.telecomitalia.it"
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: PAM: setting PAM_TTY to "ssh"
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1023
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1023
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: trying public key file /root/.ssh/authorized_keys
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: fd 4 clearing O_NONBLOCK
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Feb 10 15:03:33 ubuntusrv sshd[1280]: Found matching RSA key: b1:aa:fc:f5:c5:69:ef:a3:4e:db:27:83:87:87:f2:50
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: restore_uid: 0/0
Feb 10 15:03:33 ubuntusrv sshd[1280]: error: RSA_public_decrypt failed: error:0407006A:lib(4):func(112):reason(106)
Feb 10 15:03:33 ubuntusrv sshd[1280]: debug1: ssh_rsa_verify: signature incorrect
Feb 10 15:03:33 ubuntusrv sshd[1280]: Failed publickey for root from 192.168.1.2 port 3005 ssh2

I don't understand: it says "Found matching RSA key:" but cannot dectypt it....
Why? I'm sure it's a personal mistake, but I'm not able to understand which one...
Thanks for your help !!
Coordinator
Feb 10, 2012 at 3:43 PM

Hi,

Do you have you key encrypted? If so how?

Also, can you generate a new encrypted public and private key and send it to me, via e-mail if you like, so I could see if I can recreate the problem.

 

Thanks,

Oleg

Feb 10, 2012 at 5:22 PM
Edited Feb 10, 2012 at 6:33 PM

I used puttygen to create ppk file (and to export private key in openssh format).
Key type is SSH2-RSA.

PPK file (with no protection password)

PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: qmarco
Public-Lines: 4
AAAAB3NzaC1yc2EAAAABJQAAAIBeLMp7qKyC/G8vhVyT0EoPbcioSwj/uo4jB0+w
wHx8j1NdOEQySAdPsuJBYJ5dWnB26wWI2BC+lr39KVF/tGDslGOa9St0PWbtCeWZ
GRtzvKARgAvTzzCeUK9VEjGRukf5AqfR2xBN8TLUx3AXguEi9vEKF+g+KZuElLC6
2zX86w==
Private-Lines: 8
AAAAgDf+9O+UuZn94T7ZrKrqjOaUTcvZlqXki915+Ag7GZYrtQb+3HDsjrnETy3K
vwcTLh0xy/CAeKisqFFW1oNIqFSYpyPeg6FbuA1YZ0w3+if6RUmTSO60/ROHOsSe
U1apIdvXd2OfK9vJloMD32R/+h+1+ZyF5WB+Xu5txBF1ATEtAAAAQQCdMr3NxabZ
M3d4eiOjwwUS9ZJeYnaa3B07Pub49miZPMquJKtCGqNUIHOpOt6jCkls3oEtGn8I
0MjfPQtBKSghAAAAQQCZXZUxK1VJ8kfZ1QDoqBQnqlTYgCjVZQ7JR8ZUxkXtUjyY
rrk7ztA+ZrNR4GzxVRiSNI1PbuKpWZ8UHkxsitOLAAAAQG0B72NQs2Rb9oWPZ7Zn
sOhybpilPzlJZfPnJQtuDnpNhDVtvoXjPAHotaDaG8f9IS5L+JT8cDCcA+r3b8xi
BsA=
Private-MAC: 753c8a38e383599ecdb13a821254d7d7b9dcb2e0

Public key (written into authorized_keys file):

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBeLMp7qKyC/G8vhVyT0EoPbcioSwj/uo4jB0+wwHx8j1NdOEQySAdPsuJBYJ5dWnB26wWI2BC+lr39KVF/tGDslGOa9St0PWbtCeWZGRtzvKARgAvTzzCeUK9VEjGRukf5AqfR2xBN8TLUx3AXguEi9vEKF+g+KZuElLC62zX86w== qmarco

Private key (exported in openssh format and used with your library trying to connect)

-----BEGIN RSA PRIVATE KEY-----
MIICWAIBAAKBgF4synuorIL8by+FXJPQSg9tyKhLCP+6jiMHT7DAfHyPU104RDJI
B0+y4kFgnl1acHbrBYjYEL6Wvf0pUX+0YOyUY5r1K3Q9Zu0J5ZkZG3O8oBGAC9PP
MJ5Qr1USMZG6R/kCp9HbEE3xMtTHcBeC4SL28QoX6D4pm4SUsLrbNfzrAgElAoGA
N/7075S5mf3hPtmsquqM5pRNy9mWpeSL3Xn4CDsZliu1Bv7ccOyOucRPLcq/BxMu
HTHL8IB4qKyoUVbWg0ioVJinI96DoVu4DVhnTDf6J/pFSZNI7rT9E4c6xJ5TVqkh
29d3Y58r28mWgwPfZH/6H7X5nIXlYH5e7m3EEXUBMS0CQQCdMr3NxabZM3d4eiOj
wwUS9ZJeYnaa3B07Pub49miZPMquJKtCGqNUIHOpOt6jCkls3oEtGn8I0MjfPQtB
KSghAkEAmV2VMStVSfJH2dUA6KgUJ6pU2IAo1WUOyUfGVMZF7VI8mK65O87QPmaz
UeBs8VUYkjSNT27iqVmfFB5MbIrTiwJAO3r7taS7rCFPzLiX3Rlb3akG80fZ2bsR
+r3a2r4ZvXDyvm69V0hZeccXAcM/e/YN8demf8TWHwLkOMr9Vuz6bQJAJU4dXvyz
4Y31zTPPyeOx4CKDV0HEvkkDmL5ug1LSvS+t3/MmI037TXLtWRrqETBf7DZL4uOe
6uxJShU1Lyiv/wJAbQHvY1CzZFv2hY9ntmew6HJumKU/OUll8+clC24Oek2ENW2+
heM8Aei1oNobx/0hLkv4lPxwMJwD6vdvzGIGwA==
-----END RSA PRIVATE KEY-----


Anyway (just to understand) if I use inside my server 

ssh-keygen -t rsa

and use these keys (public in authorized_keys and private with your library) everything works.
Naturally it doesn't work if I use a password to protect key, because it uses AES-128-CBC cypher that is not supported yet.

I forgot to mention that PPK file cannot be used with your library directly (I've tried).

Coordinator
Feb 10, 2012 at 6:08 PM

Hi,

 

I cannot use those formats, cause they need to have new line breaks and they appear all to be in one line.

 

Can you post them again but preserving new line characters?

 

Thanks,

Oleg

Feb 10, 2012 at 6:33 PM

Sorry, pasting text as code removed line breaks. Try now.
Thanks 

Coordinator
Feb 10, 2012 at 7:42 PM

ok, thanks.

 

I managed to reproduce the problem so will take a look at it as soon as I have time, hopefully today.

 

Thanks,

Oleg

Feb 23, 2012 at 2:43 AM
Edited Feb 27, 2012 at 12:47 PM

Hi Oleg,

 

I am getting exactly the same error.

I generated my Private/Public keys using OpenSSH as below.

ssh-keygen -t rsa
I am able to connect using OpenSSH(sftp) and CoreFTP using the same keys.
Please let me know how to fix this issue.
Thanks,
LG11105
Coordinator
Feb 23, 2012 at 12:49 PM

Sorry,

I didn't have time to look at this problem yet :(

Can you guys log it as an issue, with reference to this thread, so I remember to get back to it when I have time?

 

Thanks,

Oleg

Coordinator
Feb 24, 2012 at 6:13 PM

Hi,

 

I just fixed this issue.

Can you please take a look at 14607 source code and let me know if problem was resolved.

 

Thanks,

Oleg

Feb 24, 2012 at 8:58 PM

Thanks Oleg!

 I will try tonight and let you know how it goes.

Feb 24, 2012 at 9:13 PM

Hi Oleg,

 

I just tested and still getting the same problem.

In Session.cs you mentioned the below lines.

// In future, if more then one authentication methods are supported perform the check here.

 // Authenticate using provided connection info object

 

 this.ConnectionInfo.Authenticate(this);

 

 

As I am using Key Authentication do I need to add the case for PrivateKeyConnectionInfo?

Please Advice.



Coordinator
Feb 24, 2012 at 9:29 PM

YEs,

 

Here the code I used to test it:

            var key = @"-----BEGIN RSA PRIVATE KEY-----
MIICWAIBAAKBgF4synuorIL8by+FXJPQSg9tyKhLCP+6jiMHT7DAfHyPU104RDJI
B0+y4kFgnl1acHbrBYjYEL6Wvf0pUX+0YOyUY5r1K3Q9Zu0J5ZkZG3O8oBGAC9PP
MJ5Qr1USMZG6R/kCp9HbEE3xMtTHcBeC4SL28QoX6D4pm4SUsLrbNfzrAgElAoGA
N/7075S5mf3hPtmsquqM5pRNy9mWpeSL3Xn4CDsZliu1Bv7ccOyOucRPLcq/BxMu
HTHL8IB4qKyoUVbWg0ioVJinI96DoVu4DVhnTDf6J/pFSZNI7rT9E4c6xJ5TVqkh
29d3Y58r28mWgwPfZH/6H7X5nIXlYH5e7m3EEXUBMS0CQQCdMr3NxabZM3d4eiOj
wwUS9ZJeYnaa3B07Pub49miZPMquJKtCGqNUIHOpOt6jCkls3oEtGn8I0MjfPQtB
KSghAkEAmV2VMStVSfJH2dUA6KgUJ6pU2IAo1WUOyUfGVMZF7VI8mK65O87QPmaz
UeBs8VUYkjSNT27iqVmfFB5MbIrTiwJAO3r7taS7rCFPzLiX3Rlb3akG80fZ2bsR
+r3a2r4ZvXDyvm69V0hZeccXAcM/e/YN8demf8TWHwLkOMr9Vuz6bQJAJU4dXvyz
4Y31zTPPyeOx4CKDV0HEvkkDmL5ug1LSvS+t3/MmI037TXLtWRrqETBf7DZL4uOe
6uxJShU1Lyiv/wJAbQHvY1CzZFv2hY9ntmew6HJumKU/OUll8+clC24Oek2ENW2+
heM8Aei1oNobx/0hLkv4lPxwMJwD6vdvzGIGwA==
-----END RSA PRIVATE KEY-----";

            var connectionInfo = new PrivateKeyConnectionInfo("1.1.1.1", 22, "oleg", new PrivateKeyFile(new MemoryStream(Encoding.ASCII.GetBytes(key))));

            using (var ssh = new SshClient(connectionInfo))
            {
                ssh.Connect();
                ssh.Disconnect();
            }

Feb 25, 2012 at 1:56 AM
Edited Feb 25, 2012 at 1:58 AM

Hi Oleg,

 

I tried that already but no luck.

I don't see where we are passing the PASSWORD for Authentication and that's why I think  I am not able to Authenticate, how do I pass Password in Private Key Authentication?

Thanks!

Feb 25, 2012 at 9:54 PM

Hi Oleg,

now it works! :)
I've just created a new key with PuttyGen, copied public part in authorized_keys file and exported private part into a file.
Then I used:

PrivateKeyFile key = new PrivateKeyFile(keypath);
using (SshClient client = new SshClient(host, port, user, key))
{
    client.Connect();
    // other code
}
Thanks a lot Oleg, thanks!!

Feb 26, 2012 at 9:00 PM
Edited Feb 26, 2012 at 9:02 PM

Could you please explain me how you are passing the Password ? The above code doesn't work for me.

I am not able to Authenticate bcos I don't see any where we are actually passing PASSWORD.

I tried all the ways but still not able to Authenticate may be I am doing some minor mistake.

Here is my requirement.

I need to upload files using SFTP with Username/Password plus Key Authentication.

I created my Private/Public Keys using OpenSSH and my public key is uploaded into SFTP Server.

I am able to Authenticate, Connect and Upload/Download Files using OpenSSH Tool but I need to do these operations thru my Application which runs as a Windows Service developed in C#.

Please Advice.

Coordinator
Feb 26, 2012 at 10:29 PM

Can you you connect using putty?

If so what do you use, password or private key?

Based on SSH protocol you can not use both password and private key, only one will authenticate you.

The only password I an think of is the one that requires to protected private key, then you can provide in PivateKeyFile constructor.

 

I can look up for a code example tomorrow if that what you need.

 

Thanks,

Oleg

Feb 27, 2012 at 1:33 AM

No, I am not able to connect using putty because the private key I created is using OpenSSH.

I am able to Connect using OpenSSH and CoreFTP.

Thanks for looking this for me!

Feb 27, 2012 at 12:16 PM

I'm using Serv-U as a server and the default value for SSH authentification is "Password AND publicKey".

With this default option, the Rencissh client isn't able to connect to the server, right ? It's not possible to implement a SftpClient constructor with both pass+privatekey ?

I was always considering Serv-U as a "good" server and I'm really surprised this option is available, despite the fact that this is not standard in SSH Protocol

Coordinator
Feb 27, 2012 at 12:38 PM

hhm,

Well, what I can try to do then, if you  like, if you can provide me privately with credentials, some test one, that I can try to connect and see where it fails and see if there is something I can do about it.

 

Authentication stage usually consist of rotating thru supported authentication methods and I only allow one method to be used at a time, since usually only one is required, but may be in your case its a little different, in this case I will have to make some modification to the library which will allow to provide several authentication methods.

 

The fact that it doesnt work with putty worries me a little, since I use it as a "bible" :), to test against.

What client do you use to connect to this server?

 

Thanks,

Oleg

Feb 27, 2012 at 12:44 PM

Exactly that is my problem too!

I need to Authenticate using Username/Password plus PublicKey/Passphrase.

RenciSSH is working for Username/Password Authentication but not working for Username/Password plus PublicKey/Passphrase Authentication as it is not Designed for that combination.

Thanks!

 

 

Feb 27, 2012 at 1:03 PM
Edited Feb 27, 2012 at 1:08 PM
Hi Oleg,

I am able to connect using OpenSSH and CoreFTP without any problem.

I am not able to connect using putty, and it says Further Authentication Required.
Please give me your email and I will send more details.

I really Appreciate your Help & Co-Operation.

Thanks!
Coordinator
Feb 27, 2012 at 1:58 PM

No,

Thats should be enough for now,

I have your user/pass in my e-mail so I will try it now to see what server resposne and let you know.

Also, if you have skype you can add me there to be more interactive if you like. Its olegkap.

 

Thanks,

Oleg

Coordinator
Feb 27, 2012 at 2:13 PM

I just tried and I cannot pass the key exchange phase :(

where it doesnt get to password yet.

 

I will see if I can set up here server with both authentication methods required and see what I can find but it will take a while,

sorry about that.

 

Thanks,

Oleg

Feb 27, 2012 at 2:17 PM

Thanks Oleg!

I really Appreciate your Help & Co-Operation.

Feb 27, 2012 at 2:19 PM
Edited Feb 27, 2012 at 2:20 PM

Hope you got all details.

Thanks!

Coordinator
Feb 28, 2012 at 6:17 PM

Hey,

 

I just checked in code that should do a trick.

I could not test it yet, since I dont have access to server with dual authentication enabled, so hopefully you could test it for me and let me know if it works.

Here how you would use it:

            var connectionInfo = new ConnectionInfo("server", 22, "username",
                    new PasswordAuthenticationMethod("username", "password"),
                    new PrivateKeyAuthenticationMethod("username",
                         new PrivateKeyFile(File.OpenRead(@"rsa_pass_key.txt"), "tester"))
                );

            var connectionInfo = new ConnectionInfo("server", 22, "username",
                    new PasswordAuthenticationMethod("username", "password"),
                    new PrivateKeyAuthenticationMethod("username",
                         new PrivateKeyFile(File.OpenRead(@"rsa_pass_key.txt"), "tester"),
                         new PrivateKeyFile(File.OpenRead(@"dsa_pass_key.txt"), "tester")
                         )
                );

Hope it works.

 

Please let me know.

 

Thanks,

Oleg

Feb 29, 2012 at 2:52 AM
Edited Feb 29, 2012 at 2:54 AM

Hi Oleg,

Great Job!

The below code works fine now.

var connectionInfo = new ConnectionInfo(sHost, iPort, sUserName,
                     new PasswordAuthenticationMethod(sUserName, sPassword),
                     new PrivateKeyAuthenticationMethod(sUserName, new PrivateKeyFile(File.OpenRead(sPrivateKeyFile), sPassPhrase)));

Renci.SshNet.SftpClient m_SftpClient = new Renci.SshNet.SftpClient(connectionInfo);

m_SftpClient.Connect();

if (m_SftpClient.IsConnected)
{
       Console.WriteLine("Connected !");
        IEnumerable<Renci.SshNet.Sftp.SftpFile> arrSftpFile = m_SftpClient.ListDirectory(@"/Inbox");
        foreach (Renci.SshNet.Sftp.SftpFile m_SftpFile in arrSftpFile)
        {
         Console.WriteLine(m_SftpFile.Name);
        }
      m_SftpClient.Disconnect();
}

I really Appreciate your Help.

Thanks!

Mar 2, 2012 at 1:51 PM

Hi Oleg, lg11105

How are you instantiating connectioninfo in that example. I just downloaded your code and this didn't work.

Thanks in advance,

Coordinator
Mar 2, 2012 at 2:07 PM

Hi,

 

You need to download latest version from the source code tab, since in previous versions ConnectionInfo is abstract.

 

Thanks,

Oleg

Mar 2, 2012 at 2:09 PM

Just had done that when your message came in.

This is good stuff. Also, I really appreciate this.

Would you consider making a Nuget Package for this? Otherwise, would you let me create one?

Coordinator
Mar 2, 2012 at 2:18 PM

ok, no problem.

 

Well, I had somebody created it already but I didnt hear from him for a while.

I sent him an e-mail today so hopefully he will reply.

 

If not, you can go ahead and create one, I dont know what it involves however.

The only thing I would like to ask is to share package source code or any other information which will be required to update it in a future.

 

Thanks,

Oelg

Mar 2, 2012 at 2:27 PM

This is all that is needed: http://docs.nuget.org/docs/creating-packages/creating-and-publishing-a-package

You could even configure your build server so it publishes the latest version automatically.

Coordinator
Mar 2, 2012 at 2:47 PM

OK,

Thanks,

I will take a look at it later then.

 

Thanks,

Oleg