fail to connect by public key - WeOnlyDo Discussion board

fail to connect by public key (wodSFTP / wodSFTP.NET / wodSFTPdll)

by simonasuciu, Tuesday, January 17, 2017, 14:38 (278 days ago)

Hello,
A use wodkey to generate a pair of ssh public-private key and wodsftp to connect to a ssh server in a Visual C++ application.
The code is like that:


IKeysPtr pKeys;

handle =Sftp_Create(pmystruct,"***wod license****");
Sftp_SetBlocking(handle, 1);
Sftp_SetHostname(handle, (char *) pszDest);
Sftp_SetLogin(handle, (char *) pszUname);
Sftp_SetPort(handle, 22);
int k = SFTPManageKeys();
long auth = Sftp_SetAuthentication(handle, AuthenticationsEnum::authPubkey);
long i = Sftp_SetPrivateKey(handle, (char*)pKeys->GetPrivateKey(SSHKeyTypes::RSAkey),2048);
i = Sftp_Connect(handle);
.....

int SFTPConnection::SFTPManageKeys()
{
SSHKeyTypes ktype = RSAkey;
...
hr = pKeys.CreateInstance (CLSID_Keys, NULL);
.....
if (fileop == 0) // file not exist
{
try
{
VARIANT var;
var.vt = VT_ERROR;
pKeys->Generate(ktype, var);
pKeys->Save(ktype, fname, var);
pKeys->PublicKeySave(ktype,fNameClient);
}
catch(CException* pe){
AfxMessageBox(_T("Error"));
pe->ReportError();
}
}
else // Load
{
pKeys->Load(fname);
}//Load

return 0;
}
I pasted the public key created by Generate method on .ssh/authorized_keys file on the server.
The problem is that the connection fails with return code 30015 and in the log file of sshd service on the server I can see the folowing :
"sshd[15204]: userauth_pubkey: unsupported public key algorithm: password ""
could you tell me the reason of this failure?
Thank you!

fail to connect by public key

by Jasmine, Tuesday, January 17, 2017, 14:47 (278 days ago) @ simonasuciu

Hi.

Server-side error doesn't tell us much. I'm not sure how 'password' could be authentication type with the server.

Is there a way we can duplicate this issue somehow and try to connect in debugger environment here?

Kind regards,
Jasmine

fail to connect by public key

by simonasuciu, Wednesday, January 18, 2017, 11:28 (277 days ago) @ Jasmine

Hello!
Thank you for the reply.
I tested this code on two diferent ssh server platform and the result was the same. I think you can also test and debug this code on any ssh server you have, probably with the same result.
When I paste the public key on the server(in .ssh/authorized_keys file), I use the format returned by PublicKeyOpenSSH function(ssh-rsa ...etc), not the one written in the file by PublicKeySave(begins with "----BEGIN PUBLIC KEY-----"). It's OK like that?
Simona

fail to connect by public key

by Jasmine, Wednesday, January 18, 2017, 11:29 (277 days ago) @ simonasuciu

Hi.

Yes, public key pasted to server should be one-line starting (usually) with ssh-rsa, one space, and then BASE64 encoded key following it.

Jasmine.

fail to connect by public key

by simonasuciu, Wednesday, January 18, 2017, 15:05 (277 days ago) @ Jasmine

Hi!
Have you tried an Sftp_Connect from a Visual C++ application to a ssh server with authPubKey?
Is it working?

fail to connect by public key

by Jasmine, Wednesday, January 18, 2017, 16:43 (277 days ago) @ simonasuciu

Hi Simona,

yes, wodSFTPdll works for us without any issues. Here's my code I tested with. If you send email to techsupport - at - weonlydo.com, I can provide full code and key you can test with to try it out with our server. Here's partial key since it's too large to paste here (and, of course, I can't just let anyone connect for tests...)

Note I don't use wodKeys - it's not needed with wodSFTPdll since it's capable of loading key using LoadPrivateKey when you give full key instead of filename.

Here's the code:

 char buf[8192];
 handle = Sftp_Create(&mystruct, NULL);
 Sftp_SetBlocking(handle, 1);
 Sftp_SetHostname(handle, "linux.weonlydo.com");
 Sftp_SetLogin(handle, "weonlydo");
 Sftp_SetAuthentication(handle, /*AuthenticationsEnum::*/authPubkey);
 Sftp_LoadPrivateKey(handle, "-----BEGIN RSA PRIVATE KEY-----\r\nMIIEoQIBAAKCAQE....Me0sT4YJ0g6FYBP2Dvdw+Q==\r\n-----END RSA PRIVATE KEY-----\r\n", NULL);

 printf("Connecting...\r\n");
 Sftp_SetPort(handle, 22);
 int i = Sftp_Connect(handle);

So, code is more/less same as yours, connecting against OpenSSH server running on Ubuntu linux.

Kind regards,
Jasmine.

fail to connect by public key

by simonasuciu, Thursday, January 19, 2017, 11:43 (276 days ago) @ Jasmine

I modified my code and it's working now with Sftp_LoadPrivateKey (instead of Sftp_SetPrivateKey).
It's a problem with Sftp_SetPrivateKey in visual C++? Or I was using it in the wrong way?
Thank you again!

fail to connect by public key

by Jasmine, Thursday, January 19, 2017, 11:44 (276 days ago) @ simonasuciu

Hi Simona,

I cannot be sure unless I duplicate it exactly. If you wish you can send me your key and I'll try to load it and see where the problem is?

Jasmine.

fail to connect by public key

by simonasuciu, Thursday, January 19, 2017, 12:13 (276 days ago) @ Jasmine

the private key generated by wodkeys:
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDVdzqIXdMcaaezmWWlaNVGClvEkktE199BRiyF1PJyHw4D0ZDl
8Bg8XAX6OZNseiEhxJJ3C2V+MI4fHWFPM1R1gBWhbVDJkqHRIB30oNw7slXAZYl4
h9k0wBPCC5bYSlKQckgK4lKpvMt9g6lg5p78mrnlIuTDt+TcIuflAH+OoQIBIwKB
gQDDKy4ziPuHsQ5bD+fnsE325OYwELnYitq/VhoT9eT6oAzQSpMbXywZ7bxSfcid
sX1gs7kcYjDoZuhW9kpXClvXeRusMZAN2wn2fVqnwR64bRsAKqpXuh0dXQ83Tk+G
BQk8AyuVvemLvuHHbvPeX0M5QrodnQggrArNhQjZmwnNCwJBAO5WEptrUASL+ls5
Rp+WNB6/UaVh9BGfzjzSZqpf3JvoLr7oSgssm9G3CW+V03aOwpOpQBFobgArN5Ns
/kDzuk8CQQDlSUp7r+pmgvEryYaGDG3cQOaRfTSCqY5leLbjkAEY6EgP6BUPbp0S
TYHyuNI33rNmFRStu3H7jdPF+Ti9+RwPAkEA2ehLhsiDrGK5AvKJtnqzT0/VnoVx
bzMFs/OREMyscUlPT3VLAub03P8ekegRy3s1jlGZqYQMzPRQEcK8kyf6ywJBAN68
Obn7WLtaoSM4y9Ks/QHYpXdjr1pbkaRmowjySjVz7jtWetvKifSFzrFF04a7FKxO
/iUcfVrEShDGNx7x/f8CQB5/27pFdY8CUF+LghdmWJfpTddhxrtlzFo6D9HG7dFO
GgHX12qzYNDBcKfOO28bMgYl50a+r1Ub2Zw3tiUQvKI=
-----END RSA PRIVATE KEY-----

the public key generated by wodkeys:
-----BEGIN PUBLIC KEY-----
MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCl77B8lhUrS/fOc+TXUJBcnzGn
OR+/9D06RqWdFdh198htbCGjx6zmhMzytktNUFCsGImufS61n8iW/TuT3V/LLcdM
5ouo2Ur3pKWD01OzA67Xjk4/WfsKDPwS+Vlump9jci3MLBD+4OLGICXz5eyu0fbC
VxHPGMcC4w9caWPh6QIBIw==
-----END PUBLIC KEY-----

Thank you!

fail to connect by public key

by Jasmine, Thursday, January 19, 2017, 12:56 (276 days ago) @ simonasuciu

Hi Simona,

please do not used that key anymore since you've shared it, generate new one for your usage.

I have managed to get your code running using wodKeys too. Here's the scenario. pKeys->GetPrivateKey returns BSTR, which you have to convert to (char *), and tha'ts what SetPrivateKey should have failed.

You can also use GetPrivateKeyData which returns SAFEARRAY, and you can handle that array as (char *). Code would be like this:

 
 SAFEARRAY *psa = pKeys->GetPrivateKeyData(/*SSHKeyTypes::*/RSAkey);
 void *data = NULL;
 long lbound, ubound;  // get array bounds
 SafeArrayGetLBound(psa, 1 , &lbound);
 SafeArrayGetUBound(psa, 1, &ubound);

 SafeArrayAccessData(psa, &data);
 Sftp_SetPrivateKey(handle, data, ubound-lbound+1);
 SafeArrayUnaccessData(psa);
 SafeArrayDestroy(psa);

So, we access SAFEARRAY, extract data from it, pass to SetPrivateKey, and destroy SAFEARRAY. I tested that code and it works ok.

Let me know how it goes for you!

Best regards,
Jasmine.