SSH connection using ECDSA key type - WeOnlyDo Discussion board

SSH connection using ECDSA key type (wodSFTP / wodSFTP.NET / wodSFTPdll)

by Mariana, Wednesday, February 22, 2017, 14:16 (64 days ago)

Hello,

I can make a successful SSH connection (with private/public key) between a client application (Visual Studio on Windows 7) and a HP-UX server, using RSA key type and wodSFTP.dll.
But, using ECDSA key type, the SSH connection doesn't work. Moreover, I do not see anything in server syslog file.

Here's the code:
SFTPGetconnection(LPCTSTR pszDest, LPCTSR pszUname, LPCTSTR pszPsw) throw(...)
{
_bstrs_t fNamePriv = "C:\\Windows\\Raptor\\ .... "; // file name with private key

handle = Sftp_Create( ......) ;
Sftp_SetBlocking(handle, 1);
Sftp_SetHostname(handle, (char *) pszDest);
Sftp_SetLogin(handle, (char *) pszUname);
Sftp_SetPort(handle, 22);

// open the file with private key
long auth = Sftp_SetAuthentication(handle, AuthenticationsEnum::authPubkey);
long i = Sftp_LoadPrivateKey(handle, fNamePriv, (char *) pszPsw);
long j = Sftp_Connect(handle);
....
}
What changes should be made in order to use any key type (RSA/ECDSA) ?

Regards,
Mariana

SSH connection using ECDSA key type

by Jasmine, Wednesday, February 22, 2017, 15:26 (64 days ago) @ Mariana

Hi Mariana,

I think we had almost the same issue few days ago. Do you use up-to-date latest version of wodSFTP? It should work with it?

Jasmine.

SSH connection using ECDSA key type

by Mariana, Wednesday, February 22, 2017, 15:42 (64 days ago) @ Jasmine

Hi,

I forgot to mention, I already use wodSFTP.dll version 3.8.3.208 ( the latest updated).
Here's the log from RSA key acceptance :

Feb 22 16:36:02 cmctm19 sshd[11503]: SSH: Server;Ltype: Version;Remote: 135.247.162.180-64475;Protocol: 2.0;Client: WeOnlyDo 3.8.3.208
Feb 22 16:36:02 cmctm19 sshd[11503]: SSH: Server;Ltype: Kex;Remote: 135.247.162.180-64475;Enc: aes128-ctr;MAC: hmac-sha2-256-etm@openssh.com;Comp: none [preauth]
Feb 22 16:36:02 cmctm19 sshd[11503]: SSH: Server;Ltype: Authname;Remote: 135.247.162.180-64475;Name: rapt_csd [preauth]
Feb 22 16:36:02 cmctm19 sshd[11503]: Accepted publickey for rapt_csd from 135.247.162.180 port 64475 ssh2: RSA SHA256:m3aClu64UUbtAEBHRj7bM2UrC+KtPfJucu5sqme2F5Y
Feb 22 16:36:03 cmctm19 sshd[11505]: SSH: Server;Ltype: Kex;Remote: 135.247.162.180-64475;Enc: aes128-ctr;MAC: hmac-sha2-256-etm@openssh.com;Comp: none

Why the ECDSA type key doesn't work ?
It should be done code changes ?

Thank you,
Mariana

SSH connection using ECDSA key type

by Jasmine, Wednesday, February 22, 2017, 16:16 (64 days ago) @ Mariana

Mariana,

hmm, I cannot see from the logs where exactly the problem is. I see key is accepted, but I don't see if it had sucessfuly authenticated.

Any chance we can connect there and try it out?

Jasmine.

SSH connection using ECDSA key type

by Mariana, Wednesday, February 22, 2017, 16:20 (64 days ago) @ Jasmine

Hi,

After upgrade version, I copied SftpDLL.dll, SftpDLL64.dll, wodKeys.dll, wodKeys64.dll libraries (from wodSftp 3.8.3) in C:\\Windows\System32 on Client.
Then, on Client from a cmd window > regsvr32 wodKeys64.dll
I , also, mention that the client application does not generate keys, just uses them for SSH connection.

Thanks,
Mariana

SSH connection using ECDSA key type

by Jasmine, Wednesday, February 22, 2017, 16:24 (64 days ago) @ Mariana

Mariana,

are you 100% sure you're using 3.8.3.208? Can you check Version property in your code (get_Version)? Perhaps in this copy you're doing something got mixed up?

Jasmine.

SSH connection using ECDSA key type

by Mariana, Wednesday, February 22, 2017, 16:36 (64 days ago) @ Jasmine

Hi,

I will check again the latest version of wodSftp.
Regarding the RSA key acceptance, there's a log from another server (another SHA version and without Kex Algorithms) :

Jan 19 12:24:50 cmctm12 sshd[4386]: Connection from 135.247.136.16 port 64438
Jan 19 12:24:50 cmctm12 sshd[4386]: SSH: Server;Ltype: Version;Remote: 135.247.136.16-64438;Protocol: 2.0;Client: WeOnlyDo 3.8.2.196
Jan 19 12:24:50 cmctm12 sshd[4386]: SSH: Server;Ltype: Kex;Remote: 135.247.136.16-64438;Enc: aes192-cbc;MAC: hmac-sha2-256;Comp: none [preauth]
Jan 19 12:24:51 cmctm12 sshd[4386]: SSH: Server;Ltype: Authname;Remote: 135.247.136.16-64438;Name: root [preauth]
Jan 19 12:24:51 cmctm12 sshd[4386]: Found matching RSA key: 8b:b2:75:b0:28:19:d2:0c:7f:6b:97:c3:45:9f:ee:d2
Jan 19 12:24:51 cmctm12 sshd[4386]: Postponed publickey for root from 135.247.136.16 port 64438 ssh2 [preauth]
Jan 19 12:24:51 cmctm12 sshd[4386]: Accepted publickey for root from 135.247.136.16 port 64438 ssh2
Jan 19 12:24:51 cmctm12 sshd[4386]: Found matching RSA key: 8b:b2:75:b0:28:19:d2:0c:7f:6b:97:c3:45:9f:ee:d2
Jan 19 12:24:51 cmctm12 sshd[4386]: subsystem request for sftp by user root
Jan 19 12:24:51 cmctm12 sshd[4386]: Connection closed by 135.247.136.16
Jan 19 12:24:51 cmctm12 sshd[4386]: SSH: Server;LType: Throughput;Remote: 135.247.136.16-64438;IN: 368;OUT: 224;Duration: 0.0;tPut_in: 19514.1;tPut_out: 11878.1
Jan 19 12:24:51 cmctm12 sshd[4386]: Transferred: sent 3920, received 1752 bytes
Jan 19 12:24:51 cmctm12 sshd[4386]: Closing connection to 135.247.136.16 port 64438

Thank you,
Mariana

SSH connection using ECDSA key type

by Jasmine, Wednesday, February 22, 2017, 16:38 (64 days ago) @ Mariana

Mariana,

I'm not sure even this is authentication issue here. Did you get 'authentication failed' error from wodSFTP, or just "things don't work as expected"?

Jasmine.

SSH connection using ECDSA key type

by Mariana, Wednesday, February 22, 2017, 16:58 (64 days ago) @ Jasmine

In the latest syslog sample (from January, cmctm12 server) there is no issue (the SSH connection was OK).
I sent this example just to show the difference between the syslog file information from both servers (different SSH version, different ssh_config content).
Anyway, the RSA key type works on any server.
I will check the wodSFTP version and if is necessary I will reinstall it.

Regards,
Mariana

SSH connection using ECDSA key type

by Jasmine, Wednesday, February 22, 2017, 17:00 (64 days ago) @ Mariana

Mariana,

version looks ok to me, I noticed version number in logs, so it was the latest one.

Any chance we can connect there to duplicate it? Did you succeed to connect with any other client (such as FileZilla) using that key?

Jasmine.

SSH connection using ECDSA key type

by Mariana, Thursday, February 23, 2017, 14:45 (63 days ago) @ Jasmine

Hi,

The wodSFTP version is correct.
I think it's a problem related to the Sftp_LoadPrivateKey function (see my first post).
long i = Sftp_LoadPrivateKey(handle, fNamePriv, (char *) pszPsw) ;

The application just uses a pair of keys (they are generated from outside) and the private key has a password.
Is this function suitable for using an ECDSA private key with password?

Thank you,
Mariana C.

SSH connection using ECDSA key type

by Jasmine, Thursday, February 23, 2017, 19:12 (63 days ago) @ Mariana

Mariana,

what does Sftp_LoadPrivateKey return to you? Is it 0 or something else?

Jasmine.

SSH connection using ECDSA key type

by Jasmine, Thursday, February 23, 2017, 19:34 (63 days ago) @ Jasmine

I just tried to duplicate your problem, and you seem to be right. If I use Sftp_LoadPrivateKey then I get 'key failed' when I try to open it. But for me, code returns error before even trying to connect then, with error 'please specify private key'.

Anyway, we fixed it, so please request update and try it out, perhaps this will immediately solve your problem.

Jasmine.

SSH connection using ECDSA key type

by Mariana, Monday, February 27, 2017, 09:08 (59 days ago) @ Jasmine

Hi,

The new version of wodSFTPdll 3.8.3 contains Sftp_LoadPrivateKey modified function ?
The newer version of wodSFTPdll.zip 3.8.3 has 3,51 MB, the older .zip 3.8.3 has 8,80 MB.
This version contains just an upgrade ?

Thank you,
Mariana

SSH connection using ECDSA key type

by Jasmine, Monday, February 27, 2017, 09:15 (59 days ago) @ Mariana

Hi Mariana

Perhaps old setup contained the source code and this one doesn't? It should be full installation not just changes.

Jasmine

SSH connection using ECDSA key type

by Mariana, Monday, February 27, 2017, 14:07 (59 days ago) @ Jasmine

Hello,

first of all, thank you for your support.
After installation of 3.8.3.209 version the ECDSA key type is accepted.
The tests with 521bits ECDSA and 384 bits ECDSA key are OK.
Only the test with 256 bits ECDSA is not OK (unsupported public key algorithm: password).
I sent you a sequence log from server. Is it a server issue or a client one ?

ECDSA 256 -> KO

Feb 27 11:29:32 cmctm19 sshd[16437]: SSH: Server;Ltype: Version;Remote: 135.247.162.180-51187;Protocol: 2.0;Client: WeOnlyDo 3.8.3.209
Feb 27 11:29:32 cmctm19 sshd[16437]: SSH: Server;Ltype: Kex;Remote: 135.247.162.180-51187;Enc: aes128-ctr;MAC: hmac-sha2-256-etm@openssh.com;Comp: none [preauth]
Feb 27 11:29:32 cmctm19 sshd[16437]: SSH: Server;Ltype: Authname;Remote: 135.247.162.180-51187;Name: rapt_csd [preauth]
Feb 27 11:29:32 cmctm19 sshd[16437]: userauth_pubkey: unsupported public key algorithm: password [preauth]
Feb 27 11:29:32 cmctm19 sshd[16437]: Connection closed by 135.247.162.180 port 51187 [preauth]

Thanks,
Mariana

SSH connection using ECDSA key type

by Jasmine, Monday, February 27, 2017, 15:34 (59 days ago) @ Mariana

Mariana,

as per logs, server reported 'unsupported public key algorithm' so this look like a server-side rejection. You can try to use same key with some other client, such as FileZilla, but I suspect same result would happen.

Jasmine.