Subject: RE: Re: libssh2, winsshd, SFTP, and publickey login

RE: Re: libssh2, winsshd, SFTP, and publickey login

From: <rhamilton_at_scriptpro.com>
Date: Mon, 2 Aug 2010 08:32:15 -0500

From: libssh2-devel-bounces_at_cool.haxx.se
[mailto:libssh2-devel-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: Friday, July 30, 2010 4:54 PM
To: libssh2 development
Subject: [Retrieved]Re: libssh2, winsshd, SFTP, and publickey login

On Fri, 30 Jul 2010, rhamilton_at_scriptpro.com wrote:

> Can anybody tell me if there is a trick to getting the key format
right, so
> I can use cUrl/libssh2 to do an SFTP transfer to/from a winsshd server
with
> a username and publickey? I have a key that works with putty's psftp,
and
> I've tried several ways to convert it with the puttygen tool

Note that libssh2's API still requires you to pass on both the private
and the
public keys, so you must have both in the correct format.

But it would help if you'd show us the exact little example source code
you're
running when you get your problem, and tell us what return code/error
the
libssh2 function that fails returns etc. Possibly also show us what a
trace
output log reveals.

> Logon attempt 1 for user name 'test' with logon method
> 'publickey' (algorithm: '-----BEGIN',

That certainly seems like a bad algorithm and an indication of a
problem. It
indicates the file is bad I'd say. Or perhaps a bug in libssh2.

> We've upgraded to the latest version of winsshd, and I've tried
libssh2
> v1.0 and v1.2.6.

There's no point in using any other libssh2 version than the most recent
one.

-- 
  / daniel.haxx.se
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
--======================================================================
=========--
Thanks for the reply.
I'm actually using command-line curl for the time being.  I have a few
different versions of the same key that give results like this.
	C:\SFTP>curl -v -u sshtest: --pubkey sshtest.private -l
Sftp://spcaudev1
	* About to connect() to spcaudev1 port 22 (#0)
	*   Trying 192.168.191.24... connected
	* Connected to spcaudev1 (192.168.191.24) port 22 (#0)
	* SSH authentication methods available:
publickey,gssapi-with-mic,password
	* Using ssh public key file sshtest.private
	* Using ssh private key file id_dsa
	* SSH public key authentication failed: Username/PublicKey
combination invalid
	* Authentication failure
	* Closing connection #0
	curl: (67) Authentication failure
Other keys will give me a local error talking about things like "not
base-64 encoded", or "not a private key".  (Which I only mention because
it convinces me the it is doing some kind of validation of the file.)
In the cases where it does try to pass a key in, the error message from
winsshd in the event log always seems to list the algoritm as basically
the first word from the first line from the file.
Original putty key...
	PuTTY-User-Key-File-2: ssh-rsa
	Encryption: none
	Comment: sshtest key
	Public-Lines: 4
	AAAAB3NzaC1yc2EAAAABJQAAAIEAxIyY6rQac1ejaZHDNiFm8YMPkO7zJlpsvi7W
	...
Gives me...
	Logon attempt 1 for user name 'sshtest' with logon method
'publickey' (algorithm: 'PuTTY-User-Key-File-2:', public key MD5:
	da:c5:be:1b:58:ba:ac:18:cb:25:dc:f8:4e:63:0f:e6, test only)
failed: The received public key algorithm name is unsupported or 
	doesn't match the algorithm encoded in the public key.
Puttygen exported to openssh...
	-----BEGIN RSA PRIVATE KEY-----
	MIICXAIBAAKBgQDEjJjqtBpzV6NpkcM2I...
Gives me...
	Logon attempt 1 for user name 'sshtest' with logon method
'publickey' (algorithm: '-----BEGIN', public key MD5:
	2f:97:f3:92:54:28:b2:25:50:b9:51:8e:4d:8f:a8:e8, test only)
failed: The received public key algorithm name is unsupported or
	doesn't match the algorithm encoded in the public key.
Attempted manual cut-n-paste from puttygen dialog and private key
file...
	ssh-rsa
	AAAAgQCKHZvjMnNzpV4S1SFkTtK3jId6mhKlVExp92adbVFFfOCLPuE5XqqSP81r
	...
Gives me...
	Logon attempt 1 for user name 'sshtest' with logon method
'publickey' (algorithm: 'ssh-rsa', public key MD5:
	ef:d5:15:e5:c6:2f:61:e7:14:1b:07:40:0a:a0:73:93, test only)
failed: The received public key algorithm name is unsupported or
	doesn't match the algorithm encoded in the public key.
If adding more debug output somewhere will help get to the bottom of it,
then I'll give it a whirl.  I was hoping it was just a case where I
hadn't tried exporting to the right format to bridge the gap between the
two.  The odds-and-ends I'd seen on the subject from web searches seemed
to point toward the openssh format that I'm already trying though.
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-08-02