EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH Public Key Authentication Does Not Work

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 03/14/2008 13:30:46
by Joe Krueger (Standard support level)
Joined: 06/01/2006
Posts: 11

I am trying to connect using PUBLICKEY authentication, PASSWORD works fine. I am setting the AuthenticationTypes property to SBSSHConstants.Unit.SSH_AUTH_TYPE_PUBLICKEY but I can never successfully connect. According to the FTP server log the key exchange is successful but then when requesting a request for authorization I get this message:

"Handling SSH_MSG_USERAUTH_REQUEST for user testuser, service 'ssh-connection', method 'none'"

And then the next message to be displayed is this:

"Authentication Method Is Disabled"

However, the users authentication method is set to Password=Allow & Public Key Authentication=Allow on the SFTP server.

I find it strange that in the fist message the method that is being passed is "none", while when I use Password authentication the log displays the method being used as "PASSWORD". Why would it be 'none' when trying to use PUBLICKEY authentication?

Please help, I need to be able to automate my SFTP tasks and must use public key authentication..

Thank you in advance for your help!
Posted: 03/14/2008 13:49:32
by Ken Ivanov (EldoS Corp.)

"None" method is always passed as first authentication method to obtain the list of supported authentication types from server. I do not know why your server does not report the "none" type if password authentication is used, but I can make you sure that it *is* used with password authentication too.

Please check that the private key is loaded successfully (TElSSHKey.LoadPrivateKey() returns 0). It seems that public key authentication is not tried at all, and the most likely reason for it is the private key not being loaded correctly.
Posted: 03/14/2008 14:06:59
by Joe Krueger (Standard support level)
Joined: 06/01/2006
Posts: 11

Thank you for your quick response! Unfortunately, the private key is being loaded successfully so that's not it. You are right though, with PASSWORD authentication i still get the one log entry with a method of "none" but there is also one with a method of "password". I agree that it doesn't look like it is even trying to authenticate at all, which is good because it is narrowed down but bad because I have no clue how to fix it. There was that second log that said "Authentication Method Is Disabled", but there are no authentication methods disabled for this user on the server so that is even more confusing.

Thanks again!
Posted: 03/14/2008 14:11:14
by Joe Krueger (Standard support level)
Joined: 06/01/2006
Posts: 11

Another quick question about the simple sftp client vb.net sample. Here is the code that is using to set the authentication type property:

SftpClient.AuthenticationTypes = SftpClient.AuthenticationTypes Or SBSSHConstants.Unit.SSH_AUTH_TYPE_PUBLICKEY

Why does it have the Or statement? Isn't SSH_AUTH_TYPE_PUBLICKEY part of the SftpClient.AuthenticationTypes? I also don't get why the sample is setting the property equal to itself and then using the Or statement to include something that is already included. I'm confused.

Wouldn't it just be:

SftpClient.AuthenticationTypes = SBSSHConstants.Unit.SSH_AUTH_TYPE_PUBLICKEY


SftpClient.AuthenticationTypes = 2


Posted: 03/14/2008 14:36:08
by Ken Ivanov (EldoS Corp.)

Please check if the following events are fired (along with values passed to it):
* OnAuthenticationStart,
* OnAuthenticationFailed,
* OnAuthenticationAttempt,
* OnError.

Why does it have the Or statement? Isn't SSH_AUTH_TYPE_PUBLICKEY part of the SftpClient.Authentication­Types

This operator simply enables public key authentication without disabling other authentication methods. Authentication methods constants are defined as bit mask, that's why bitwise OR operation is performed.
Posted: 03/14/2008 14:39:50
by Joe Krueger (Standard support level)
Joined: 06/01/2006
Posts: 11

OnAuthenticationFailed & OnError both fire. Error is 114. I don't have handlers for start & attempt but I'm assuming they are firing if the OnAuthenticationFailed fires.
Posted: 03/15/2008 01:51:51
by Ken Ivanov (EldoS Corp.)

What exactly AuthenticationType argument value is passed to the OnAuthenticationFailed event?

If AuthenticationType is 2 (SSH_AUTH_TYPE_PUBLICKEY), this means that public key authentication is attempted. If this is the case, please re-check that the key you are trying to use for authentication is trusted on server side.
Posted: 03/18/2008 11:43:32
by Joe Krueger (Standard support level)
Joined: 06/01/2006
Posts: 11

I have tried using the CONST (SSH_AUTH_TYPE_PUBLICKEY) and the actual integer value (2) and both return the same results. The key is trusted on the server. It's almost as if the authentication type isn't being sent correctly to the server. I'm using WINSSHD if that matters.
Posted: 03/18/2008 12:00:02
by Ken Ivanov (EldoS Corp.)

Please answer my previous question: what is the value of AuthenticationType parameter passed to the OnAuthenticationFailed event?

BTW, did you try to check if the sample applications work? Please try to use SimpleSSHClient demo and check if it is able to connect to your server (please note, that the demo expects the private key to be stored in unecrypted form, so please patch the Key.LoadPrivateKey() call if your private key is encrypted with password).
Posted: 03/18/2008 12:14:09
by Joe Krueger (Standard support level)
Joined: 06/01/2006
Posts: 11

Ok, if I use the PuTTY Key Generator to generate an SSH-1 (RSA) 1024 bit key the OnAuthenticationFailed event DOES fire. The authentication method being passed is 2. If I generate a key with the Bitvise Tunnelier (Client made by same vendor as Server) the OnAuthenticationFailed event DOES NOT FIRE because Key.LoadPrivateKey does not equal 0, it equals 3330 - but the OnError event DOES fire. The error code passed is 114. This IS using the sample application. I am able to connect just fine using BITVISE tunnelier regardless of what is used to generate the keys.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.



Topic viewed 8844 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!