EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Public Key Authentication

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#11545
Posted: 11/03/2009 22:45:23
by Mike Scriven (Standard support level)
Joined: 05/19/2006
Posts: 102

SBB version 7 ActiveX.

I can't seem to get public key authentication to work on my test server. I'm sure I'm not setting it up correctly on the server side but can't figure out what I'm doing wrong. Do you have a test server I can connect to using public key authentication to verify that my code is correct? If so what key should I use?

Thanks.
#11546
Posted: 11/04/2009 00:58:17
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

1) What exactly authentication problems do you encounter?
2) Please check if OnAuthenticationFailed event fires with the parameter of 2. If it does, this means that the private key has been tried by the client, but was rejected by the server.

Unfortunately, there is no test server available. We can try setting it up, but this procedure might require certain amount of time, so let's try to localize the problem by indirect symptoms first.
#11550
Posted: 11/04/2009 12:47:24
by Mike Scriven (Standard support level)
Joined: 05/19/2006
Posts: 102

Yes the OnAuthenticationFailed event fires with the parameter of 2.

I can connect to the server with PuTTY so the problem is in my code. I have loaded the private key using the LoadPrivateKey() function I extracted from your SimpleSftpDemo sample. I used SetKeyStorage to set the key into the ActiveX control and I enabled public key authentication in the ActiveX control. Is there anything else I should be doing?

Thanks.
#11551
Posted: 11/04/2009 12:54:09
by Ken Ivanov (EldoS Corp.)

This means that some private key has been tried during authentication, but was refused by the server. Can you please check whether SimpleSftpDemo is able to connect to the server with that key or it exposes the same authentication issue?
#11552
Posted: 11/04/2009 13:02:52
by Mike Scriven (Standard support level)
Joined: 05/19/2006
Posts: 102

I had the same thought but I get numerous errors when I compile the sample. Here's a sample:

Quote
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(4047) : error C2061: syntax error : identifier 'IElSubsystemSSHTunnelX'
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(4050) : error C2061: syntax error : identifier 'IElSubsystemSSHTunnelX'
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(4216) : error C2061: syntax error : identifier 'IElStringListX'
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(4220) : error C2061: syntax error : identifier 'IElStringListX'
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(4276) : error C2061: syntax error : identifier 'IElStringListX'
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(4282) : error C2061: syntax error : identifier 'IElStringListX'
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(5485) : error C2061: syntax error : identifier 'IElSubsystemSSHTunnelX'
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(5497) : error C2061: syntax error : identifier 'IElSubsystemSSHTunnelX'
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(6014) : error C2061: syntax error : identifier 'IElStringListX'
1>c:\eldos\secureblackbox.ax\samples\vc\sbb7\sftpblackbox\client\simplesftpclient\sbb\sftpbboxcli7.h(6027) : error C2061: syntax error : identifier 'IElStringListX'


Any idea what's causing these?
#11553
Posted: 11/04/2009 14:44:04
by Mike Scriven (Standard support level)
Joined: 05/19/2006
Posts: 102

I put the following 3 lines into stdafx.h and that fixed the compile errors:

Code
#include "SBB/BaseBBox7.h"
#include "SBB/SSHBBoxCli7.h"
#include "SBB/SFTPBBoxCli7.h"


The connect fails as follows:

Quote
Authentication type 16 failed
Authentication type 2 failed
Authentication type 4 failed
Error 114
Connection failed
#11557
Posted: 11/04/2009 16:21:05
by Ken Ivanov (EldoS Corp.)

1) What software was used to generate the keypair?
2) Can you please check if the *private* key (not the public one) is loaded? This fact can be additionally checked with the following code after the key has been loaded:

VARIANT_BOOL priv = FALSE;
if (SUCCEEDED(pKey->get_IsPrivate(&priv)))
{
if (priv == -1)
{
// everything's OK, the pKey object contains a private key
}
}
#11558
Posted: 11/04/2009 17:20:21
by Mike Scriven (Standard support level)
Joined: 05/19/2006
Posts: 102

I used the following command on the server (OpenSSH_3.1p1) to generate the key pair:

ssh-keygen -b 1024 -t dsa -f mykey

then I moved the public key into the authorized_keys file on the server and moved the private key to my PC and used it to try to connect, which fails.
PuTTY wouldn't connect using this private key either so I used PuTTY keygen to convert it to PuTTY format and that worked, but the PuTTY key doesn't work in my app. I've also tried the openssh keys that come with your distribution but they also fail.

Yes, I'm definitely loading the private key.
#11560
Posted: 11/04/2009 18:22:13
by Mike Scriven (Standard support level)
Joined: 05/19/2006
Posts: 102

Well I got it to work by using PuTTY Keygen to generate a key then export it as an openssh key.

It was operator error, sorry to have bothered you.

Thanks,
Mike
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 3084 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!