EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ElSSHServer.OnAuthPublicKey event not fired

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#1135
Posted: 09/04/2006 07:21:16
by Josef Novak (Basic support level)
Joined: 08/30/2006
Posts: 47

Hello,

I am using SSHServer demo application as comes with SecureBlackbox library and am trying communication with SFTPClient from the same example source. On SSHClient I have added Public key to keystorage and have added SSH_AUTH_TYPE_PUBLICKEY to AuthenticationTypes. My problem is that on server the key is not checked due to ElSSHServer.OnAuthPublicKey event is not fired. The events fired for me are: OnAuthAttempt(keyb), OnAuthKeyb, OnAuthAttempt(psw), OnAuthPassword, OnFurtherAuthNeeded(Needed set to true). And no more event is fired. The environment I am using is secbbox 4.4.0.94. I am testing on Win XP Pro v2002 SP2, on one desktop machine. Thanks a lot for any clue.

Josef
#1136
Posted: 09/04/2006 08:49:08
by Ken Ivanov (EldoS Corp.)

You need to load a secret key (not a public one) on client side, then you will be able to authenticate using public key authentication type.
#1137
Posted: 09/04/2006 09:27:54
by Josef Novak (Basic support level)
Joined: 08/30/2006
Posts: 47

Ok, but I don't know how exactly. What is secret key and what is it's relation to public key ? How do I load it to SSHClient ? Sorry for these questions, but I can't find it in the documentation. Thx
#1138
Posted: 09/04/2006 11:13:59
by Ken Ivanov (EldoS Corp.)

Public and secret key form a so-called 'keypair'. When you generate a key, you actually generate a keypair. Then you need to put your public key to a server's authorized keys list. The private key should not be given to anyone (it is usually stored in encrypted form on your machine).

SSH negotiation makes use of both parts of your keypair (a private key on a client side and a public key on a server side), making the server ensure that it's really you who are trying to connect to it. Since no other person has access to your private key, you are the only one who will be able to login to your account using your key.

Please consider using demo application as a guide for passing private key to ElSSHClient and ElSimpleSSHClient objects. All SSHBlackbox demos support public key authentication. Besides, you will find sample SSH keypairs in the %INSTALLDIR%\SSHKeys directory.
#1139
Posted: 09/04/2006 13:31:16
by Josef Novak (Basic support level)
Joined: 08/30/2006
Posts: 47

Ok, if you mean private key, then I understand (as I can see from documentation, secret key is still something else). If I understand well, SSH server needs to have a private key generated, and client can have as well it's own private key generated - then public peer must be known on server.

Finally I succeeded, but on client I had to use auxiliary variable

SBSSHKeyStorage.TElSSHMemoryKeyStorage keyStorage

and construction

sshClient.KeyStorage = keyStorage;
keyStorage.Clear();
keyStorage.Add(Key);

because when I used shorter form

sshClient.KeyStorage.Add(Key);

it disn't add any item to the container KeyStorage (strange).

But no big problem. Thanks a lot.
#23786
Posted: 02/27/2013 09:32:19
by David Serrano (Basic support level)
Joined: 11/16/2012
Posts: 19

I am having the same problem, besides in the SSHkeys folder, i see files with .putty extension but i need files with .key extensions. How can i test the method SSHServer_OnAuthPublicKey ?
#23788
Posted: 02/27/2013 11:10:57
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Not sure I've understood your problem. Could you please describe it in more details.

In general TElSSHServer.OnAuthPublicKey event is fired when the client requested public key authentication, so the client should request it to test.
#23789
Posted: 02/27/2013 11:14:05
by Ken Ivanov (EldoS Corp.)

David,

Extensions given to the key files only indicate the format the keys are stored in. If some application expects key files to be in Putty format and have the .key extension, you can simply rename the .putty file to the .key file and feed it to the application.
#23793
Posted: 02/27/2013 13:26:16
by David Serrano (Basic support level)
Joined: 11/16/2012
Posts: 19

mmm I see. Well, i will rename that files and i will test that method. I will told you the results.
thanks a lot.
#23794
Posted: 02/27/2013 14:25:20
by David Serrano (Basic support level)
Joined: 11/16/2012
Posts: 19

Well, I have renamed the extension to .key but now i have another problem, and it is the import the SSH key File. I have been checkin the samples but it doesnt exist, it only has pgp import. I checked http://www.eldos.com/security/articles/2852.php. In that page, it is said that i can use the import method however i dont know how i can implement that. Where can i find a sample for importing sskey files?
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 4011 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!