EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How do I use the Simple SSH Client?

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#13314
Posted: 05/14/2010 07:41:05
by  Trevor Mason
Hi,

I'm evaluating your components and I'm trying to open a connection to an ssh server using the simple ssh client.
I have the socket open and the client tries to authenticate me on the server, but fails with an error 114 - There are no more methods for user authentication.

I have generated and saved new public and private 1024 bit rsa keys, which are loaded into the Memory storage object and I have supplied a user name and password to the ssh client.

What am I doing wrong?

Im using CBuilder 2009 on XP and SBB version 8.
#13317
Posted: 05/14/2010 08:32:36
by Eugene Mayevski (EldoS Corp.)

The problem is in the way you use authentication.

The generated public key is placed on the server (check server documentation for how to do this) and you provide the private key on the client side when connecting with a client to the server.


Sincerely yours
Eugene Mayevski
#13318
Posted: 05/14/2010 09:10:42
by  Trevor Mason
Hi Eugene,

That would be a valid argument for public key auths, but what about password auths?

When I use Putty, I don't have to put the public key on the server - I just open up a session to the server, supply my user name and password and I'm in.
Why can't I get that to work?

cheers
#13319
Posted: 05/14/2010 09:42:03
by Eugene Mayevski (EldoS Corp.)

What exactly messages do you get in the log before error 114? It must be preceded by one or more error messages saying that authentication type X failed. It's important to know, what types failed.


Sincerely yours
Eugene Mayevski
#13320
Posted: 05/14/2010 11:03:15
by  Trevor Mason
Hi Eugene,

I don't get any messages before the 114 error.

AuthenticationTypes is set to 20, which I believe is password & keyboard auth methods.

It looks as though it is not attempting the keyboard auth.
I have just added an onAuthAttempt handler which prints the auth type to screen and it is only being fired once for type 4 - Password?

Cheers
#13323
Posted: 05/14/2010 12:31:28
by Eugene Mayevski (EldoS Corp.)

That's all strange what you describe - if the authentication method fails, the server tells this to the client and the client reports an error. Maybe it's some issue specific to C++Builder 2009. Are you running the sample project or you've written your own code?


Sincerely yours
Eugene Mayevski
#13324
Posted: 05/14/2010 13:12:49
by  Trevor Mason
Hi Eugene,

I found the problem - the user name was not being passed correctly to the server - my fault for trying to be too clever and doing input validation.

So... now that I can log on with a pre-supplied user/password combination, what do I have to do to get the server to prompt me for a user and password in the terminal window, like putty does?

Thanks
#13325
Posted: 05/14/2010 13:39:02
by Eugene Mayevski (EldoS Corp.)

putty's prompts for username and password are not related to terminal at all. So you can draw these questions in any way you like, be it a dialog window or two or a terminal emulation window or any other way to talk to the user.

About keyboard-interactive authentication: this scheme assumes that the server asks for something and the user types the answer. This is not a password as you see it. It's just common that the servers ask for a password, but a smart server (coded using our SSH server component for example) can be asking for a day of week or simple math operation result just to ensure that it's the human user that logs in. This means that you must be ready to let the user provide answers to these questions. See OnAuthenticationKeyboard event for more details.

Now about terminals in general: SSH is a way to securely access remote shell, but SSH itself doesn't offer or define terminals. The protocol sends and receives what you (or the server) give to it. This means that escape sequences, sent by the server to change text or background color, play beep etc. are your business, not SSH ones. If you emulate a simple terminal using ReadLn/WriteLn, you will see some strange sequences of characters that you would not expect. These are terminal escape sequences that I am talking about.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 2590 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!