EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH Error 114 with OpenSSH 5.8

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#16705
Posted: 06/20/2011 00:01:02
by Vincent Parrett (Standard support level)
Joined: 01/17/2008
Posts: 20

Hi,
One of our customers has reported (and I can reproduce) connections failing with error 114 (no more methods for user authentication) against OpenSSH 5.8. This is caught by the OnError handler after calling TElSimpleSSHClient.Open(). We are using v8.1.189.20960 of SBB.

Our code works fine against earlier versions of OpenSSH.

After some digging I found that the default key algorithm was changed to ECDSA in 5.7/5.8. I can get around the error by commeting out 'PasswordAuthentication no' in sshd_config on the server.

Is there something I can change in our client-side code to handle ECDSA (assuming that is the problem)?

Cheers.
#16706
Posted: 06/20/2011 02:33:19
by Eugene Mayevski (EldoS Corp.)

ECDSA itself should not be a problem.

To help us reproduce the issue please describe the configuration in more details.

Do I understand it right that the user attempts to authenticate using only the key (BTW, is the key RSA or DSA) to the server that accepts only key authentication (so far so good)? OR is both password and key authentication enabled on the client?

My guess is that maybe the server explicitly sends denial response when it sees password authentication request and the password is forbidden. But this is just a guess.


Sincerely yours
Eugene Mayevski
#16707
Posted: 06/20/2011 02:56:30
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Also, is this possible that server accepts *only* ECDSA certificates?
#16708
Posted: 06/20/2011 03:05:56
by Vincent Parrett (Standard support level)
Joined: 01/17/2008
Posts: 20

I'm pretty sure that it is a default install of the latest opensuse. I will check with the person actually doing the tests tomorrow (he used my account to report this) but I believe he just downloaded the latest release and ran it up in a vm.
#16709
Posted: 06/20/2011 03:16:29
by Eugene Mayevski (EldoS Corp.)

We worked with OpenSSH 5.8 before so if the problem were that global, we'd discover it. So I assume it's really configuration-specific (configuration here applies both to the client and the server).


Sincerely yours
Eugene Mayevski
#16721
Posted: 06/20/2011 19:37:58
by Vincent Parrett (Standard support level)
Joined: 01/17/2008
Posts: 20

Hi,
Thanks for your responses - I believe they've pointed me in the right direction.

I'm confirming with the customer, but I suspect they were using only username/password, which obviously won't work with PasswordAuthentication set to no. What confused them (and me) is that PuTTY and WinSCP both allow you to authenticate with username/password, even when PasswordAuthentication is set to no.

Unless the customer comes back and says they are using a keyfile, I think it's safe to close this.

Thanks again for your help.
#16761
Posted: 06/21/2011 07:07:32
by Eugene Mayevski (EldoS Corp.)

Quote
Vincent Parrett wrote:
is that PuTTY and WinSCP both allow you to authenticate with username/password, even when PasswordAuthentication is set to no.


They probably use keyboard-interactive authentication. Check your code regarding this auth. type - maybe you need to enable it.


Sincerely yours
Eugene Mayevski
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 1722 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!