SSH RSA keys authentication issue.

+1 vote
asked Oct 27, 2016 by Andrey Rudakov (360 points)
edited Oct 27, 2016 by Andrey Rudakov

Hello. I have some problems with key authentication on my Huawei AR160 device using the Rebex components.

  1. Generating keys.

        SshHostKeyAlgorithm keyAlgorithm = SshHostKeyAlgorithm.RSA;
        Int32 keySize = 2048;
        Rebex.Net.SshPrivateKey privateKey = Rebex.Net.SshPrivateKey.Generate(keyAlgorithm, keySize);
        privateKey.Save("C:\\ar160.ppk", UserPassword, SshPrivateKeyFormat.Putty);
        privateKey.SavePublicKey("C:\\ar160.pub", SshPublicKeyFormat.Ssh2Base64);
    
  2. Importing the public key to a device.

  3. Trying to connect to a device using Putty and the private key. Success.

  4. Trying to connect to a device using Rebex code sample and the private key. Authentication failed.

         using (var ssh = new Rebex.Net.Ssh())
         {
            ssh.LogWriter = new Rebex.FileLogWriter(@"C:\rebex.log", Rebex.LogLevel.Verbose);
            var privateKey = new Rebex.Net.SshPrivateKey("C:\\ar160.ppk", UserPassword);
            ssh.Settings.SshParameters.AuthenticationMethods = Rebex.Net.SshAuthenticationMethod.PublicKey;
            ssh.Connect(HostName, HostPort);
            ssh.Login(UserName, privateKey);
            ssh.Disconnect();
        }
    
  5. Logs and keys. http://wikisend.com/download/129416/ar160.zip

ar160.zip MD5 84F6F510BEC8129C074D533A98C78290

Can you help me understand the problem? Thank you.

commented Oct 27, 2016 by Tomas Knopp (58,580 points)
Hello,

thanks for the logs. I can see you are on a hotfix build from May 2015. There were many enhancements and fixes since then. So before we dive deep into solving it, could you please just download the newest version of Rebex component (trial of Rebex SSH pack at http://www.rebex.net/ssh-pack/download.aspx), and try if the same issue persists with it.  

If you have an active SSH Pack license, you will find the downloading link after logging in at https://www.rebex.net/protected

So give the latest version a try too, and in case the same error persists, just send us a new log file. Thanks!
commented Oct 28, 2016 by Andrey Rudakov (360 points)
Hello. I have installed the newest trial version of Rebex component. The problem is still persist. Example:

    2016-10-28 10:35:21.338 DEBUG Ssh(1)[9] SSH: Allowed authentication methods for 'user': publickey.
2016-10-28 10:35:21.339 DEBUG Ssh(1)[9] SSH: Trying public key authentication for 'user'.
2016-10-28 10:35:21.366 VERBOSE Ssh(1)[9] SSH: Sending packet SSH_MSG_USERAUTH_REQUEST (610 bytes).
 0000 |32-00-00-00-04-75-73-65 72-00-00-00-0E-73-73-68| 2....user....ssh
 0010 |2D-63-6F-6E-6E-65-63-74 69-6F-6E-00-00-00-09-70| -connection....p
 0020 |75-62-6C-69-63-6B-65-79 01-00-00-00-07-73-73-68| ublickey.....ssh
 0030 |2D-72-73-61-00-00-01-17 00-00-00-07-73-73-68-2D| -rsa........ssh-
 0040 |72-73-61-00-00-00-03-01 00-01-00-00-01-01-00-C3| rsa.............
 0050 |14-FF-01-17-52-53-B5-35 0C-FB-62-C8-74-5A-43-38| ....RS.5..b.tZC8
 0060 |3D-D8-F2-4B-7F-6C-DA-02 0B-0A-DB-93-AC-9B-02-82| =..K.l..........
 0070 |6E-FA-49-8C-04-7E-60-C8 3B-EB-89-67-29-7D-DC-04| n.I..~`.;..g)}..
 0080 |80-BC-8C-80-9A-D7-9F-83 1A-3F-08-B0-18-23-62-58| .........?...#bX
 0090 |C1-00-CA-00-2C-6E-8F-F0 DC-72-D8-26-32-CF-B4-32| ....,n...r.&2..2
 00A0 |5D-E7-70-8D-48-8E-D2-63 A1-F6-40-91-D0-F2-A5-C0| ].p.H..c..@.....
 00B0 |F5-D0-5E-4D-0E-B9-44-EB 1A-29-88-3E-5E-9F-D6-40| ..^M..D..).>^..@
 00C0 |D3-30-79-1B-2E-EC-F5-B7 21-E0-52-37-FD-BC-64-F8| .0y.....!.R7..d.
 00D0 |1D-6F-B7-C0-CD-49-6A-C9 A8-BF-32-E4-1C-A3-55-26| .o...Ij...2...U&
 00E0 |4C-76-DE-2A-70-BB-75-C3 D9-12-DD-55-58-D7-C2-82| Lv.*p.u....UX...
 00F0 |30-A5-94-79-D9-03-85-22 32-C2-4C-BA-A9-80-8C-91| 0..y..."2.L.....
 0100 |22-E2-51-16-E4-85-E3-8C 40-EF-12-E4-D2-B1-B6-41| ".Q.....@......A
 0110 |1B-07-B0-83-94-A2-7E-16 54-BF-AC-26-FD-22-85-7F| ......~.T..&."..
 0120 |5E-9D-10-CF-15-04-B0-25 B4-67-94-CD-CD-1B-9C-26| ^......%.g.....&
 0130 |CF-5B-28-DF-C3-19-75-F7 9D-85-10-7A-0A-CB-D5-B4| .[(...u....z....
 0140 |3E-C3-20-5B-C7-65-9D-8B BA-7B-6D-6C-4C-F7-CF-00| >. [.e...{mlL...
 0150 |00-01-0F-00-00-00-07-73 73-68-2D-72-73-61-00-00| .......ssh-rsa..
 0160 |01-00-2B-DC-E1-AE-2A-37 44-E2-7E-B2-E3-D7-8D-F9| ..+...*7D.~.....
 0170 |22-67-C5-ED-6A-06-06-8B 11-98-B3-A1-AC-0F-95-C3| "g..j...........
 0180 |EB-0D-88-F1-B0-D2-F0-B5 28-49-D3-37-C3-EC-68-F5| ........(I.7..h.
 0190 |AB-3B-30-59-E5-E0-F6-1D 75-E6-B9-77-FA-DC-D9-D5| .;0Y....u..w....
 01A0 |A9-2A-42-74-38-3F-96-0A 8E-9F-2B-7C-DE-FB-63-65| .*Bt8?....+|..ce
 01B0 |C3-D0-24-C0-20-1D-75-07 52-B9-D1-76-C9-8E-27-61| ..$. .u.R..v..'a
 01C0 |F5-5A-4C-B2-AC-8A-7F-66 0A-B2-CC-D1-E6-CF-B7-26| .ZL....f.......&
 01D0 |B2-BB-A3-A8-31-04-42-2E A7-C9-8B-3D-5F-12-27-E1| ....1.B....=_.'.
 01E0 |5A-B0-28-87-BB-C2-5F-2B 62-F1-9E-C9-22-9B-D3-48| Z.(..._+b..."..H
 01F0 |17-5C-41-81-33-4C-B2-9C BB-CA-9F-87-3D-B1-E6-D9| .\A.3L......=...
 0200 |66-DB-35-F8-3A-7A-62-F1 0B-90-6E-A9-61-11-19-E4| f.5.:zb...n.a...
 0210 |B5-64-3E-A7-DD-77-9B-F9 12-6B-6F-31-D4-FD-D5-05| .d>..w...ko1....
 0220 |2B-84-F3-C2-30-1D-84-B3 AE-19-C8-43-D3-60-02-B7| +...0......C.`..
 0230 |95-A3-47-50-8F-2E-9E-89 3A-89-D9-93-59-F7-39-9C| ..GP....:...Y.9.
 0240 |D2-8B-C2-C8-31-4B-A5-3D 9C-98-73-AD-CE-B7-84-B5| ....1K.=..s.....
 0250 |5A-88-8A-EE-07-E2-5B-82 E0-DA-0D-E0-28-2C-4F-BA| Z.....[.....(,O.
 0260 |B7-2B                                          | .+
2016-10-28 10:35:21.453 VERBOSE Ssh(1)[11] SSH: Received packet SSH_MSG_USERAUTH_BANNER (41 bytes).
 0000 |35-00-00-00-1F-0D-0A-45 72-72-6F-72-3A-20-41-75| 5......Error: Au
 0010 |74-68-65-6E-74-69-63-61 74-69-6F-6E-20-66-61-69| thentication fai
 0020 |6C-65-64-2E-00-00-00-00 00                     | led......
2016-10-28 10:35:21.454 INFO Ssh(1)[9] SSH: Received banner:
 
Error: Authentication failed.
commented Oct 31, 2016 by Lukas Matyska (38,400 points)
Can you please provide us with the PuTTY log as well? You can find it under the Session->Logging (select "SSH packets and raw data" and browse a path you want).
commented Nov 1, 2016 by Andrey Rudakov (360 points)
I attached the zip archive with my keys and logs (include putty log). The putty log is too large.

http://wikisend.com/download/129416/ar160.zip

ar160.zip MD5 84F6F510BEC8129C074D533A98C78290

1 Answer

0 votes
answered Nov 1, 2016 by Lukas Matyska (38,400 points)
edited Feb 10 by Lukas Matyska
 
Best answer

Thank you for the PuTTY log. It showed that PuTTY uses two step public key send routine, while Rebex is using one step routine. I have tried to add the two step routine.

Since I am not able to find your active support contract, I am sharing here a link to TRIAL version of updated code: http://www.rebex.net/getfile/6040b6f778ff47d9a33afe65585c218f/RebexSshPack-BetaBuild6150-Trial-Binaries.zip

Please let me know, whether this BETA build solved your issue.

EDIT:

At version 2017 R1 we added EnsureKeyAcceptable option that instructs SSH client to announce public key to the server before performing key authentication (two step routine mentioned above, default is one step routine).

commented Nov 2, 2016 by Andrey Rudakov (360 points)
Thank you for the BETA build! The two step routine fix works great with my Huawei device. I am also tested it on my Cisco device and CentOS Linux system using the same key pair. Success.

I have purchased Rebex SSH Pack for .NET, but i need some time to clarify subscription status information.
commented Nov 2, 2016 by Lukas Matyska (38,400 points)
Thank you for letting us know. I have sent you instructions to your e-mail how to obtain full version of the BETA build.
commented Nov 18, 2016 by Andrey Rudakov (360 points)
Thank you very much. The problem is solved.
...