0 votes
ago by (140 points)

We’ve encountered a problem when using Rebex to connect via SFTP to a RHEL 9 server configured with a restricted set of public key algorithms.
When the server’s sshd_config contains:

PubkeyAcceptedAlgorithms rsa-sha2-512

Rebex fails to authenticate using a valid private key. The error returned is:
A public key corresponding to the supplied private key was not accepted by the server or the user name is incorrect.

---> Rebex.Net.SshException: A public key corresponding to the supplied private key was not accepted by the server or the user name is incorrect.

However, when we modify the configuration to:

PubkeyAcceptedAlgorithms rsa-sha2-512,rsa-sha2-256

the connection succeeds without issue.
This behavior has been reproduced consistently across three separate environments. Below is the relevant stack trace:

at Rebex.Net.SshSession.ahjfn(String p0, String p1, xaxuc`1 p2, SshGssApiCredentials p3, Boolean p4)
at Rebex.Net.SshSession.icobj(String p0, String p1, xaxuc`1 p2)
at Rebex.Net.Sftp.lsqxf.lbomd(String p0, String p1, xaxuc`1 p2, syrio p3)
at Rebex.Net.Sftp.llstr(String p0, String p1, xaxuc`1 p2, syrio p3)
at Rebex.Net.Sftp.Login(String userName, SshPrivateKey privateKey)

Could you please confirm whether Rebex fully supports rsa-sha2-512 as the sole algorithm in PubkeyAcceptedAlgorithms, or if additional configuration is required?

Applies to: Rebex SFTP
ago by (150k points)
It looks like Rebex SFTP might be selecting rsa-sha2-256 as a preferred algorithm. Which version of Rebex SFTP do you use?
Currently, the algorithm selection is not perfect due to backward compatibility constraints, although we plan to improve this for version 8. (Server announcement of PubkeyAcceptedAlgorithms is a recently-added SSH extension.)

In the meantime, do you have rsa-sha2-512 enabled as a host key algorithm?
If you do, it should be possible to force it for client authentication using this code (called before the Connect method):

    var sftp = new Sftp();

    Rebex.Security.Cryptography.CryptoHelper.SetOption(sftp.Settings.SshParameters, "ClientKeyAlgorithms", new string[] { "rsa-sha2-512" });

    sftp.Connect(...);

(Edit: Posted wrong code at first.)
ago by (140 points)

Hi,
I am using 7.0.8865.0 version of Rebex
Thanks for workaround it worked in my test lab. Although it will be hard to utilize it in the production code because I would have to expose extra parameter for configuration, which I would like to avoid. Our clients are not really technical and the configuration of SSH connection is "Default", "Restricted".
Do you have some estimation when this issue could be fixed.

ago by (150k points)
At the moment, we are not even sure whether there is anything to fix.

By default, Rebex SFTP uses the following approach to select a suitable client key authentication algorithm:
- First, it takes a list of host key algorithms enabled via Sftp.Settings.SshParameters.HostKeyAlgorithms.
- Then, it gets an intersection of that list with the list specified by Sftp.Settings.SshParameters.SetHostKeyAlgorithms.
- If the server announces supported client host key algorithms using SSH_MSG_EXT_INFO extension, the list is sorted according to server's order of preference.
- Finally, Rebex SFTP picks the first suitable algorithm from the list, and uses that.

So, as long as rsa-sha2-512 is enabled using SshParameters, and precedes other RSA algorithms in the server's SSH_MSG_EXT_INFO extension packet, it should be used.
For some reason, this is not the case in your scenario, but we would have to look into it more thoroughly to find out. Perhaps you don't have rsa-sha2-512 enabled as a host key algorithm, or the server does not announce the list via SSH_MSG_EXT_INFO extension, or it does not announce the list in the proper order. A debug log at [LogLevel.Verbose](https://www.rebex.net/kb/logging/) can be used to find out.

Alternatively, if a custom list of client host key algorithms has been specified using the "ClientKeyAlgorithms" option, then the first suitable algorithm in that list is used.
So the following workaround seems quite suitable for "Restricted" servers:
1. Get a list of ciphers returned by SshParameters.GetSupportedHostKeyAlgorithms() to see what's actually supported.
2. Based on that, create a custom "restricted" list that only includes allowed algorithms (such as "rsa-sha2-512") in a proper order.
3. Pass that list to SFTP client via Rebex.Security.Cryptography.CryptoHelper.SetOption(sftp.Settings.SshParameters, "ClientKeyAlgorithms", restricted) call.
ago by (140 points)
edited ago by
Hi,
Thanks for this info. According to sshd -T following algorithms are used.
hostkeyalgorithms rsa-sha2-512
pubkeyacceptedalgorithms rsa-sha2-512

Below are logs from not working scenario (Rebex Default settings, and server sshd setting as above)
2025-10-17 09:31:49.426 VERBOSE Sftp(1)[8] SSH: Received packet SSH_MSG_EXT_INFO (247 bytes).
 0000 |07-00-00-00-01-00-00-00 0F-73-65-72-76-65-72-2D| .........server-
 0010 |73-69-67-2D-61-6C-67-73 00-00-00-DB-73-73-68-2D| sig-algs....ssh-
 0020 |65-64-32-35-35-31-39-2C 73-6B-2D-73-73-68-2D-65| ed25519,sk-ssh-e
 0030 |64-32-35-35-31-39-40-6F 70-65-6E-73-73-68-2E-63| d25519@openssh.c
 0040 |6F-6D-2C-73-73-68-2D-72 73-61-2C-72-73-61-2D-73| om,ssh-rsa,rsa-s
 0050 |68-61-32-2D-32-35-36-2C 72-73-61-2D-73-68-61-32| ha2-256,rsa-sha2
 0060 |2D-35-31-32-2C-73-73-68 2D-64-73-73-2C-65-63-64| -512,ssh-dss,ecd
 0070 |73-61-2D-73-68-61-32-2D 6E-69-73-74-70-32-35-36| sa-sha2-nistp256
 0080 |2C-65-63-64-73-61-2D-73 68-61-32-2D-6E-69-73-74| ,ecdsa-sha2-nist
 0090 |70-33-38-34-2C-65-63-64 73-61-2D-73-68-61-32-2D| p384,ecdsa-sha2-
 00A0 |6E-69-73-74-70-35-32-31 2C-73-6B-2D-65-63-64-73| nistp521,sk-ecds
 00B0 |61-2D-73-68-61-32-2D-6E 69-73-74-70-32-35-36-40| a-sha2-nistp256@
 00C0 |6F-70-65-6E-73-73-68-2E 63-6F-6D-2C-77-65-62-61| openssh.com,weba
 00D0 |75-74-68-6E-2D-73-6B-2D 65-63-64-73-61-2D-73-68| uthn-sk-ecdsa-sh
 00E0 |61-32-2D-6E-69-73-74-70 32-35-36-40-6F-70-65-6E| a2-nistp256@open
 00F0 |73-73-68-2E-63-6F-6D                           | ssh.com
2025-10-17 09:31:49.426 DEBUG Sftp(1)[8] SSH: Server supports extension negotiation.
2025-10-17 09:31:49.452 VERBOSE Sftp(1)[1] SSH: Sending packet SSH_MSG_SERVICE_REQUEST (17 bytes).
 0000 |05-00-00-00-0C-73-73-68 2D-75-73-65-72-61-75-74| .....ssh-useraut
 0010 |68                                             | h
2025-10-17 09:31:49.580 VERBOSE Sftp(1)[8] SSH: Received packet SSH_MSG_SERVICE_ACCEPT (17 bytes).
 0000 |06-00-00-00-0C-73-73-68 2D-75-73-65-72-61-75-74| .....ssh-useraut
 0010 |68                                             | h
2025-10-17 09:31:49.580 VERBOSE Sftp(1)[1] SSH: Sending packet SSH_MSG_USERAUTH_REQUEST (46 hidden bytes).
2025-10-17 09:31:49.712 VERBOSE Sftp(1)[8] SSH: Received packet SSH_MSG_USERAUTH_FAILURE (53 bytes).
 0000 |33-00-00-00-2F-70-75-62 6C-69-63-6B-65-79-2C-67| 3.../publickey,g
 0010 |73-73-61-70-69-2D-6B-65 79-65-78-2C-67-73-73-61| ssapi-keyex,gssa
 0020 |70-69-2D-77-69-74-68-2D 6D-69-63-2C-70-61-73-73| pi-with-mic,pass
 0030 |77-6F-72-64-00                                 | word.
2025-10-17 09:31:49.713 DEBUG Sftp(1)[1] SSH: Allowed authentication methods for 'verifyUserAutom': publickey, gssapi-keyex, gssapi-with-mic, password.
2025-10-17 09:31:49.714 DEBUG Sftp(1)[1] SSH: Trying public key authentication for 'verifyUserAutom' using 'rsa-sha2-256' (SHA256:D9b+v7vGUBC1G3tDA+WOcJ1vkkciYH1qzMUZSScU8as)
2025-10-17 09:31:49.719 VERBOSE Sftp(1)[1] SSH: Sending packet SSH_MSG_USERAUTH_REQUEST (629 hidden bytes).
2025-10-17 09:31:49.853 VERBOSE Sftp(1)[8] SSH: Received packet SSH_MSG_USERAUTH_FAILURE (53 bytes).
 0000 |33-00-00-00-2F-70-75-62 6C-69-63-6B-65-79-2C-67| 3.../publickey,g
 0010 |73-73-61-70-69-2D-6B-65 79-65-78-2C-67-73-73-61| ssapi-keyex,gssa
 0020 |70-69-2D-77-69-74-68-2D 6D-69-63-2C-70-61-73-73| pi-with-mic,pass
 0030 |77-6F-72-64-00                                 | word.
2025-10-17 09:31:49.859 ERROR Sftp(1)[1] SSH: Rebex.Net.SshException: A public key corresponding to the supplied private key was not accepted by the server or the user name is incorrect.
   w Rebex.Net.SshSession.ahjfn(String p0, String p1, xaxuc`1 p2, SshGssApiCredentials p3, Boolean p4) w C:\Dev\cpm-extensions-common\Expect\Expect.NET\Internal\Settings\StoreKeyInCache.cs:wiersz 0
2025-10-17 09:31:49.868 VERBOSE Sftp(1)[1] SSH: Sending packet SSH_MSG_DISCONNECT (27 bytes).
 0000 |01-00-00-00-0B-00-00-00 0E-53-65-73-73-69-6F-6E| .........Session
 0010 |20-63-6C-6F-73-65-64-00 00-00-00               |  closed....
-------------------------------------------------------------------------------------------------------
Below you can find logs from working execution when the only thing I have changed is adding this line to code:
Rebex.Security.Cryptography.CryptoHelper.SetOption(sftpClient.Settings.SshParameters, "ClientKeyAlgorithms", new string[] { "rsa-sha2-512" });
Server config stayed intact:
2025-10-17 09:28:13.423 VERBOSE Sftp(1)[8] SSH: Received packet SSH_MSG_EXT_INFO (247 bytes).
 0000 |07-00-00-00-01-00-00-00 0F-73-65-72-76-65-72-2D| .........server-
 0010 |73-69-67-2D-61-6C-67-73 00-00-00-DB-73-73-68-2D| sig-algs....ssh-
 0020 |65-64-32-35-35-31-39-2C 73-6B-2D-73-73-68-2D-65| ed25519,sk-ssh-e
 0030 |64-32-35-35-31-39-40-6F 70-65-6E-73-73-68-2E-63| d25519@openssh.c
 0040 |6F-6D-2C-73-73-68-2D-72 73-61-2C-72-73-61-2D-73| om,ssh-rsa,rsa-s
 0050 |68-61-32-2D-32-35-36-2C 72-73-61-2D-73-68-61-32| ha2-256,rsa-sha2
 0060 |2D-35-31-32-2C-73-73-68 2D-64-73-73-2C-65-63-64| -512,ssh-dss,ecd
 0070 |73-61-2D-73-68-61-32-2D 6E-69-73-74-70-32-35-36| sa-sha2-nistp256
 0080 |2C-65-63-64-73-61-2D-73 68-61-32-2D-6E-69-73-74| ,ecdsa-sha2-nist
 0090 |70-33-38-34-2C-65-63-64 73-61-2D-73-68-61-32-2D| p384,ecdsa-sha2-
 00A0 |6E-69-73-74-70-35-32-31 2C-73-6B-2D-65-63-64-73| nistp521,sk-ecds
 00B0 |61-2D-73-68-61-32-2D-6E 69-73-74-70-32-35-36-40| a-sha2-nistp256@
 00C0 |6F-70-65-6E-73-73-68-2E 63-6F-6D-2C-77-65-62-61| openssh.com,weba
 00D0 |75-74-68-6E-2D-73-6B-2D 65-63-64-73-61-2D-73-68| uthn-sk-ecdsa-sh
 00E0 |61-32-2D-6E-69-73-74-70 32-35-36-40-6F-70-65-6E| a2-nistp256@open
 00F0 |73-73-68-2E-63-6F-6D                           | ssh.com
2025-10-17 09:28:13.423 DEBUG Sftp(1)[8] SSH: Server supports extension negotiation.
2025-10-17 09:28:13.453 VERBOSE Sftp(1)[1] SSH: Sending packet SSH_MSG_SERVICE_REQUEST (17 bytes).
 0000 |05-00-00-00-0C-73-73-68 2D-75-73-65-72-61-75-74| .....ssh-useraut
 0010 |68                                             | h
2025-10-17 09:28:13.579 VERBOSE Sftp(1)[8] SSH: Received packet SSH_MSG_SERVICE_ACCEPT (17 bytes).
 0000 |06-00-00-00-0C-73-73-68 2D-75-73-65-72-61-75-74| .....ssh-useraut
 0010 |68                                             | h
2025-10-17 09:28:13.580 VERBOSE Sftp(1)[1] SSH: Sending packet SSH_MSG_USERAUTH_REQUEST (46 hidden bytes).
2025-10-17 09:28:13.716 VERBOSE Sftp(1)[8] SSH: Received packet SSH_MSG_USERAUTH_FAILURE (53 bytes).
 0000 |33-00-00-00-2F-70-75-62 6C-69-63-6B-65-79-2C-67| 3.../publickey,g
 0010 |73-73-61-70-69-2D-6B-65 79-65-78-2C-67-73-73-61| ssapi-keyex,gssa
 0020 |70-69-2D-77-69-74-68-2D 6D-69-63-2C-70-61-73-73| pi-with-mic,pass
 0030 |77-6F-72-64-00                                 | word.
2025-10-17 09:28:13.716 DEBUG Sftp(1)[1] SSH: Allowed authentication methods for 'verifyUserAutom': publickey, gssapi-keyex, gssapi-with-mic, password.
2025-10-17 09:28:13.718 DEBUG Sftp(1)[1] SSH: Trying public key authentication for 'verifyUserAutom' using 'rsa-sha2-512' (SHA256:D9b+v7vGUBC1G3tDA+WOcJ1vkkciYH1qzMUZSScU8as)
2025-10-17 09:28:13.728 VERBOSE Sftp(1)[1] SSH: Sending packet SSH_MSG_USERAUTH_REQUEST (629 hidden bytes).
2025-10-17 09:28:13.895 VERBOSE Sftp(1)[8] SSH: Received packet SSH_MSG_USERAUTH_SUCCESS (1 bytes).
 0000 |34                                             | 4
2025-10-17 09:28:13.895 DEBUG Sftp(1)[1] SSH: Authentication successful.
2025-10-17 09:28:13.898 DEBUG Sftp(1)[1] SSH: Opening channel 'session' (initial window size: 131072, max packet size: 129024).
2025-10-17 09:28:13.898 VERBOSE Sftp(1)[1] SSH: Sending packet SSH_MSG_CHANNEL_OPEN (24 bytes).
 0000 |5A-00-00-00-07-73-65-73 73-69-6F-6E-00-00-00-00| Z....session....
 0010 |00-02-00-00-00-01-F8-00                        | ........
2025-10-17 09:28:14.116 VERBOSE Sftp(1)[8] SSH: Received packet SSH_MSG_GLOBAL_REQUEST (603 bytes).







Let me know if you need full logs. How Can I pass it to you?
Are you suggesting it is RHEL issue, Putty and Tectia works fine with this user/cert and server config.
ago by (150k points)
Apparently, the server still sends a SSH_MSG_EXT_INFO packet that announces support for a dozen of signature algorithms including "ssh-rsa", "rsa-sha2-256" and "rsa-sha2-512", in that order. That's why Rebex SFTP picks "rsa-sha2-256". It looks like PubkeyAcceptedAlgorithms setting has not actually been applied. Make sure these settings are actually in sshd_config and not the client-side ssh_config.

I can't speak for PuTTY or Tectia, but perhaps their SSH clients prefer rsa-sha2-512 to rsa-sha2-256 on their own. You can achieve the same behavior in Rebex SFTP using the "ClientKeyAlgorithms" option.

Please log in or register to answer this question.

...