search

cyd01 / KiTTY

:computer: KiTTY, a free telnet/ssh client for Windows
https://www.9bis.com/kitty
Other
1.61k stars 137 forks source link

KSCP doesn't work? #505

Open longforrich opened 1 year ago

longforrich commented 1 year ago

same parameter & same password PSCP(0.78) is ok KSCP (0.76.1.12) is NG

logs

KSCP

PS Z:\> kscp.exe -v "Z:\FiraCode-Bold.ttf" root@10.14.41.60:/tmp
Looking up host "10.14.41.60" for SSH connection
Connecting to 10.14.41.60 port 22
We claim version: SSH-2.0-PuTTY_KiTTY
Connected to 10.14.41.60
Remote version: SSH-2.0-OpenSSH_8.2
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
Server also has ecdsa-sha2-nistp256/rsa-sha2-512/rsa-sha2-256/ssh-rsa host keys, but we don't know any of them
Host key fingerprint is:
ssh-ed25519 255 SHA256:14MrO/rEGdhWIl8zjs9M3fTUYHjMaA2ch76f5eqDcQU
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
Reading key file "C:\Users\Administrator\.ssh\id_rsa.pub"
Key file contains public key only
Using username "root".
Pre-authentication banner message from server:
|
| Authorized users only. All activities may be monitored and reported.
End of banner message from server
Using SSPI from SECUR32.DLL
Trying gssapi-with-mic...
Attempting GSSAPI authentication
GSSAPI authentication request refused
root@10.14.41.60's password:
Send automatic password
Sent password
Save password
Password authentication failed
Access denied
Using username "root".
root@10.14.41.60's password:

server log

Aug 14 16:32:23 mpp60 kernel: [13848259.202239] audit: type=2404 audit(1692001943.224:192715): pid=49841 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=SHA256:d7:83:2b:3b:fa:c4:19:d8:56:22:5f:33:8e:cf:4c:dd:f4:d4:60:78:cc:68:0d:9c:87:be:9f:e5:ea:83:71:05 direction=? spid=49841 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Aug 14 16:32:23 mpp60 kernel: [13848259.220693] audit: type=2407 audit(1692001943.244:192716): pid=49840 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=49841 suid=74 rport=63490 laddr=10.14.41.60 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.12.21.76 terminal=? res=success'
Aug 14 16:32:23 mpp60 kernel: [13848259.220754] audit: type=2407 audit(1692001943.244:192717): pid=49840 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=49841 suid=74 rport=63490 laddr=10.14.41.60 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.12.21.76 terminal=? res=success'
Aug 14 16:32:26 mpp60 kernel: [13848262.208508] audit: type=2206 audit(1692001946.234:192718): pid=49840 uid=0 auid=4294967295 ses=4294967295 msg='pam_faillock uid=0  exe="/usr/sbin/sshd" hostname=10.12.21.76 addr=10.12.21.76 terminal=ssh res=success'
Aug 14 16:32:26 mpp60 kernel: [13848262.208556] audit: type=1100 audit(1692001946.234:192719): pid=49840 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/sbin/sshd" hostname=10.12.21.76 addr=10.12.21.76 terminal=ssh res=failed'

PSCP

PS Z:\> ./pscp.exe -i C:\Users\Administrator\.ssh\id_rsa.pub -v "Z:\FiraCode-Bold.ttf" root@10.14.41.60:/tmp
Looking up host "10.14.41.60" for SSH connection
Connecting to 10.14.41.60 port 22
We claim version: SSH-2.0-PuTTY_Release_0.78
Connected to 10.14.41.60
Remote version: SSH-2.0-OpenSSH_8.2
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519, using hash SHA-256 (unaccelerated)
Server also has ecdsa-sha2-nistp256/rsa-sha2-512/rsa-sha2-256/ssh-rsa host keys, but we don't know any of them
Host key fingerprint is:
ssh-ed25519 255 SHA256:14MrO/rEGdhWIl8zjs9M3fTUYHjMaA2ch76f5eqDcQU
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
Reading key file "C:\Users\Administrator\.ssh\id_rsa.pub"
Key file contains public key only
Using username "root".
Pre-authentication banner message from server:
|
| Authorized users only. All activities may be monitored and reported.
End of banner message from server
Using SSPI from SECUR32.DLL
Trying gssapi-with-mic...
Attempting GSSAPI authentication
GSSAPI authentication request refused
root@10.14.41.60's password:
Sent password
Access granted
Opening main session channel
Opened main channel
Started a shell/command
Using SFTP
Connected to 10.14.41.60
Sending file FiraCode-Bold.ttf, size=324328
FiraCode-Bold.ttf         | 316 kB | 316.7 kB/s | ETA: 00:00:00 | 100%
Session sent command exit status 0
Main session channel closed
All channels closed

server log

Aug 14 16:44:47 mpp60 kernel: [13849003.928511] audit: type=2404 audit(1692002687.963:192737): pid=14280 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=SHA256:d7:83:2b:3b:fa:c4:19:d8:56:22:5f:33:8e:cf:4c:dd:f4:d4:60:78:cc:68:0d:9c:87:be:9f:e5:ea:83:71:05 direction=? spid=14280 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
Aug 14 16:44:47 mpp60 kernel: [13849003.940182] audit: type=2407 audit(1692002687.973:192738): pid=14279 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=14280 suid=74 rport=63717 laddr=10.14.41.60 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.12.21.76 terminal=? res=success'
Aug 14 16:44:47 mpp60 kernel: [13849003.940262] audit: type=2407 audit(1692002687.973:192739): pid=14279 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 mac=hmac-sha2-256 pfs=curve25519-sha256@libssh.org spid=14280 suid=74 rport=63717 laddr=10.14.41.60 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.12.21.76 terminal=? res=success'
Aug 14 16:44:50 mpp60 kernel: [13849006.820714] audit: type=1100 audit(1692002690.853:192740): pid=14279 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_kysec,pam_faillock,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=10.12.21.76 addr=10.12.21.76 terminal=ssh res=success'
Aug 14 16:44:50 mpp60 kernel: [13849006.822989] audit: type=1101 audit(1692002690.853:192741): pid=14279 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/sbin/sshd" hostname=10.12.21.76 addr=10.12.21.76 terminal=ssh res=success'
Aug 14 16:44:50 mpp60 kernel: [13849006.823188] audit: type=2404 audit(1692002690.853:192742): pid=14279 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=session fp=? direction=both spid=14280 suid=74 rport=63717 laddr=10.14.41.60 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.12.21.76 terminal=? res=success'
Aug 14 16:44:50 mpp60 systemd[1]: Started Session 287 of user root.
Aug 14 16:44:50 mpp60 kernel: [13849006.825258] audit: type=1103 audit(1692002690.863:192743): pid=14279 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_kysec,pam_faillock,pam_unix acct="root" exe="/usr/sbin/sshd" hostname=10.12.21.76 addr=10.12.21.76 terminal=ssh res=success'
Aug 14 16:44:50 mpp60 kernel: [13849006.825296] audit: type=1006 audit(1692002690.863:192744): pid=14279 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=287 res=1
Aug 14 16:44:50 mpp60 kernel: [13849006.833654] audit: type=1105 audit(1692002690.863:192745): pid=14279 uid=0 auid=0 ses=287 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=10.12.21.76 addr=10.12.21.76 terminal=ssh res=success'