problems with private key authentication

I'm trying to get public/private key authentication working with this library. Not sure if this is an issue, or likely an issue with the user (me).

I can successfully get it working with username/password combination, however having issues with private key. I have a server which has the public key saved in its authorized_keys file, and I can ssh successfully from the cRIO to the server using this keyfile from the a command prompt on the cRIO (i.e. ssh -i privateKeyName user@serverIP). However when I use the public key data, or public key file methods in this library, I get an authentication error.

Error -8121 occurred at Field_RnD_Services_LIBSSH2_Toolkit.lvlib:Session.lvclass:Public Key Memory Authentication.vi

Possible reason(s):

[Authentication Error]

I generated the public/private key pair just using:

ssh-keygen -f

and then I put the public key info into the authorised_keys file on the test server.

are the files generated by ssh-keygen the correct format that this library is expecting?

The format for each key file is the following: I'm only using this for testing, so I'm not that concerned about teh secrecy of the content of these files, but here's what the contents of my keyfiles are the following:

Private key:

public key:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2SzRoB0lsw9Dw3m9LMLnrxJ+s+NcQuyh8+ffeOtwe9nQwsytxHvXFIv+ZgNBkQLZBaE79gwimYo8T7IgcknsBAn2BGZs6KrMtnw78RBRdIls/cwHsCWKGlgzLfTMhSD0Mvf9DHHVw7BdhAvwi+QFJv0We17KzOlsNiTesnGVuuazBHNh/sh+VV/B56X8XErAuJh2ESItVj4g5F/WB/EB2kbkvoD2Vi3CVEs8wbT01vc55Mul0DC1xgE0XbKkiKg7HT6OlBxF4bGFQ/Anyupj+4A7uFEFJTwWcWs8699JH2+a1P/DBJ4b9IDWhtpQG0pir2DcaijA3I3uqedLWKRBb admin@NI-cRIO

Any direction or help is appreciated. Let me know if you need any more information. thanks.

Thank you for your interest in the LIBSSH2 for LabVIEW toolkit, and for the detailed debugging information. I am sorry you are experiencing issues with the toolkit and public-private authentication.

and then I put the public key info into the authorised_keys file on the test server.

Did you use the ssh-copy-id utility or did you manually copy the public key into the authorized_keys file? I believe the authorized_keys file needs correct permissions, chmod 755 or something. If the permissions are not correct for the authorized_keys, public, and private key files, then authentication errors for SSH can manifest. I believe the ssh-copy-id utility will ensure the files have correct permissions.

I am looking at my authorized_keys file, and I have a public key hash of ssh-rsa, so I believe you have generated the keys correctly, but each hash of the public key ends in ==. I am wondering if something went wrong with adding the public key to the authorized_keys file.

I know there is a bug between libssh2 and LabVIEW with using the public-private key file API. You cannot simply pass a path to the key files like the command line. Instead, the public-private keys must be explicitly read using the LabVIEW File APIs into strings and then the libssh2 "memory" public-private key API can be used. The "Public Key File" instance of the Authenticate.vi actually implements this workaround for you.

Can you share more of the LabVIEW code, possibly as a VI Snippet?

Can you try the Public Key File Authentication example? This implements the LabVIEW File IO to libssh2 memory workaround.

Did you add a passphrase to the public-private key and are using a ssh-agent on the command line?

It is interesting everything appears to work from the command line with the cRIO communicating to the server. This is a good indicator the server and client are compatible and most likely something with using this library.

Thanks for your response and for looking into it a bit deeper for me!

Ah.... good point, I'm not using a ssh-agent. In my tests from a terminal from the cRIO, to test a ssh connection out (which I have successfully done), I'm using the command ssh -i privateKeyfilename username@<remoteIP>. So maybe that's the issue? The key doesn't have a passphrase to the key. Does it require a ssh-agent? if so, I'm not sure that the cRIO has one installed by default with their ssh-client. Do you know how to install this?

No, I did not use the ssh-copy-id utility (because the cRIO doesn't have it natively), but I copied the keyfiles across to a different computer, and did it from there (after removing the authorized_keys file first). It seems like this file has permissions of 600 (rw for user and nobody else). And it didn't fix the problem.

I added a == to the end of the public key hash in the authorised keys file and the public key as well, and that didn't work.

I used both Public Key File method as well as Public Key Data methods and I got the same result (taken pretty much from the examples folder).

I am passing in an empty string as the password into the authenticate.vi.

I have attached a snippet of code I'm using. I've got all the options there for each method in there so you can see my methodology (I was using those with testing, and just unwiring/rewiring the method I wanted to test/use. Not the most elegant, but worked in a pinch).

SFTP_FieldRnD_listDirAuthIssue

It is possible the public-private key pair that was created using the CLI is not supported by the version of libssh2 used by this toolkit. You generated the public-private key on the cRIO or did you generate from another computer and then copy over to the cRIO and the remote server?

Can you provide the version of the SSH client on your cRIO and the version of the SSH server on the remote host?

You used the ssh-keygen -f command and that probably used the defaults on whatever machine it was executed on. Can you try generate a public-private key with:

ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"

The default type, -t, you generated may not be supported by libssh2.

fieldrndservices / libssh2-labview

problems with private key authentication #62