search

mono / ngit

Automated jgit port to c#
261 stars 152 forks source link

[NSch] Unable to get Ssh connection with private/public key working #2

Closed ahall closed 12 years ago

ahall commented 13 years ago

This is the code I'm currently using:

JSch jsch = new JSch();
jsch.AddIdentity("/path/to/mykey");

Session session = jsch.GetSession("someuser", "somehost");
Hashtable table = new Hashtable();
table["StrictHostKeyChecking"] = "no";
table["PasswordAuthentication"] = "no";
table["ChallengeResponseAuthentication"] = "no";
table["X11Forwarding"] = "no";
table["BatchMode"] = "no";
session.SetConfig(table);
session.Connect();
session.Disconnect();

On the server side I get this:

Oct 31 22:30:21 somehost sshd[12841]: error: RSA_public_decrypt failed:    error:0407006A:lib(4):func(112):reason(106)

This is using an RSA key, I tried using DSA as well and it doesn't work either. Using ssh -i /path/to/key somehost works fine.

ahall commented 13 years ago

After turning logging on in NGit we get more information. It's also interesting that AES-256 cipers are not available. I'm running on mono 2.6.7, would be nice if someone goes ahead and tests this on mono 2.8:

ahall@titanium:~/Projects/testssh/testssh/bin/Debug$ mono --debug testssh.exe
Connecting to somehost port 22
Connection established
Remote version string: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3
Local version string: SSH-2.0-JSCH-0.1.43
CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
aes256-ctr is not available.
aes192-ctr is not available.
aes128-ctr is not available.
aes256-cbc is not available.
aes192-cbc is not available.
aes128-cbc is not available.
3des-ctr is not available.
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server->client 3des-cbc hmac-md5 none
kex: client->server 3des-cbc hmac-md5 none
SSH_MSG_KEXDH_INIT sent
expecting SSH_MSG_KEXDH_REPLY
ssh_rsa_verify: signature True
Permanently added 'somehost' (RSA) to the list of known hosts.                                                                                                                            
SSH_MSG_NEWKEYS sent
SSH_MSG_NEWKEYS received
SSH_MSG_SERVICE_REQUEST sent
SSH_MSG_SERVICE_ACCEPT received
Authentications that can continue: publickey,keyboard-interactive,password
Next authentication method: publickey
Authentications that can continue: password
Next authentication method: password
Disconnecting from somehost port 22

Unhandled Exception: NSch.JSchException: Auth fail
  at NSch.Session.Connect (Int32 connectTimeout) [0x00000] in <filename unknown>:0▷
pvginkel commented 13 years ago

I'm seeing this error too. The problem seems to be that the RSA signature returned by SHA1withRSASignature.Sign() is incorrect. The SSH server outputs the following message:

Jul  9 15:04:34 titan sshd[12778]: error: RSA_public_decrypt failed: error:0407006A:lib(4):func(112):reason(106)

openssl errstr gives:

error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
alanmcgovern commented 12 years ago

I believe this issue was fixed several months ago. We had hardcoded the value we expected the ssh key public exponent to have. All keys which did not use that hardcoded public exponent failed with errors like this. I'd recommend trying the latest from git and re-open this if the problem is still there.

pvginkel commented 12 years ago

I cannot thank you enough for solving this issue. Works perfectly.