scott-xu
commented
11 months ago Could you please share the error details?
Closed kimmoonkim closed 9 months ago
scott-xu
commented
11 months ago Could you please share the error details?
kimmoonkim
commented
11 months ago I can share the stack trace here:
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout)
at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session)
at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session)
at Renci.SshNet.ClientAuthentication.TryAuthenticate(ISession session, AuthenticationState authenticationState, String[] allowedAuthenticationMethods, SshAuthenticationException& authenticationException)
at Renci.SshNet.ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session)
at Renci.SshNet.ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory)
at Renci.SshNet.Session.Connect()
at Renci.SshNet.BaseClient.CreateAndConnectSession()
at Renci.SshNet.BaseClient.Connect()
at RenciTest.Program.Test() in C:\repos\Test\Test\Program.cs:line 121
at RenciTest.Program.Main(String[] args) in C:\repos\Test\Test\Program.cs:line 15"
Here is my test code: private static void Test() { PrivateKeyFile[] key = new[] { new PrivateKeyFile("C:\repos\keys\encrypted_private.key", "passphrase") }; SftpClient client = new SftpClient("host", 5022, "user", key); string serverFingerprint = "aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa"; client.HostKeyReceived += (sender, e) => { byte[] expectedFingerPrint = ConvertFingerprintToByteArray(serverFingerprint); string current = ConvertByteArrayToFingerprint(e.FingerPrint); System.Console.WriteLine("server fingerprint: " + current);
if (expectedFingerPrint.Length == e.FingerPrint.Length)
{
for (var i = 0; i < expectedFingerPrint.Length; i++)
{
if (expectedFingerPrint[i] != e.FingerPrint[i])
{
e.CanTrust = false;
break;
}
}
}
else
{
e.CanTrust = false;
}
};
client.Connect();
System.Console.WriteLine("connected!");
}Please explain how to get more useful details if needed
Rob-Hague
commented
11 months ago What type of key is it? RSA? If so, could you try the following before client.Connect():
client.ConnectionInfo.HostKeyAlgorithms.Remove("rsa-sha2-512");
client.ConnectionInfo.HostKeyAlgorithms.Remove("rsa-sha2-256");
If you are then able to connect, could you add the following after client.Connect():
Console.WriteLine(client.ConnectionInfo.ServerVersion);
and post the output here?
Rob-Hague
commented
11 months ago Sorry misclicked...
kimmoonkim
commented
11 months ago Thank you! I tried to remove the HostKeyAlgorithms rsa-sha2-512 and rsa-sha2-256 as you proposed but no success (same stack trace).
The key starts with -----BEGIN RSA PRIVATE KEY----- so I think it is a RSA key
scott-xu
commented
11 months ago It would be helpful if you can share your server side logs.
kimmoonkim
commented
11 months ago I don't have access to the server, but I'll try to get the logs
I tried the client.ConnectionInfo.ServerVersion with the 2020.0.2 SSH.NET nuget (where the client.Connect() is working) and it is: SSH-2.0-JSCAPE
Rob-Hague
commented
11 months ago The surefire way to narrow down what caused it is to run a git bisect. The steps would be:
git clone https://github.com/sshnet/SSH.NET.git
cd SSH.NET/
dotnet build -f netstandard2.0 .\src\Renci.SshNet\Renci.SshNet.csproj
# Have your application reference src\Renci.SshNet\bin\Debug\netstandard2.0\Renci.SshNet.dll
# Test that your application runs (we are expecting to get the error here)
git bisect
git bisect good 2020.0.2
git bisect bad 2023.0.0
# git will then automatically checkout a commit between the two releases.
# Each time it does, run the same dotnet command
dotnet build -f netstandard2.0 .\src\Renci.SshNet\Renci.SshNet.csproj
# and then run your application and see if you get the error.
# If you do get the error, run
git bisect bad
# and if it connects OK, run
git bisect good
# If the "dotnet build" command fails on a particular commit, run
git bisect skip
After around 5 iterations, git should be able to tell you what commit caused the issue. If you could do that it would be most helpful, but I wouldn't blame you if you didn't - it's an arduous process.
kimmoonkim
commented
11 months ago Hi! Thank you for the instructions! I tried this but when I reference the locally built Renci.SshNet.dll I get an exception when the new SftpClient object is created because assembly SshNet.Security.Cryptography, Version=1.3.0.0 cannot be found. Also installing the SshNet.Security.Cryptography nuget doesn't work because manifest infos don't match
Did I miss anything? sorry if it's obvious, I'm stuck
Rob-Hague
commented
11 months ago Sorry about that, I also get the error with a .NET Framework project and I don't know why. I managed to get it working with the following:
cd SSH.NET/ and run dotnet build .\test\Renci.SshNet.Benchmarks\SSH.NET\test\Renci.SshNet.Benchmarks\bin\Debug\net7.0\SshNet.Security.Cryptography.dll into the \bin\Debug folder of your test projectThen it should work (no idea why). You should only have to do that once.
kimmoonkim
commented
11 months ago this is what git bisect said:
8732d3d7efe3c1ff9120bb61bda54cd1ea88a8af is the first bad commit commit 8732d3d7efe3c1ff9120bb61bda54cd1ea88a8af Author: Rob Hague Date: Sat Sep 23 07:09:41 2023 +0200
Add support for RSA SHA-2 public key algorithms (#1177)
* Abstract out the hash algorithm from RsaDigitalSignature
* Add integration tests
* Add DigitalSignature property to KeyHostAlgorithm
* Add IHostAlgorithmsProvider interface
* Verify the host signature
* Fix HostKeyEventArgsTest after merge
* Remove PubkeyAcceptedAlgorithms ssh-rsa
* Add test coverage for RSA keys in PrivateKeyFile
* Obsolete IPrivateKeySource
---------
Co-authored-by: Wojciech Nagórski .../Common/RemoteSshdConfigExtensions.cs | 2 - src/Renci.SshNet.IntegrationTests/Dockerfile | 1 - .../HostKeyAlgorithmTests.cs | 72 +++---- .../PrivateKeyAuthenticationTests.cs | 65 ++++--- .../Renci.SshNet.IntegrationTests.csproj | 1 + .../user/sshnet/authorized_keys | 3 +- src/Renci.SshNet.TestTools.OpenSSH/SshdConfig.cs | 7 +- .../Classes/Common/HostKeyEventArgsTest.cs | 2 +- .../Classes/PrivateKeyFileTest.cs | 36 +++- .../Cryptography/RsaDigitalSignatureTest.cs | 164 +++++++++++++++- .../Classes/Security/KeyAlgorithmTest.cs | 215 +++++++++++++++++++++ src/Renci.SshNet.Tests/Common/TestBase.cs | 4 +- src/Renci.SshNet/Common/ObjectIdentifier.cs | 16 ++ src/Renci.SshNet/ConnectionInfo.cs | 4 + src/Renci.SshNet/IHostAlgorithmsProvider.cs | 21 ++ src/Renci.SshNet/IPrivateKeySource.cs | 17 +- src/Renci.SshNet/NetConfClient.cs | 4 +- src/Renci.SshNet/PrivateKeyAuthenticationMethod.cs | 27 +-- src/Renci.SshNet/PrivateKeyConnectionInfo.cs | 18 +- src/Renci.SshNet/PrivateKeyFile.cs | 66 ++++++- src/Renci.SshNet/ScpClient.cs | 4 +- .../Security/Cryptography/Ciphers/RsaCipher.cs | 7 +- src/Renci.SshNet/Security/Cryptography/DsaKey.cs | 2 +- .../Security/Cryptography/ED25519Key.cs | 2 +- src/Renci.SshNet/Security/Cryptography/EcdsaKey.cs | 2 +- src/Renci.SshNet/Security/Cryptography/Key.cs | 4 +- .../Security/Cryptography/RsaDigitalSignature.cs | 17 +- src/Renci.SshNet/Security/Cryptography/RsaKey.cs | 8 +- src/Renci.SshNet/Security/KeyExchange.cs | 22 +++ .../Security/KeyExchangeDiffieHellman.cs | 16 +- src/Renci.SshNet/Security/KeyExchangeEC.cs | 20 +- src/Renci.SshNet/Security/KeyHostAlgorithm.cs | 120 +++++++++--- src/Renci.SshNet/SftpClient.cs | 4 +- src/Renci.SshNet/SshClient.cs | 4 +- 34 files changed, 767 insertions(+), 210 deletions(-) create mode 100644 src/Renci.SshNet.Tests/Classes/Security/KeyAlgorithmTest.cs create mode 100644 src/Renci.SshNet/IHostAlgorithmsProvider.cs
Rob-Hague
commented
11 months ago Great, thanks for tracking it down. I will try to think about what could have caused it from that commit.
kimmoonkim
commented
11 months ago thank you!
Rob-Hague
commented
11 months ago Please could you try both of the following? I expect at least one of them to work.
1.
PrivateKeyFile key = new PrivateKeyFile(@"C:\repos\keys\encrypted_private.key", "passphrase");
var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;
// Keep ssh-rsa
algs.RemoveAt(0);
algs.RemoveAt(0);
SftpClient client = new SftpClient("host", 5022, "user", key);
// the rest
2.
PrivateKeyFile key = new PrivateKeyFile(@"C:\repos\keys\encrypted_private.key", "passphrase");
var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;
// Keep rsa-sha2-512
algs.RemoveAt(2);
algs.RemoveAt(1);
SftpClient client = new SftpClient("host", 5022, "user", key);
// the restThanks! The first one works, the second one brings the usual exception.
Rob-Hague
commented
11 months ago I downloaded JSCAPE server and unfortunately I can't reproduce the problem 🙁
JaCraig
commented
11 months ago We just started with this issue since the update also and can confirm that the first solution gets us back up and working. The main one in question comes back with SSH-2.0-Axway.Gateway as the host info.
Rob-Hague
commented
11 months ago Ok thanks, the plot thickens. If anyone is willing to get some rudimentary diagnostics, that could be helpful (but might not be 😄)
You will need a debug build of the library, ideally containing b4c829105abb5d1a5ee24ee2a143119fcbd9a276. Download the repo
git clone https://github.com/sshnet/SSH.NET.git
cd SSH.NET
dotnet buildIn your project, remove any nuget reference to SSH.NET and add a reference to Renci.SshNet.dll in SSH.NET/src/Renci.SshNet/bin/Debug/
Configure diagnostics per the instructions in https://github.com/sshnet/SSH.NET/blob/54d01621aa54ce16a1523172b12be3bc9add898a/src/Renci.SshNet/Abstractions/DiagnosticAbstraction.cs (sorry). I.e.
using Renci.SshNet.Abstractions;
DiagnosticAbstraction.Source.Switch = new SourceSwitch("sourceSwitch", "Verbose");
DiagnosticAbstraction.Source.Listeners.Remove("Default");
DiagnosticAbstraction.Source.Listeners.Add(new ConsoleTraceListener());
DiagnosticAbstraction.Source.Listeners.Add(new TextWriterTraceListener("trace.log"));Then run and dump the output of trace.log (in your bin/Debug folder) here.
jkillingsworth
commented
9 months ago I am running into the same problem after upgrading from 2020.0.2 to 2023.0.0. Here is the stack trace I get:
Unhandled exception. Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout)
at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session)
at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session)
at Renci.SshNet.ClientAuthentication.TryAuthenticate(ISession session, AuthenticationState authenticationState, String[] allowedAuthenticationMethods, SshAuthenticationException& authenticationException)
at Renci.SshNet.ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session)
at Renci.SshNet.ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory)
at Renci.SshNet.Session.Connect()
at Renci.SshNet.BaseClient.CreateAndConnectSession()
at Renci.SshNet.BaseClient.Connect()
at ConsoleApp1.Program.Main():x: The following has no effect:
client.ConnectionInfo.HostKeyAlgorithms.Remove("rsa-sha2-512");
client.ConnectionInfo.HostKeyAlgorithms.Remove("rsa-sha2-256");
client.Connect();:x: The following still gives me the same error:
var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;
// Keep rsa-sha2-512
algs.RemoveAt(2);
algs.RemoveAt(1);:heavy_check_mark: I am able to connect successfully if I do this:
var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;
// Keep ssh-rsa
algs.RemoveAt(0);
algs.RemoveAt(0);:heavy_check_mark: This also works:
var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;
// Keep all but reverse the order
algs.Reverse();It seems like it works successfully as long as ssh-rsa is the first one in the list.
I have tried connecting to three different servers. Only one of them fails to connect without the above mentioned modifications to the key.HostKeyAlgorithms list. The misbehaving server reports SSH-2.0-Axway.Gateway as the server version. I have not been able to reproduce this problem when connecting to a server that I control.
When I run the diagnostics using a build based on the latest commit in the develop branch (currently b0d01df), this is what it writes to the trace.log file:
SshNet.Logging Verbose: 1 : Initiating connection to '//////////HOSTNAME//////////:22'.
SshNet.Logging Verbose: 1 : Server version 'SSH-2.0-Axway.Gateway'.
SshNet.Logging Verbose: 1 : [] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Performing ecdh-sha2-nistp256 key exchange.
SshNet.Logging Verbose: 6 : [] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
SshNet.Logging Verbose: 6 : [] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr server cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr client cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 server hmac algorithm.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 client hmac algorithm.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST (none)'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE password,publickey (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Shutting down socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposed socket.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting after exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 1015
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 985
at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\PrivateKeyAuthenticationMethod.cs:line 95
at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session) in C:\Users\Jim KillingswortThe trace.log file seems to be getting truncated. Here is what it prints to the console:
SshNet.Logging Verbose: 1 : Initiating connection to '//////////HOSTNAME//////////:22'.
SshNet.Logging Verbose: 1 : Server version 'SSH-2.0-Axway.Gateway'.
SshNet.Logging Verbose: 1 : [] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Performing ecdh-sha2-nistp256 key exchange.
SshNet.Logging Verbose: 6 : [] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
SshNet.Logging Verbose: 6 : [] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr server cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr client cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 server hmac algorithm.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 client hmac algorithm.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST (none)'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE password,publickey (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Shutting down socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposed socket.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting after exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 1015
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 985
at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\PrivateKeyAuthenticationMethod.cs:line 95
at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\AuthenticationMethod.cs:line 63
at Renci.SshNet.ClientAuthentication.TryAuthenticate(ISession session, AuthenticationState authenticationState, String[] allowedAuthenticationMethods, SshAuthenticationException& authenticationException) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ClientAuthentication.cs:line 137
at Renci.SshNet.ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ClientAuthentication.cs:line 81
at Renci.SshNet.ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ConnectionInfo.cs:line 463
at Renci.SshNet.Session.Connect() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 678
at Renci.SshNet.BaseClient.CreateAndConnectSession() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\BaseClient.cs:line 551
Unhandled Exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 1015
at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 985
at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\PrivateKeyAuthenticationMethod.cs:line 95
at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\AuthenticationMethod.cs:line 63
at Renci.SshNet.ClientAuthentication.TryAuthenticate(ISession session, AuthenticationState authenticationState, String[] allowedAuthenticationMethods, SshAuthenticationException& authenticationException) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ClientAuthentication.cs:line 137
at Renci.SshNet.ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ClientAuthentication.cs:line 81
at Renci.SshNet.ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ConnectionInfo.cs:line 463
at Renci.SshNet.Session.Connect() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 678
at Renci.SshNet.BaseClient.CreateAndConnectSession() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\BaseClient.cs:line 557
at Renci.SshNet.BaseClient.Connect() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\BaseClient.cs:line 242
at Run.Program.Main() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Run\Program.cs:line 70
SshNet.Logging Verbose: 1 : Disposing client.
SshNet.Logging Verbose: 1 : Disconnecting client.These two lines seem to be of particular interest:
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [...] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.I am able to connect successfully when ssh-rsa is the first one in the list.
var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;
// Keep all but reverse the order
algs.Reverse();In this scenario, here is what it prints to the console:
SshNet.Logging Verbose: 1 : Initiating connection to '//////////HOSTNAME//////////:22'.
SshNet.Logging Verbose: 1 : Server version 'SSH-2.0-Axway.Gateway'.
SshNet.Logging Verbose: 1 : [] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Performing ecdh-sha2-nistp256 key exchange.
SshNet.Logging Verbose: 6 : [] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
SshNet.Logging Verbose: 6 : [] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr server cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr client cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 server hmac algorithm.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 client hmac algorithm.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST (none)'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'PublicKeyMessage' from server: 'SSH_MSG_USERAUTH_PK_OK (ssh-rsa)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa with signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelOpenMessage' to server: 'SSH_MSG_CHANNEL_OPEN'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelOpenConfirmationMessage' from server: 'SSH_MSG_CHANNEL_OPEN_CONFIRMATION : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelRequestMessage' to server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelSuccessMessage' from server: 'SSH_MSG_CHANNEL_SUCCESS : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : Disposing client.
SshNet.Logging Verbose: 1 : Disconnecting client.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelEofMessage' to server: 'SSH_MSG_CHANNEL_EOF : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelCloseMessage' to server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelCloseMessage' from server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'DisconnectMessage' to server: 'SSH_MSG_DISCONNECT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Shutting down socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposed socket.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
These lines seem to be of particular interest:
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa without signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'PublicKeyMessage' from server: 'SSH_MSG_USERAUTH_PK_OK (ssh-rsa)'.
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa with signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.I have tried (unsuccessfully) to reproduce the problem using a local installation of OpenSSH with the following configuration.
PubkeyAcceptedAlgorithms ssh-rsaI am still able to connect successfully with the above configuration. Here is the output:
SshNet.Logging Verbose: 1 : Initiating connection to 'localhost:22'.
SshNet.Logging Verbose: 1 : Server version 'SSH-2.0-OpenSSH_for_Windows_9.4'.
SshNet.Logging Verbose: 1 : [] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Performing curve25519-sha256 key exchange.
SshNet.Logging Verbose: 6 : [] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
SshNet.Logging Verbose: 6 : [] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr server cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr client cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 server hmac algorithm.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 client hmac algorithm.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST (none)'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-256 without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'PublicKeyMessage' from server: 'SSH_MSG_USERAUTH_PK_OK (ssh-rsa)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa with signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelOpenMessage' to server: 'SSH_MSG_CHANNEL_OPEN'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'GlobalRequestMessage' from server: 'SSH_MSG_GLOBAL_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelOpenConfirmationMessage' from server: 'SSH_MSG_CHANNEL_OPEN_CONFIRMATION : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelRequestMessage' to server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelWindowAdjustMessage' from server: 'SSH_MSG_CHANNEL_WINDOW_ADJUST : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelSuccessMessage' from server: 'SSH_MSG_CHANNEL_SUCCESS : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : Disposing client.
SshNet.Logging Verbose: 1 : Disconnecting client.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelEofMessage' to server: 'SSH_MSG_CHANNEL_EOF : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelCloseMessage' to server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelRequestMessage' from server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelCloseMessage' from server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'DisconnectMessage' to server: 'SSH_MSG_DISCONNECT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Shutting down socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposed socket.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.These lines seem to be of particular interest:
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-256 without signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa without signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'PublicKeyMessage' from server: 'SSH_MSG_USERAUTH_PK_OK (ssh-rsa)'.
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa with signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.In the third example above, it looks like the client negotiates with the server through a trial and error process until one of the key types is accepted by the server. In the first example, however, it looks like the server rudely disconnects if the first key type offered is not one that it accepts.
Looking at the code, I can see in PrivateKeyAuthenticationMethod.cs where it loops through each key type and breaks out of the loop if the authentication attempt comes back with a success code. The main thread sends a message on line 93 and then waits for a signal on line 95.
Running through the erroneous scenario in the first example, the main thread never makes it past the wait on line 95 above. While the main thread is waiting, a secondary thread running the message listener in Session.cs breaks out of an infinite loop on line 1892 and then proceeds to signal an error on line 1916. See below.
I'm in way over my head here. I'm not sure what the correct behavior should be. Is the server violating protocol by dropping the connection instead of returning a polite denial? Is the client being rude by attempting to use a key type that is not accepted by the server? Is the protocol ambiguous in this case?
Rob-Hague
commented
9 months ago Thanks very much @jkillingsworth. So we have 1x JSCAPE and 2x Axway.Gateway
Is the server violating protocol by dropping the connection instead of returning a polite denial?
That's my naïve view, based on https://datatracker.ietf.org/doc/html/rfc4252#section-7:
Any public key algorithm may be offered for use in authentication. In particular, the list is not constrained by what was negotiated during key exchange. If the server does not support some algorithm, it MUST simply reject the request.
Note: At least one of the available private keys must have the same algorithm as the key negotiated.
which seems against protocol.
I have been wondering what other clients do. It seems like WinSCP/PuTTY only use ssh-rsa signatures for client authentication by default unless the sha2 variants have been specified by the server via the server-sig-algs extension as defined in RFC 8308.
SSH.NET does not currently implement extension negotiation, so we should probably always try ssh-rsa first until it supports server-sig-algs, at which point it could use the strongest variant specified.
jkillingsworth
commented
9 months ago @Rob-Hague Thanks for taking a look at this. I appreciate your help.
If my understanding is correct, this is what is happening:
When the client sends a SSH_MSG_USERAUTH_REQUEST message, the server should respond with either a SSH_MSG_USERAUTH_PK_OK response if it accepts the key type or a SSH_MSG_USERAUTH_FAILURE response if it does not. In the case of OpenSSH, the server behaves according to protocol. In the case of Axway.Gateway (and I assume JSCAPE as well), the server just drops the connection instead of sending back a SSH_MSG_USERAUTH_FAILURE response.
Rob-Hague
commented
9 months ago Yes that's my understanding too
WojciechNagorski
commented
9 months ago The 2023.0.1 version has been released to Nuget: https://www.nuget.org/packages/SSH.NET/2023.0.1
kimmoonkim
commented
9 months ago thank you! sorry I can't retest, because the server I was having the problem with was migrated to SSH-2.0-GoAnywhere7.4.0 which works fine with 2023.0.0
I'm getting a Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server. after upgrading to SSH.NET 2023.0.0 my code still works fine with SSH.NET 2020.0.2
I'm using a private key file to connect (connecting with another server where I have just user/pw still works fine with 2023.0.0)
I have tried this with .NET Framework 4.8 and .NET 7.0, neither works
could you please look into this?