search

sshnet / SSH.NET

SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.
http://sshnet.github.io/SSH.NET/
MIT License
3.94k stars 927 forks source link

Problems connecting to mscdex/ssh2 server #90

Open darkpixel opened 7 years ago

darkpixel commented 7 years ago

I have an SSH server running built off the https://github.com/mscdex/ssh2 NodeJS library.

I am able to authenticate to it using a keypair from Linux using the standard SSH client in Ubuntu, and I am able to connect to it via PuTTY w/ Pageant, but I can't connect using SSH.NET.

All three (PuTTY, the Ubuntu SSH client, and SSH.NET) are configured to authenticate with a keypair.

SSH.NET throws the following error:

Both the Linux SSH client and PuTTY behave the same way--they initially try to authenticate without sending an SSH key, fail, then re-authenticate with an SSH key.

SSH.NET on the other hands tries to authenticate without sending a key, then gives up and throws:

Unable to receive data from server: Renci.SshNet.Common.SshAuthenticationException: No suitable authentication method found to complete authentication ().
   at Renci.SshNet.ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session)
   at Renci.SshNet.ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory)
   at Renci.SshNet.Session.Connect()
   at Renci.SshNet.BaseClient.Connect()
--snip--

I'm not too familiar with the SSH protocol, but I am testing with the first example in the 'Server Examples' section of the README at https://github.com/mscdex/ssh2

All three are also able to successfully authenticate to my 'real' SSH server built into Ubuntu (OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014) using a keypair for authentication.

Debugging info from the server side:

Connecting to my NodeJS SSH2 server using Ubuntu's SSH client results in the following debug info:

  myssh:ssh [12825201.538733554] DEBUG: Outgoing: Writing SERVICE_ACCEPT (ssh-userauth) +0ms
  myssh:ssh [12825201.538733554] DEBUG: Parser: IN_PACKETBEFORE (expecting 16) +1ms
  myssh:ssh [12825201.538733554] DEBUG: Parser: IN_PACKET +37ms
  myssh:ssh [12825201.538733554] DEBUG: Parser: Decrypting +0ms
  myssh:ssh [12825201.538733554] DEBUG: Parser: pktLen:76,padLen:8,remainLen:64 +0ms
  myssh:ssh [12825201.538733554] DEBUG: Parser: IN_PACKETDATA +0ms
  myssh:ssh [12825201.538733554] DEBUG: Parser: Decrypting +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: HMAC size:20 +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATAVERIFY +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: Verifying MAC +1ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC) +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_REQUEST (none) +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETBEFORE (expecting 16) +1ms
  myssh:ssh method: none +4ms
  myssh:ssh key: undefined +0ms
  myssh:ssh fulltype: ssh-rsa +0ms
  myssh:ssh Reject2 +0ms
  myssh:ssh [12825016.418719599] DEBUG: Outgoing: Writing USERAUTH_FAILURE +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKET +40ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: Decrypting +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: pktLen:380,padLen:12,remainLen:368 +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATA +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: Decrypting +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: HMAC size:20 +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATAVERIFY +1ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: Verifying MAC +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC) +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_REQUEST (publickey) +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETBEFORE (expecting 16) +0ms
  myssh:ssh method: publickey +3ms
  myssh:ssh key: [object Object] +0ms
  myssh:ssh fulltype: ssh-rsa +0ms
  myssh:ssh Accept2 +0ms
  myssh:ssh [12825016.418719599] DEBUG: Outgoing: Writing USERAUTH_PK_OK +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKET +41ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: Decrypting +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: pktLen:652,padLen:9,remainLen:640 +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATA +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: Decrypting +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: HMAC size:20 +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATAVERIFY +1ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: Verifying MAC +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC) +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_REQUEST (publickey) +0ms
  myssh:ssh [12825016.418719599] DEBUG: Parser: IN_PACKETBEFORE (expecting 16) +1ms
  myssh:ssh method: publickey +2ms
  myssh:ssh key: [object Object] +0ms
  myssh:ssh fulltype: ssh-rsa +0ms
  myssh:ssh Accept +0ms
  myssh:ssh [12825016.418719599] DEBUG: Outgoing: Writing USERAUTH_SUCCESS +1ms
  myssh:ssh Client authenticated! +0ms

Attempting the same connection with SSH.NET gives the following debug output:

  myssh:ssh [12825175.407096958] DEBUG: Outgoing: Writing SERVICE_ACCEPT (ssh-userauth) +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: IN_PACKETBEFORE (expecting 16) +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: IN_PACKET +65ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: Decrypting +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: pktLen:92,padLen:24,remainLen:80 +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: IN_PACKETDATA +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: Decrypting +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: HMAC size:20 +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: IN_PACKETDATAVERIFY +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: Verifying MAC +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC) +0ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_REQUEST (none) +1ms
  myssh:ssh [12825175.407096958] DEBUG: Parser: IN_PACKETBEFORE (expecting 16) +1ms
  myssh:ssh method: none +3ms
  myssh:ssh key: undefined +0ms
  myssh:ssh fulltype: ssh-rsa +0ms
  myssh:ssh Reject2 +0ms
  myssh:ssh [12825175.407096958] DEBUG: Outgoing: Writing USERAUTH_FAILURE +0ms

I'm don't know enough about the inner workings of SSH to know if this is a problem with the SSH.NET library, the NodeJS SSH2 library, or I'm missing something in the example, but I figured I would start here since other clients can connect without a problem.

Any pointers you can give me would be appreciated. If I should open this against the NodeJS SSH2 library, let me know and I can start there instead.

Thanks

darkpixel commented 7 years ago

Running 2016.0.0.0.

drieseng commented 7 years ago

@darkpixel Thanks for the report. It appears mscdex is sending back an empty list of authentication methods that can continue in the SSH_MSG_USERAUTH_FAILURE message.

The SSH spec only mentions that "its RECOMMENDED that servers only include those 'method name' values in the name-list that are actually useful".

Perhaps other SSH clients only use this "list of authentication methods that can continue" as a hint, and attempt to use other authentication methods anyway. However, this is not how authentication is currently implemented in SSH.NET.

I'll try to reproduce this issue later this week (no guarantees, busy as hell lately).

darkpixel commented 7 years ago

Thanks for looking into it. I'll check with with the NodeJS ssh2 guys and see if they have any input.

darkpixel commented 7 years ago

Passing back ctx.reject(['publickey']) causes SSH.NET to connect successfully. I appreciate the help @mscdex and @drieseng.