From: libssh2-devel-bounces_at_cool.haxx.se
[mailto:libssh2-devel-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: Friday, July 30, 2010 4:54 PM
To: libssh2 development
Subject: [Retrieved]Re: libssh2, winsshd, SFTP, and publickey login
On Fri, 30 Jul 2010, rhamilton_at_scriptpro.com wrote:
> Can anybody tell me if there is a trick to getting the key format
right, so
> I can use cUrl/libssh2 to do an SFTP transfer to/from a winsshd server
with
> a username and publickey? I have a key that works with putty's psftp,
and
> I've tried several ways to convert it with the puttygen tool
Note that libssh2's API still requires you to pass on both the private
and the
public keys, so you must have both in the correct format.
But it would help if you'd show us the exact little example source code
you're
running when you get your problem, and tell us what return code/error
the
libssh2 function that fails returns etc. Possibly also show us what a
trace
output log reveals.
> Logon attempt 1 for user name 'test' with logon method
> 'publickey' (algorithm: '-----BEGIN',
That certainly seems like a bad algorithm and an indication of a
problem. It
indicates the file is bad I'd say. Or perhaps a bug in libssh2.
> We've upgraded to the latest version of winsshd, and I've tried
libssh2
> v1.0 and v1.2.6.
There's no point in using any other libssh2 version than the most recent
one.
-- / daniel.haxx.se _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel --====================================================================== =========-- Thanks for the reply. I'm actually using command-line curl for the time being. I have a few different versions of the same key that give results like this. C:\SFTP>curl -v -u sshtest: --pubkey sshtest.private -l Sftp://spcaudev1 * About to connect() to spcaudev1 port 22 (#0) * Trying 192.168.191.24... connected * Connected to spcaudev1 (192.168.191.24) port 22 (#0) * SSH authentication methods available: publickey,gssapi-with-mic,password * Using ssh public key file sshtest.private * Using ssh private key file id_dsa * SSH public key authentication failed: Username/PublicKey combination invalid * Authentication failure * Closing connection #0 curl: (67) Authentication failure Other keys will give me a local error talking about things like "not base-64 encoded", or "not a private key". (Which I only mention because it convinces me the it is doing some kind of validation of the file.) In the cases where it does try to pass a key in, the error message from winsshd in the event log always seems to list the algoritm as basically the first word from the first line from the file. Original putty key... PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: sshtest key Public-Lines: 4 AAAAB3NzaC1yc2EAAAABJQAAAIEAxIyY6rQac1ejaZHDNiFm8YMPkO7zJlpsvi7W ... Gives me... Logon attempt 1 for user name 'sshtest' with logon method 'publickey' (algorithm: 'PuTTY-User-Key-File-2:', public key MD5: da:c5:be:1b:58:ba:ac:18:cb:25:dc:f8:4e:63:0f:e6, test only) failed: The received public key algorithm name is unsupported or doesn't match the algorithm encoded in the public key. Puttygen exported to openssh... -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDEjJjqtBpzV6NpkcM2I... Gives me... Logon attempt 1 for user name 'sshtest' with logon method 'publickey' (algorithm: '-----BEGIN', public key MD5: 2f:97:f3:92:54:28:b2:25:50:b9:51:8e:4d:8f:a8:e8, test only) failed: The received public key algorithm name is unsupported or doesn't match the algorithm encoded in the public key. Attempted manual cut-n-paste from puttygen dialog and private key file... ssh-rsa AAAAgQCKHZvjMnNzpV4S1SFkTtK3jId6mhKlVExp92adbVFFfOCLPuE5XqqSP81r ... Gives me... Logon attempt 1 for user name 'sshtest' with logon method 'publickey' (algorithm: 'ssh-rsa', public key MD5: ef:d5:15:e5:c6:2f:61:e7:14:1b:07:40:0a:a0:73:93, test only) failed: The received public key algorithm name is unsupported or doesn't match the algorithm encoded in the public key. If adding more debug output somewhere will help get to the bottom of it, then I'll give it a whirl. I was hoping it was just a case where I hadn't tried exporting to the right format to bridge the gap between the two. The odds-and-ends I'd seen on the subject from web searches seemed to point toward the openssh format that I'm already trying though. _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2010-08-02