Subject: Trouble with public key authentication

Trouble with public key authentication

From: Michael Wiegand <michael.wiegand_at_greenbone.net>
Date: Wed, 1 Jun 2011 09:41:43 +0200

Hello,

I am currently trying to implement ssh authentication through libssh2 in
order to execute a command on the remote system and return its result.

While libssh2 is working flawlessly with password authentication, I am
struggling to get it to work with public key authentication.

I have modeled my code for this part after the example in ssh2_exec.c --
however, when I call libssh2_userauth_publickey_fromfile() it returns
the -18, which means "Username/PublicKey combination invalid" as far as
I can tell.

I have built libssh2 with enable-debug, enabled the trace and set the
log level for the sshd on the remote system to DEBUG3. From what I can
tell from the logs, libssh2 sends the public key and then receives the
list of authentication methods, upon which the error is triggered:

=> libssh2_transport_read() plain (45 bytes)
0000: 33 00 00 00 27 70 75 62 6C 69 63 6B 65 79 2C 70 : 3...'publickey,p
0010: 61 73 73 77 6F 72 64 2C 6B 65 79 62 6F 61 72 64 : assword,keyboard
0020: 2D 69 6E 74 65 72 61 63 74 69 76 65 00 : -interactive.
[libssh2] 0.640831 Transport: Packet type 51 received, length=45
[libssh2] 0.640836 Transport: Looking for packet of type: 52
[libssh2] 0.640839 Transport: Looking for packet of type: 51
[libssh2] 0.640842 Failure Event: -18 - Username/PublicKey combination invalid

The sshd logs on the remote system do not show any failed login attempt,
it seems that the client simply disconnects.

The keypair in question works without any issues when used with "ssh -i"
and with the ssh functionality I'm trying to replace.

I've observed this behavior in both libssh2 1.2.7 and 1.2.8; it does not
seem to make a difference whether openssl or libgcrypt is used. The
private key in question is using a passphrase, if it matters.

Are there any obvious mistakes I'm making which would explain this
behavior? I've observed that libssh2_userauth_list() returns null if
executed in a non-blocking session, so I have tried setting the session
to non-blocking either after or before calling
libssh2_userauth_publickey_fromfile(), but that did not change anything.

If there is any other information you need, feel free to ask. I'm
looking forward to hearing from you.

Regards,

Michael

-- 
Michael Wiegand |  Greenbone Networks GmbH  |  http://www.greenbone.net/
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2011-06-01