Issue with DSA public key

[logickxit]

Hi all,

While trying to connect with a server using key authentication, I always get this error:

try ssh-dss public key
ssh-dss public key not OK
ORA-20030: Could not login.

I tested the key with putty and FileZilla from different client PCs, without problems, but with the package it does not seem to work.
I cannot test another type (e.g. RSA) as DSA is the only type supported at the moment.

[logickxit]

Is this the correct usage for a DSA key:

AS_sftp.set_log_level (3);
AS_SFTP.open_connection( 'some sftp server' , i_trust_server => true);
AS_SFTP.login('username','password','-----BEGIN DSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,68248D6AE3FFF058

O78kfuI+szElw9lCRHB9xC3G8wztPpGIjZie9Ogt4Xs7Tp0uZI2kixdi6s3xa5Kd
...
...
q1HzyYTpbVw9L5D3f219tCE2wc2fib2k
-----END DSA PRIVATE KEY-----','passphrasse',3);
AS_SFTP.close_connection();

[antonscheffer]

That is the right usage for a DSA key, at least as 'passphrasse' is the password/phrase for you DSA key.
Maybe you can try a DSA key which is not encrypted. I will try some more DSA keys on my test server. maybe I can reproduce the issue.
P.S. You do know that you need the public key which belongs to the private key installed for user "username" on your SFTP server?

[logickxit]

P.S. You do know that you need the public key which belongs to the private key installed for user "username" on your SFTP server?

Yes. It works with Putty and FileZilla, so connection with the key is possible.

[logickxit]

I added some extra logging:

signature OK
host fingerprint: ***
===> Read until 15
===> Read 15
===> Read until 06
===> Read 060000000...
ssh-userauth accepted
try method none
===> Read until 34 or 33
===> Read 330000000...
cannot connect with method none!
Available methods:publickey
try method password
===> Read until 34 or 33
===> Read 330000000...
cannot connect with method password!
try method publickey
Parse private key succeeded
try ssh-dss public key without signature
===> Read until 33 or 3C
===> Read 330000000 (this is unexpected!!)
ssh-dss public key not OK

But if I remove method password, I get this:

signature OK
host fingerprint: MD5*
===> Read until 15
===> Read 15
===> Read until 06
===> Read 060000000*
ssh-userauth accepted
try method none
===> Read until 34 or 33
===> Read 330000000*
cannot connect with method none!
Available methods:publickey
try method publickey
Parse private key succeeded
try ssh-dss public key without signature
===> Read until 33 or 3C
server accepts ssh-dss public key
try ssh-dss public key with signature
===> Read until 34 or 33
===> Read 34
ssh-dss public key OK
logged in
===> Read until 5B or 5C
===> Read 5B000000*
===> Read until 63 or 64
===> Read 630000007B
===> Read until 5E
===> Read 5E0000007B*
sftp openend, server version: 3
sftp open
===> Read until 61
===> Read 600000007B
===> Read 610000007B
everything closed

I have the impression that some of the response messages are responses from older messages being sent to the server...

[antonscheffer]

This very helpful. I will look into it. I couldn't reproduce it myself

[McMogan]

Hi,
Maybe if the first two connect attempts fail (none, password) then the 3rd connect attempt (pk without signature) is a Failure (a ssh server max parameter ?).

I can try to make 2 attempts of method none, and see if the method password works on 3rd attempt on my server.

[antonscheffer]

I've attached another version, which first tries the private key method, then the password method and if still not yet logged in the none method.
as_sftp.zip

[logickxit]

I added this around the password try:

  if auth_methods IS NULL or auth_methods.COUNT = 0 or 'password' MEMBER OF auth_methods THEN

...
END IF;

In other words, the 'password' method is skipped if the server indicates it is not supported. That solves my problem too

[antonscheffer]

Nice to hear your problem is solved. Curious to know what SFTP-server you use by the way, as that behaviour is not according RFC-4252.