Failed to authenticate via SSH tunneling #912
Description
Describe the bug
Hey, for some unknown reason, the client is not able to connect a remote database through SSH even when provided credentials are correct.
I'am able to access the remote server using the terminal though, however when I try to access through the client, I get an error telling:
Failed to authenticate via private key. Authentication failed or partial success. (4)
These are the logs when I attempt to access through the client:
2023/06/23 22:47:52:036 Application is becoming active.
2023/06/23 22:47:52:069 connectToRecentConnectionById (not requesting password)
2023/06/23 22:47:52:069 doConnect: cashrent-mariadb-qa1.cr41om7t5ri7.us-west-1.rds.amazonaws.com (detected port: 22 specified port: 0)
2023/06/23 22:47:52:081 HSDispatchGroup enter com.hankinsoft.connectionWindowDispatchGroup
2023/06/23 22:47:52:081 doConnect calling getHost:andPort:forServer:userSpecifiedPort:
2023/06/23 22:47:52:081 doConnect self->internalDatabaseConnectionDetails createNewClient
2023/06/23 22:47:52:081 doConnect calling databaseClient->connect
2023/06/23 22:47:52:081 HSChilkatSSHTunnelHelper disconnect
2023/06/23 22:47:52:085 HSChilkatSSHTunnelHelper:closeConnection success YES.
2023/06/23 22:47:52:086 HSSSHTunnelPool - Creating a new connection.
2023/06/23 22:47:52:086 (SSH) HSChilkatSSHTunnelHelper:connect called
2023/06/23 22:47:52:086 HSChilkatSSHTunnelHelper:connect - ssh authentication methods exist in cache: (
publickey,
"gssapi-keyex",
"gssapi-with-mic"
)
2023/06/23 22:47:53:146 SSHTunnel:keysForHost:port: returning an array (1 entries) of fingerprints.
2023/06/23 22:47:53:146 Keydata was found (user previously stored).
2023/06/23 22:47:53:146 SSH:authenticateViaPublicKey - publickey auth path is accessable. Not using bookmark.
2023/06/23 22:47:53:148 HSChilkatSSHTunnelHelper:authenticateViaPublicKey loaded privateKey.
2023/06/23 22:47:53:480 Application is resigning activity.
2023/06/23 22:47:54:619 HSChilkatErrorHelper:errorMessagesFromXML:errorTag:. SearchForTag failed. (null).
2023/06/23 22:47:54:619 HSChilkatSSHTunnelHelper:authenticateViaPublicKey error: Failed to authenticate via private key. Authentication failed or partial success. (4)
2023/06/23 22:47:54:619 publickey authentication finished and we are not yet authenticated.
2023/06/23 22:47:54:619 HSChilkatSSHTunnelHelper tunnel log is:
Connect_SshTunnel:
DllDate: Nov 18 2022
ChilkatVersion: 9.5.0.93
UnlockPrefix: HNKNSF.CB1082023
Architecture: Little Endian; 64-bit
Language: Cocoa Objective-C
VerboseLogging: 1
Component successfully unlocked using purchased unlock code.
hostname: 13.57.226.121
port: 22
sshConnect:
connectSocket:
domainOrIpAddress: 13.57.226.121
port: 22
connectTimeoutMs: 10000
connect_ipv6_or_ipv4:
This is an IPV4 numeric address.
Domain to IP address resolution not needed.
getAddressInfo:
(leaveContext)
findIpAddrInfo:
(leaveContext)
connecting to IPV4 address...
ipAddress: 13.57.226.121
createSocket:
Setting SO_SNDBUF size
sendBufSize: 262144
Setting SO_RCVBUF size
recvBufSize: 4194304
(leaveContext)
connect:
Waiting for the connect to complete...
connectTimeoutMs: 10000
ck_getsockname_ipv4:
(leaveContext)
myIP: 192.168.1.102
myPort: 58173
socket connect successful.
(leaveContext 276ms)
(leaveContext 276ms)
(leaveContext 276ms)
Established TCP/IP connection with SSH server
Turning on TCP_NODELAY.
(leaveContext 277ms)
sshSetupConnection:
clientIdentifier: SSH-2.0-PuTTY_Release_0.70
Sending client identifier...
Done sending client identifier.
Reading server version...
initialDataFromSshServer: SSH-2.0-OpenSSH_8.7
serverVersion: SSH-2.0-OpenSSH_8.7
build_kexInit:
kexPrefList: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1
preferRsaHostKeyAlgorithm: 1
hostKeyPrefList: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,rsa-sha2-256,rsa-sha2-512,ssh-ed25519,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
cipherPrefList: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr,aes192-ctr,aes128-cbc,aes256-cbc,aes192-cbc,twofish256-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour128,arcfour256
macPrefList: hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1-96,hmac-md5,none
allowCompression: False
(leaveContext)
serverKex:
KeyExchangeAlgs:
algorithm: curve25519-sha256
algorithm: curve25519-sha256@libssh.org
algorithm: ecdh-sha2-nistp256
algorithm: ecdh-sha2-nistp384
algorithm: ecdh-sha2-nistp521
algorithm: diffie-hellman-group-exchange-sha256
algorithm: diffie-hellman-group14-sha256
algorithm: diffie-hellman-group16-sha512
algorithm: diffie-hellman-group18-sha512
(leaveContext 2ms)
HostKeyAlgs:
algorithm: ecdsa-sha2-nistp256
algorithm: ssh-ed25519
(leaveContext 1ms)
EncCS:
algorithm: aes256-gcm@openssh.com
algorithm: chacha20-poly1305@openssh.com
algorithm: aes256-ctr
algorithm: aes128-gcm@openssh.com
algorithm: aes128-ctr
(leaveContext 1ms)
EncSC:
algorithm: aes256-gcm@openssh.com
algorithm: chacha20-poly1305@openssh.com
algorithm: aes256-ctr
algorithm: aes128-gcm@openssh.com
algorithm: aes128-ctr
(leaveContext 1ms)
MacCS:
algorithm: hmac-sha2-256-etm@openssh.com
algorithm: hmac-sha1-etm@openssh.com
algorithm: umac-128-etm@openssh.com
algorithm: hmac-sha2-512-etm@openssh.com
algorithm: hmac-sha2-256
algorithm: hmac-sha1
algorithm: umac-128@openssh.com
algorithm: hmac-sha2-512
(leaveContext 1ms)
MacSC:
algorithm: hmac-sha2-256-etm@openssh.com
algorithm: hmac-sha1-etm@openssh.com
algorithm: umac-128-etm@openssh.com
algorithm: hmac-sha2-512-etm@openssh.com
algorithm: hmac-sha2-256
algorithm: hmac-sha1
algorithm: umac-128@openssh.com
algorithm: hmac-sha2-512
(leaveContext)
CompCS:
algorithm: none
algorithm: zlib@openssh.com
(leaveContext 1ms)
CompSC:
algorithm: none
algorithm: zlib@openssh.com
(leaveContext)
LangCS:
(leaveContext)
LangSC:
(leaveContext)
ChosenIncomingEncryption: chacha20-poly1305@openssh.com
ChosenOutgoingEncryptoin: chacha20-poly1305@openssh.com
ChosenIncomingMac: hmac-sha1-etm@openssh.com
ChosenOutgoingMac: hmac-sha1-etm@openssh.com
ChosenIncomingCompression: none
ChosenOutgoingCompression: none
ChosenKexAlgorithm: curve25519-sha256@libssh.org
choose_hostkey_algorithm:
(leaveContext)
ChosenHostKeyAlgorithm: ecdsa-sha2-nistp256
(leaveContext 9ms)
numBits: 256
pbits: 4096
Using Curve25519.
sendCurve25519Init:
Sent: SSH2_MSG_KEX_ECDH_INIT
(leaveContext 1ms)
computeExchangeHash:
dhReplyMsgType: 31
serverVersion: [SSH-2.0-OpenSSH_8.7]
Computing exchange hash for Curve25519
Using SHA256 for Key Exchange Hash
(leaveContext 2ms)
verifyHostKey:
hostKeyAlg: ecdsa-sha2-nistp256
loadCurveByName:
name: ecdsa-sha2-nistp256
(leaveContext)
curveName: nistp256
loadEccPoint:
(leaveContext)
exportEccPoint:
(leaveContext)
eccVerifySig:
r_len: 32
s_len: 32
eccVerifyHash:
unpackDsaSig:
siglen: 64
isAsnSig: False
sig: 48D30939FA771718B1D04AF31AD60B15152FE062F1B3F854B0A75097E542503723571780E59C6554F6ACFFB4A7EB7D63BB9ADA3588CFD74ED0B29355F48D90B9
(leaveContext)
(leaveContext 4ms)
ecdsaSigValid: 1
(leaveContext 4ms)
ECDSA host key signature verification success
(leaveContext 5ms)
calculateKey:
(leaveContext 1ms)
calculateKey:
(leaveContext)
calculateKey:
(leaveContext)
calculateKey:
(leaveContext)
calculateKey:
(leaveContext)
calculateKey:
(leaveContext)
Sending newkeys to server...
Expecting newkeys from server...
SSH Key Exchange Success.
installNewKeys:
m_isRekey: 0
No outgoing compression.
No incoming compression.
Outgoing encryption is now chacha20-poly1305@openssh.com
Incoming encryption is now chacha20-poly1305@openssh.com
(leaveContext)
(leaveContext 781ms)
socketOptions:
SO_SNDBUF: 263536
SO_RCVBUF: 4194304
TCP_NODELAY: 4
SO_KEEPALIVE: 8
(leaveContext 1ms)
Starting tunnel manager thread...
Tunnel manager thread started.
Success.
(leaveContext 1060ms)
AuthenticatePwPk:
DllDate: Nov 18 2022
ChilkatVersion: 9.5.0.93
UnlockPrefix: HNKNSF.CB1082023
Architecture: Little Endian; 64-bit
Language: Cocoa Objective-C
VerboseLogging: 1
authenticatePwPk:
login: ec2-user
sshAuthenticatePk:
keyFingerprint: ssh-rsa 2048 af:91:2a:53:f3:02:6f:31:2e:45:e3:6f:d0:68:b1:b2
requestUserAuthService:
sendServiceRequest:
svcName: ssh-userauth
SentServiceReq: ssh-userauth
(leaveContext)
ssh-userauth service accepted.
(leaveContext 247ms)
Using an RSA key.
keyToPublicKeyBlob:
(leaveContext)
dbPkBlob_qp: [=00=00=00=07ssh-rsa=00=00=00=03=01=00=01=00=00=01=01=00=BD=82B=A9=1E=12-=DB`&=F9=E6=F4=D6=87$=D6=9D=E4=C8=13=04=BAY5%=CE=14=ED=B3=FB=BC~H=F0=9B=F2d=EA=96u=03=D8=F2m=1D=CCK~=FE=E2<=C7=EA=C9=D8k=EF =89=BA=846Z=9A=11>)'=FDiNQ=B4=0D<H=FEQu=B7=B0=DB=98=92.=8C=97=1Ac=B3=06=A31=13=B4P=ED=17=8E=CEYti =ED=16w=DDLln=FFgV=CC=F5=CAX=13,5^ =B2=D9=98=87=AD=0F=F8=DE=10=D6`f=F3=AC>?=F76=CD2=9BK=BFN=E4=E9=F4=BF=FEC=A9=B9=92}+X=EC=F0=18=B0=DD=F3j=99=9F\=B5j=0A=A7x=B4=0B=C2=EF=11=B9=92=17=9DV=D4=8F^=B934h9[=F0B=D2=97fr=18=9Ep#Y=A4=95=B1mr=F5-=12=E3JN!u=A4=99=95v=02=C8=C2=FC=BAY=AF=EE_=18c=DFI=9A=DB=98x=E2yQ=ECk=14FN=90?+l=18=83iw=FB]
Sent public-key request.
AuthList: publickey,gssapi-keyex,gssapi-with-mic
Proceeding with publickey authentication...
padAndSignHash:
keyType: Private
hashInSize: 20
padding: PKCS v1.5
HashOid: 1.3.14.3.2.26
(leaveContext 10ms)
rsaSigLen: 256
Sent public-key request with signature.
Authentication failed or partial success. (4)
PartialSuccess4: 0
When partial success is 0, it means you are not using the correct private key that corresponds to the public key installed in the SSH user account.
(less common) It can also mean that Chilkat tried to use rsa-sha2-256 for the authentication, because the server indicated it supports rsa-sha2-256, but does not actually support it for PK authentication.
A workaround is to set the UncommonOptions property equal to "ForceUserAuthRsaSha1" and then re-try.
Also, to force Chilkat to continue with password authentication even if the public-key authentication fails, set UncommonOptions = "PubkeyOrPassword".
AuthList: publickey,gssapi-keyex,gssapi-with-mic
Publickey authentication failed..
(leaveContext 1469ms)
(leaveContext 1470ms)
Failed.
(leaveContext 1470ms)
2023/06/23 22:47:54:619 SSH tunnel failed after 2.53 seconds with error: Failed to authenticate via private key. Authentication failed or partial success. (4)
2023/06/23 22:47:54:619 Not accepting
2023/06/23 22:47:54:619 Not connected
2023/06/23 22:47:54:619 initializeSSH (allow pool) took 2.54 seconds.
2023/06/23 22:47:54:619 doConnect databaseClient->connect finished
2023/06/23 22:47:54:620 setDBC: connectionId: 700C85E0-BD4E-4EC7-A58C-1074AE288CE2-9484-0000018CEA89337B
2023/06/23 22:47:54:620 checkSSHFingerprintError returning NO
2023/06/23 22:47:54:621 SQLProConnectingWindowController endSheetWithReturnCode: OK
2023/06/23 22:47:54:621 HSDispatchGroup leave com.hankinsoft.connectionWindowDispatchGroup
2023/06/23 22:47:54:622 Failed to connect with error: Failed to authenticate via private key. Authentication failed or partial success. (4)
2023/06/23 22:47:54:623 Clearing internal database connection details.
2023/06/23 22:47:54:623 setDBC: nil
2023/06/23 22:47:56:336 Application is becoming active.
2023/06/23 22:47:57:081 Application is resigning activity.
To Reproduce
Steps to reproduce the behavior:
- Go to Connect
- Click on the saved remote connection
- See error
Expected behavior
It should connect successfully to the remote database using the correct SSH tunneling credentials.
Screenshots
Environment details (please complete the following information):
- Device: MacBook
- OS: macOS 12.6
- SQLPro app Version: SQLPro Studio Version 2023.43 (Build 111043.5)
- Installation source: App Store
- Target database server: MariaDB
Metadata
Metadata
Assignees
Labels
No labels