Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Same algorithms, incompatibility between 0.4.15 and 0.5.0 #428

Closed
thomsavage opened this issue May 19, 2016 · 8 comments
Closed

Same algorithms, incompatibility between 0.4.15 and 0.5.0 #428

thomsavage opened this issue May 19, 2016 · 8 comments

Comments

@thomsavage
Copy link

Trying to upgrade to the 0.5.0 release from 0.4.15 and my public-key auth connections are failing with:
{ [Error: All configured authentication methods failed] level: 'client-authentication' }

I compared all of the algorithm selections negotiated between the working (0.4.15) run to verify that they are negotiated to the same selections in the failing (0.5.0) run.

My keypair was generated as DSA.

Here is the working (0.4.15) debug output:

DEBUG: Parser: IN_INIT
DEBUG: Parser: IN_GREETING
DEBUG: Parser: IN_HEADER
DEBUG: Remote ident: 'SSH-2.0-OpenSSH_7.1'
DEBUG: Outgoing: Writing KEXINIT
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:940,padLen:4,remainLen:936
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXINIT
DEBUG: Comparing KEXINITs ...
DEBUG: (local) KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
DEBUG: (remote) KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
DEBUG: KEX algorithm: diffie-hellman-group-exchange-sha256
DEBUG: (local) Host key formats: ssh-rsa,ssh-dss
DEBUG: (remote) Host key formats: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
DEBUG: Host key format: ssh-rsa
DEBUG: (local) Client->Server ciphers: aes256-ctr,aes192-ctr,aes128-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,arcfour256,arcfour128,cast128-cbc,arcfour
DEBUG: (remote) Client->Server ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
DEBUG: Client->Server Cipher: aes256-ctr
DEBUG: (local) Server->Client ciphers: aes256-ctr,aes192-ctr,aes128-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc,arcfour256,arcfour128,cast128-cbc,arcfour
DEBUG: (remote) Server->Client ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
DEBUG: Server->Client Cipher: aes256-ctr
DEBUG: (local) Client->Server HMAC algorithms: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
DEBUG: (remote) Client->Server HMAC algorithms: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: Client->Server HMAC algorithm: hmac-sha1
DEBUG: (local) Server->Client HMAC algorithms: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
DEBUG: (remote) Server->Client HMAC algorithms: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: Server->Client HMAC algorithm: hmac-sha1
DEBUG: (local) Client->Server compression algorithms: none
DEBUG: (remote) Client->Server compression algorithms: none,zlib@openssh.com
DEBUG: Client->Server compression algorithm: none
DEBUG: (local) Server->Client compression algorithms: none
DEBUG: (remote) Server->Client compression algorithms: none,zlib@openssh.com
DEBUG: Server->Client compression algorithm: none
DEBUG: Outgoing: Writing KEXDH_GEX_REQUEST
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:404,padLen:8,remainLen:400
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXDH_GEX_GROUP
DEBUG: Outgoing: Writing KEXDH_GEX_INIT
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:956,padLen:8,remainLen:952
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXDH_GEX_REPLY
DEBUG: Checking host key format
DEBUG: Checking signature format
DEBUG: Verifying host fingerprint
DEBUG: Host accepted by default (no verification)
DEBUG: Verifying signature
DEBUG: Outgoing: Writing NEWKEYS
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:12,padLen:10,remainLen:8
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: NEWKEYS
DEBUG: Outgoing: Writing SERVICE_REQUEST (ssh-userauth)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:28,padLen:10,remainLen:16
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: SERVICE_ACCEPT
DEBUG: Outgoing: Writing USERAUTH_REQUEST (publickey -- check)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:460,padLen:9,remainLen:448
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_PK_OK
DEBUG: Outgoing: Writing USERAUTH_REQUEST (publickey)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:12,padLen:10,remainLen:0
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_SUCCESS
DEBUG: Outgoing: Writing CHANNEL_OPEN (0, session)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:924,padLen:11,remainLen:912
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: GLOBAL_REQUEST
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:28,padLen:10,remainLen:16
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_OPEN_CONFIRMATION
DEBUG: Outgoing: Writing CHANNEL_REQUEST (0, exec)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:28,padLen:18,remainLen:16
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_WINDOW_ADJUST (0, 2097152)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:12,padLen:6,remainLen:0
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_SUCCESS (0)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:124,padLen:11,remainLen:112
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_EXTENDED_DATA (0)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:44,padLen:18,remainLen:32
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_REQUEST (0, exit-status)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:12,padLen:6,remainLen:0
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_EOF (0)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:12,padLen:6,remainLen:0
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: CHANNEL_CLOSE (0)
DEBUG: Outgoing: Writing CHANNEL_CLOSE (0)
DEBUG: Outgoing: Writing DISCONNECT (BY_APPLICATION)

Here is the failing (0.5.0) run:

DEBUG: Parser: IN_INIT
DEBUG: Parser: IN_GREETING
DEBUG: Parser: IN_HEADER
DEBUG: Remote ident: 'SSH-2.0-OpenSSH_7.1'
DEBUG: Outgoing: Writing KEXINIT
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:940,padLen:4,remainLen:936
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXINIT
DEBUG: Comparing KEXINITs ...
DEBUG: (local) KEX algorithms: diffie-hellman-group-exchange-sha256
DEBUG: (remote) KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
DEBUG: KEX algorithm: diffie-hellman-group-exchange-sha256
DEBUG: (local) Host key formats: ssh-rsa,ssh-dss
DEBUG: (remote) Host key formats: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
DEBUG: Host key format: ssh-rsa
DEBUG: (local) Client->Server ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
DEBUG: (remote) Client->Server ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
DEBUG: Client->Server Cipher: aes128-ctr
DEBUG: (local) Server->Client ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes128-gcm@openssh.com,aes256-gcm,aes256-gcm@openssh.com
DEBUG: (remote) Server->Client ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
DEBUG: Server->Client Cipher: aes128-ctr
DEBUG: (local) Client->Server HMAC algorithms: hmac-sha1
DEBUG: (remote) Client->Server HMAC algorithms: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: Client->Server HMAC algorithm: hmac-sha1
DEBUG: (local) Server->Client HMAC algorithms: hmac-sha1
DEBUG: (remote) Server->Client HMAC algorithms: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
DEBUG: Server->Client HMAC algorithm: hmac-sha1
DEBUG: (local) Client->Server compression algorithms: none,zlib@openssh.com,zlib
DEBUG: (remote) Client->Server compression algorithms: none,zlib@openssh.com
DEBUG: Client->Server compression algorithm: none
DEBUG: (local) Server->Client compression algorithms: none,zlib@openssh.com,zlib
DEBUG: (remote) Server->Client compression algorithms: none,zlib@openssh.com
DEBUG: Server->Client compression algorithm: none
DEBUG: Outgoing: Writing KEXDH_GEX_REQUEST
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:404,padLen:8,remainLen:400
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXDH_GEX_GROUP
DEBUG: Outgoing: Writing KEXDH_GEX_INIT
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:956,padLen:8,remainLen:952
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: KEXDH_GEX_REPLY
DEBUG: Checking host key format
DEBUG: Checking signature format
DEBUG: Verifying host fingerprint
DEBUG: Host accepted by default (no verification)
DEBUG: Verifying signature
DEBUG: Outgoing: Writing NEWKEYS
DEBUG: Parser: IN_PACKETBEFORE (expecting 8)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: pktLen:12,padLen:10,remainLen:8
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: IN_PACKETDATAAFTER, packet: NEWKEYS
DEBUG: Outgoing: Writing SERVICE_REQUEST (ssh-userauth)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:28,padLen:10,remainLen:16
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: SERVICE_ACCEPT
DEBUG: Outgoing: Writing USERAUTH_REQUEST (publickey -- check)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:460,padLen:9,remainLen:448
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_PK_OK
DEBUG: Outgoing: Writing USERAUTH_REQUEST (publickey)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:60,padLen:14,remainLen:48
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_FAILURE
DEBUG: Client: publickey auth failed
DEBUG: Outgoing: Writing USERAUTH_REQUEST (none)
DEBUG: Parser: IN_PACKETBEFORE (expecting 16)
DEBUG: Parser: IN_PACKET
DEBUG: Parser: Decrypting
DEBUG: Parser: pktLen:60,padLen:14,remainLen:48
DEBUG: Parser: IN_PACKETDATA
DEBUG: Parser: Decrypting
DEBUG: Parser: HMAC size:20
DEBUG: Parser: IN_PACKETDATAVERIFY
DEBUG: Parser: Verifying MAC
DEBUG: Parser: IN_PACKETDATAVERIFY (Valid HMAC)
DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_FAILURE
DEBUG: Client: none auth failed
* Error has occurred! { [Error: All configured authentication methods failed] level: 'client-authentication' }
DEBUG: Outgoing: Writing DISCONNECT (BY_APPLICATION)

I captured the sshd debug log for a failing run, and it goes a little something like this:

debug1: sshd version OpenSSH_7.1, OpenSSL 1.0.2f  28 Jan 2016
debug1: private host key #0: ssh-rsa SHA256:yLR9BWB9AiBgBaEh3R9aHuNjglzqrfRlPARP3yuVXPc
debug1: private host key #1: ssh-dss SHA256:pj4NmaQziCigO8aPAb5VIQrUjJ7iGSBmymmKdPCEKiI
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:8riAQm/3GHwjvNhxlNXf0rcJcDG2bIMh6LNYLg92T6M
debug1: private host key #3: ssh-ed25519 SHA256:PE+w8cqjXjBqExpRU8/tYZXVQYv0GoFjGQXFD2sCGVg
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.206.1 port 64367 on 192.168.206.3 port 22
debug1: Client protocol version 2.0; client software version ssh2js0.1.3
debug1: no match: ssh2js0.1.3
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: expecting SSH2_MSG_KEX_ECDH_INIT
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user MyUsername service ssh-connection method publickey
debug1: attempt 0 failures 0
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 197609/197121 (e=197609/197121)
debug1: trying public key file /home/MyUsername/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /home/MyUsername/.ssh/authorized_keys, line 1 DSA SHA256:E9UWBl9D/ARlF/HFCzSdtBnzNYjYroWk2rHFqjDvY+U
debug1: restore_uid: 197609/197121
Postponed publickey for MyUsername from 192.168.206.1 port 64367 ssh2
debug1: userauth-request for user MyUsername service ssh-connection method publickey
debug1: attempt 1 failures 0
debug1: temporarily_use_uid: 197609/197121 (e=197609/197121)
debug1: trying public key file /home/MyUsername/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /home/MyUsername/.ssh/authorized_keys, line 1 DSA SHA256:E9UWBl9D/ARlF/HFCzSdtBnzNYjYroWk2rHFqjDvY+U
debug1: restore_uid: 197609/197121
key_verify: invalid format
Failed publickey for MyUsername from 192.168.206.1 port 64367 ssh2: DSA SHA256:E9UWBl9D/ARlF/HFCzSdtBnzNYjYroWk2rHFqjDvY+U
debug1: userauth-request for user MyUsername service ssh-connection method none
debug1: attempt 2 failures 1
Failed none for MyUsername from 192.168.206.1 port 64367 ssh2
Received disconnect from 192.168.206.1: 11:
Disconnected from 192.168.206.1
debug1: do_cleanup
@mscdex
Copy link
Owner

mscdex commented May 19, 2016

Can you generate an unused key that exhibits the same behavior that I can use for testing?

@thomsavage
Copy link
Author

Sure, here is a freshly generated key that I've verified reproduces the issue:

Private Key

-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQDJ7ZqThDmDMwWQ+MZa3eFtM3Suglcmnxvdy5k/e2DyFpeVyIpP
JlpCzf6CDCLMltwlqUuJPA3qPg/dN4+CxxiduqidLbJ2DjgFTRBbFJdnGy4a70RB
8emWOFoGozFlRbobFlUS4d2t7kd2nEeEUTGx974yc/tVyHZuMMBP9rJH4wIVAMiG
7xOsmqSSRb57hPFogbnAnAzBAoGAcuvOk2c918qO8qUThasu/xPuGtXHz4JMVjjQ
j3+Ffrc4gziELSHYtRmIKMnE05GZec/j5uu5jEcdh9L9+pjBKzVF4BZGYcfK6cZq
fvzGoeEPBD35C61KmimATkkaT2caJV3zdCMXOuL2ikxFtk3WIAWWz9qHRfyJPfDA
ANQ8eaACgYB6abkBihTYBs24+t+s127REmHpAzo/qco9Bxp+bb4vsFPw02sTN34k
oqUBFub0nnk9FPuQjG9j3ACu9ak8TGeXTcXA8cMCDjt1lkFeHo0QTh11LYFhvmG+
lxSwyyS1qr04YIlOmKHlzNagBlr6Ia0+1XrQBeYtnIl/6uJ6jqsIyAIVAMLLiFAg
thClTtsYtiaPQEw2q5GV
-----END DSA PRIVATE KEY-----

Pubkey

ssh-dss AAAAB3NzaC1kc3MAAACBAMntmpOEOYMzBZD4xlrd4W0zdK6CVyafG93LmT97YPIWl5XIik8mWkLN/oIMIsyW3CWpS4k8Deo+D903j4LHGJ26qJ0tsnYOOAVNEFsUl2cbLhrvREHx6ZY4WgajMWVFuhsWVRLh3a3uR3acR4RRMbH3vjJz+1XIdm4wwE/2skfjAAAAFQDIhu8TrJqkkkW+e4TxaIG5wJwMwQAAAIBy686TZz3Xyo7ypROFqy7/E+4a1cfPgkxWONCPf4V+tziDOIQtIdi1GYgoycTTkZl5z+Pm67mMRx2H0v36mMErNUXgFkZhx8rpxmp+/Mah4Q8EPfkLrUqaKYBOSRpPZxolXfN0Ixc64vaKTEW2TdYgBZbP2odF/Ik98MAA1Dx5oAAAAIB6abkBihTYBs24+t+s127REmHpAzo/qco9Bxp+bb4vsFPw02sTN34koqUBFub0nnk9FPuQjG9j3ACu9ak8TGeXTcXA8cMCDjt1lkFeHo0QTh11LYFhvmG+lxSwyyS1qr04YIlOmKHlzNagBlr6Ia0+1XrQBeYtnIl/6uJ6jqsIyA== used-key

Also, here is my server's sshd_config:

AuthorizedKeysFile      .ssh/authorized_keys
PubkeyAcceptedKeyTypes *
Subsystem       sftp    /usr/sbin/sftp-server
UsePrivilegeSeparation no

My cygwin sshd is: OpenSSH_7.1p2, OpenSSL 1.0.2f 28 Jan 2016

@thomsavage
Copy link
Author

I also just verified that the 0.5.0 version works fine when I use an RSA key instead of DSA.

@Jacques44
Copy link

Hello,
same here, node v4.4.2, lack of DSA support on OSX (RSA is fine)

I got clientside:
DEBUG: Parser: IN_PACKETDATAAFTER, packet: USERAUTH_FAILURE
DEBUG: Client: none auth failed

I got in system console:
21/05/2016 19:53:10,228 sshd[6511]: error: key_verify: invalid format

@Jacques44 Jacques44 mentioned this issue May 21, 2016
Closed
@mscdex
Copy link
Owner

mscdex commented May 22, 2016

I was able to reproduce this with the given key and the problem should be fixed now with ssh2-streams v0.1.4 (specifically mscdex/ssh2-streams@323b4cc). Simply reinstall ssh2 and it should pick up the new ssh2-streams version.

@mscdex
Copy link
Owner

mscdex commented Jul 7, 2016

@thomsavage @Jacques44 Does this work for you now?

@thomsavage
Copy link
Author

I was able to verify that this is now fixed with current ssh2 0.5.0. Thanks!

@mscdex
Copy link
Owner

mscdex commented Jul 7, 2016

@thomsavage Excellent! Thanks for the feedback.

@mscdex mscdex closed this as completed Jul 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mscdex @thomsavage @Jacques44