New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication (publickey) failed although client and server side agreed on rsa-sha2-512 pubkey algorithm #2064
Comments
Hello, We observed that this problem is happening if the server side uses OpenSSH_8.2p1. 2022-06-02T02:40:31.695178961Z 2022-06-02 02:40:31,691 DEBUG paramiko.transport transport.py:1874 starting thread (client mode): 0x70a89a00 |
Unable to reproduce the issue.
|
In addition, confirm publickey authentication is passed using ssh client (/usr/bin/ssh). |
Hello,
While connecting to a server by using paramiko version 2.11.0, authentication sometimes fails with below logs.
It's reported in the logs that both sides are already agreed to used rsa-sha2-512 as pubkey algorithm.
Private key is correct and works for authentication.
Could you please help to solve this problem ?
Thanks.
2022-06-02T02:41:07.944488564Z 2022-06-02 02:41:07,944 DEBUG paramiko.transport transport.py:1874 === Key exchange possibilities ===
2022-06-02T02:41:07.944809360Z 2022-06-02 02:41:07,944 DEBUG paramiko.transport transport.py:1874 kex algos: curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256
2022-06-02T02:41:07.945034082Z 2022-06-02 02:41:07,944 DEBUG paramiko.transport transport.py:1874 server key: rsa-sha2-512, rsa-sha2-256, ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
2022-06-02T02:41:07.945183100Z 2022-06-02 02:41:07,944 DEBUG paramiko.transport transport.py:1874 client encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
2022-06-02T02:41:07.945420795Z 2022-06-02 02:41:07,945 DEBUG paramiko.transport transport.py:1874 server encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
2022-06-02T02:41:07.945519395Z 2022-06-02 02:41:07,945 DEBUG paramiko.transport transport.py:1874 client mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
2022-06-02T02:41:07.945764799Z 2022-06-02 02:41:07,945 DEBUG paramiko.transport transport.py:1874 server mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
2022-06-02T02:41:07.945930087Z 2022-06-02 02:41:07,945 DEBUG paramiko.transport transport.py:1874 client compress: none, zlib@openssh.com
2022-06-02T02:41:07.946090467Z 2022-06-02 02:41:07,945 DEBUG paramiko.transport transport.py:1874 server compress: none, zlib@openssh.com
2022-06-02T02:41:07.946270131Z 2022-06-02 02:41:07,946 DEBUG paramiko.transport transport.py:1874 client lang:
2022-06-02T02:41:07.946431865Z 2022-06-02 02:41:07,946 DEBUG paramiko.transport transport.py:1874 server lang:
2022-06-02T02:41:07.946614020Z 2022-06-02 02:41:07,946 DEBUG paramiko.transport transport.py:1874 kex follows: False
2022-06-02T02:41:07.946801210Z 2022-06-02 02:41:07,946 DEBUG paramiko.transport transport.py:1874 === Key exchange agreements ===
2022-06-02T02:41:07.947073988Z 2022-06-02 02:41:07,946 DEBUG paramiko.transport transport.py:1874 Kex: curve25519-sha256@libssh.org
2022-06-02T02:41:07.947298385Z 2022-06-02 02:41:07,947 DEBUG paramiko.transport transport.py:1874 HostKey: ssh-ed25519
2022-06-02T02:41:07.947579492Z 2022-06-02 02:41:07,947 DEBUG paramiko.transport transport.py:1874 Cipher: aes128-ctr
2022-06-02T02:41:07.947772799Z 2022-06-02 02:41:07,947 DEBUG paramiko.transport transport.py:1874 MAC: hmac-sha2-256
2022-06-02T02:41:07.947987423Z 2022-06-02 02:41:07,947 DEBUG paramiko.transport transport.py:1874 Compression: none
2022-06-02T02:41:07.948113563Z 2022-06-02 02:41:07,947 DEBUG paramiko.transport transport.py:1874 === End of kex handshake ===
2022-06-02T02:41:07.961185357Z 2022-06-02 02:41:07,960 DEBUG paramiko.transport transport.py:1874 kex engine KexCurve25519 specified hash_algo
2022-06-02T02:41:07.962209102Z 2022-06-02 02:41:07,961 DEBUG paramiko.transport transport.py:1874 Switch to new keys ...
2022-06-02T02:41:07.963202607Z 2022-06-02 02:41:07,962 DEBUG paramiko.transport transport.py:1874 Adding ssh-ed25519 host key for 172.21.248.210: b'ee3ccd0f1e2eafd13ed62a1ed85ca70b'
2022-06-02T02:41:07.964281585Z 2022-06-02 02:41:07,963 DEBUG paramiko.transport transport.py:1874 Got EXT_INFO: {'server-sig-algs': b'ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com'}
2022-06-02T02:41:07.965501521Z 2022-06-02 02:41:07,965 DEBUG paramiko.transport transport.py:1874 Trying SSH key b'244f4f53fc0770febfad0c3a3b76ff15'
2022-06-02T02:41:07.967348581Z 2022-06-02 02:41:07,966 DEBUG paramiko.transport transport.py:1874 userauth is OK
2022-06-02T02:41:07.967545579Z 2022-06-02 02:41:07,967 DEBUG paramiko.transport transport.py:1874 Finalizing pubkey algorithm for key of type 'ssh-rsa'
2022-06-02T02:41:07.967567108Z 2022-06-02 02:41:07,967 DEBUG paramiko.transport transport.py:1874 Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
2022-06-02T02:41:07.967887274Z 2022-06-02 02:41:07,967 DEBUG paramiko.transport transport.py:1874 Server-side algorithm list: ['ssh-ed25519', 'sk-ssh-ed25519@openssh.com', 'ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'sk-ecdsa-sha2-nistp256@openssh.com']
2022-06-02T02:41:07.967936793Z 2022-06-02 02:41:07,967 DEBUG paramiko.transport transport.py:1874 Agreed upon 'rsa-sha2-512' pubkey algorithm
2022-06-02T02:41:07.989505635Z 2022-06-02 02:41:07,989 INFO paramiko.transport transport.py:1874 Authentication (publickey) failed.
It's tested again with another server that if the authentication is successful, server side algorithm list is different.
022-06-02T03:48:03.301965061Z 2022-06-02 03:48:03,298 DEBUG paramiko.transport transport.py:1874 Server-side algorithm list: ['ssh-ed25519', 'ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521']
The text was updated successfully, but these errors were encountered: