Cannot connect to server with private key #1960

LordSimal · 2023-11-21T09:36:26Z

We can successfully connect to the given server via "normal" SSH but for some reason it doesn't work with phpseclib.

Here is the NET_SSH2_LOGGING output after doing

$sftp = new \phpseclib3\Net\SFTP('myserver.com', 22);
$key = \phpseclib3\Crypt\RSA::load($sshKeyContent);
$sftpWorks = $sftp->login($username, $key);

<-
00000000  53:53:48:2d:32:2e:30:2d:4f:70:65:6e:53:53:48:5f  SSH-2.0-OpenSSH_
00000010  38:2e:39:70:31:0d:0a                             8.9p1..

->
00000000  53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69  SSH-2.0-phpsecli
00000010  62:5f:33:2e:30:20:28:6c:69:62:73:6f:64:69:75:6d  b_3.0 (libsodium
00000020  2c:20:6f:70:65:6e:73:73:6c:2c:20:67:6d:70:29:0d  , openssl, gmp).
00000030  0a                                               .

-> NET_SSH2_MSG_KEXINIT (since last: 0.0581, network: 0s)
00000000  3d:33:7c:19:75:fe:f6:5c:4d:6d:7f:1d:40:ac:1d:4f  =3|.u..\Mm..@..O
00000010  00:00:01:7c:63:75:72:76:65:32:35:35:31:39:2d:73  ...|curve25519-s
00000020  68:61:32:35:36:2c:63:75:72:76:65:32:35:35:31:39  ha256,curve25519
00000030  2d:73:68:61:32:35:36:40:6c:69:62:73:73:68:2e:6f  -sha256@libssh.o
00000040  72:67:2c:65:63:64:68:2d:73:68:61:32:2d:6e:69:73  rg,ecdh-sha2-nis
00000050  74:70:32:35:36:2c:65:63:64:68:2d:73:68:61:32:2d  tp256,ecdh-sha2-
00000060  6e:69:73:74:70:33:38:34:2c:65:63:64:68:2d:73:68  nistp384,ecdh-sh
00000070  61:32:2d:6e:69:73:74:70:35:32:31:2c:64:69:66:66  a2-nistp521,diff
00000080  69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70  ie-hellman-group
00000090  2d:65:78:63:68:61:6e:67:65:2d:73:68:61:32:35:36  -exchange-sha256
000000a0  2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d  ,diffie-hellman-
000000b0  67:72:6f:75:70:2d:65:78:63:68:61:6e:67:65:2d:73  group-exchange-s
000000c0  68:61:31:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ha1,diffie-hellm
000000d0  61:6e:2d:67:72:6f:75:70:31:34:2d:73:68:61:32:35  an-group14-sha25
000000e0  36:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e  6,diffie-hellman
000000f0  2d:67:72:6f:75:70:31:34:2d:73:68:61:31:2c:64:69  -group14-sha1,di
00000100  66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f  ffie-hellman-gro
00000110  75:70:31:35:2d:73:68:61:35:31:32:2c:64:69:66:66  up15-sha512,diff
00000120  69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70  ie-hellman-group
00000130  31:36:2d:73:68:61:35:31:32:2c:64:69:66:66:69:65  16-sha512,diffie
00000140  2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:37  -hellman-group17
00000150  2d:73:68:61:35:31:32:2c:64:69:66:66:69:65:2d:68  -sha512,diffie-h
00000160  65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:38:2d:73  ellman-group18-s
00000170  68:61:35:31:32:2c:64:69:66:66:69:65:2d:68:65:6c  ha512,diffie-hel
00000180  6c:6d:61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31  lman-group1-sha1
00000190  00:00:00:71:73:73:68:2d:65:64:32:35:35:31:39:2c  ...qssh-ed25519,
000001a0  65:63:64:73:61:2d:73:68:61:32:2d:6e:69:73:74:70  ecdsa-sha2-nistp
000001b0  32:35:36:2c:65:63:64:73:61:2d:73:68:61:32:2d:6e  256,ecdsa-sha2-n
000001c0  69:73:74:70:33:38:34:2c:65:63:64:73:61:2d:73:68  istp384,ecdsa-sh
000001d0  61:32:2d:6e:69:73:74:70:35:32:31:2c:72:73:61:2d  a2-nistp521,rsa-
000001e0  73:68:61:32:2d:32:35:36:2c:72:73:61:2d:73:68:61  sha2-256,rsa-sha
000001f0  32:2d:35:31:32:2c:73:73:68:2d:72:73:61:2c:73:73  2-512,ssh-rsa,ss
00000200  68:2d:64:73:73:00:00:01:01:61:65:73:31:32:38:2d  h-dss....aes128-
00000210  67:63:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c  gcm@openssh.com,
00000220  61:65:73:32:35:36:2d:67:63:6d:40:6f:70:65:6e:73  aes256-gcm@opens
00000230  73:68:2e:63:6f:6d:2c:61:65:73:31:32:38:2d:63:74  sh.com,aes128-ct
00000240  72:2c:61:65:73:31:39:32:2d:63:74:72:2c:61:65:73  r,aes192-ctr,aes
00000250  32:35:36:2d:63:74:72:2c:61:65:73:31:32:38:2d:63  256-ctr,aes128-c
00000260  62:63:2c:61:65:73:31:39:32:2d:63:62:63:2c:61:65  bc,aes192-cbc,ae
00000270  73:32:35:36:2d:63:62:63:2c:33:64:65:73:2d:63:62  s256-cbc,3des-cb
00000280  63:2c:74:77:6f:66:69:73:68:31:32:38:2d:63:74:72  c,twofish128-ctr
00000290  2c:74:77:6f:66:69:73:68:31:39:32:2d:63:74:72:2c  ,twofish192-ctr,
000002a0  74:77:6f:66:69:73:68:32:35:36:2d:63:74:72:2c:74  twofish256-ctr,t
000002b0  77:6f:66:69:73:68:31:32:38:2d:63:62:63:2c:74:77  wofish128-cbc,tw
000002c0  6f:66:69:73:68:31:39:32:2d:63:62:63:2c:74:77:6f  ofish192-cbc,two
000002d0  66:69:73:68:32:35:36:2d:63:62:63:2c:74:77:6f:66  fish256-cbc,twof
000002e0  69:73:68:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68  ish-cbc,blowfish
000002f0  2d:63:74:72:2c:62:6c:6f:77:66:69:73:68:2d:63:62  -ctr,blowfish-cb
00000300  63:2c:33:64:65:73:2d:63:74:72:00:00:01:01:61:65  c,3des-ctr....ae
00000310  73:31:32:38:2d:67:63:6d:40:6f:70:65:6e:73:73:68  s128-gcm@openssh
00000320  2e:63:6f:6d:2c:61:65:73:32:35:36:2d:67:63:6d:40  .com,aes256-gcm@
00000330  6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:61:65:73:31  openssh.com,aes1
00000340  32:38:2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74  28-ctr,aes192-ct
00000350  72:2c:61:65:73:32:35:36:2d:63:74:72:2c:61:65:73  r,aes256-ctr,aes
00000360  31:32:38:2d:63:62:63:2c:61:65:73:31:39:32:2d:63  128-cbc,aes192-c
00000370  62:63:2c:61:65:73:32:35:36:2d:63:62:63:2c:33:64  bc,aes256-cbc,3d
00000380  65:73:2d:63:62:63:2c:74:77:6f:66:69:73:68:31:32  es-cbc,twofish12
00000390  38:2d:63:74:72:2c:74:77:6f:66:69:73:68:31:39:32  8-ctr,twofish192
000003a0  2d:63:74:72:2c:74:77:6f:66:69:73:68:32:35:36:2d  -ctr,twofish256-
000003b0  63:74:72:2c:74:77:6f:66:69:73:68:31:32:38:2d:63  ctr,twofish128-c
000003c0  62:63:2c:74:77:6f:66:69:73:68:31:39:32:2d:63:62  bc,twofish192-cb
000003d0  63:2c:74:77:6f:66:69:73:68:32:35:36:2d:63:62:63  c,twofish256-cbc
000003e0  2c:74:77:6f:66:69:73:68:2d:63:62:63:2c:62:6c:6f  ,twofish-cbc,blo
000003f0  77:66:69:73:68:2d:63:74:72:2c:62:6c:6f:77:66:69  wfish-ctr,blowfi
00000400  73:68:2d:63:62:63:2c:33:64:65:73:2d:63:74:72:00  sh-cbc,3des-ctr.
00000410  00:00:f7:68:6d:61:63:2d:73:68:61:32:2d:32:35:36  ...hmac-sha2-256
00000420  2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d  -etm@openssh.com
00000430  2c:68:6d:61:63:2d:73:68:61:32:2d:35:31:32:2d:65  ,hmac-sha2-512-e
00000440  74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:75  tm@openssh.com,u
00000450  6d:61:63:2d:36:34:2d:65:74:6d:40:6f:70:65:6e:73  mac-64-etm@opens
00000460  73:68:2e:63:6f:6d:2c:75:6d:61:63:2d:31:32:38:2d  sh.com,umac-128-
00000470  65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c  etm@openssh.com,
00000480  68:6d:61:63:2d:73:68:61:31:2d:65:74:6d:40:6f:70  hmac-sha1-etm@op
00000490  65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73  enssh.com,hmac-s
000004a0  68:61:32:2d:32:35:36:2c:68:6d:61:63:2d:73:68:61  ha2-256,hmac-sha
000004b0  32:2d:35:31:32:2c:75:6d:61:63:2d:36:34:40:6f:70  2-512,umac-64@op
000004c0  65:6e:73:73:68:2e:63:6f:6d:2c:75:6d:61:63:2d:31  enssh.com,umac-1
000004d0  32:38:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68  28@openssh.com,h
000004e0  6d:61:63:2d:73:68:61:31:2d:39:36:2c:68:6d:61:63  mac-sha1-96,hmac
000004f0  2d:73:68:61:31:2c:68:6d:61:63:2d:6d:64:35:2d:39  -sha1,hmac-md5-9
00000500  36:2c:68:6d:61:63:2d:6d:64:35:00:00:00:f7:68:6d  6,hmac-md5....hm
00000510  61:63:2d:73:68:61:32:2d:32:35:36:2d:65:74:6d:40  ac-sha2-256-etm@
00000520  6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63  openssh.com,hmac
00000530  2d:73:68:61:32:2d:35:31:32:2d:65:74:6d:40:6f:70  -sha2-512-etm@op
00000540  65:6e:73:73:68:2e:63:6f:6d:2c:75:6d:61:63:2d:36  enssh.com,umac-6
00000550  34:2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f  4-etm@openssh.co
00000560  6d:2c:75:6d:61:63:2d:31:32:38:2d:65:74:6d:40:6f  m,umac-128-etm@o
00000570  70:65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d  penssh.com,hmac-
00000580  73:68:61:31:2d:65:74:6d:40:6f:70:65:6e:73:73:68  sha1-etm@openssh
00000590  2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61:32:2d:32  .com,hmac-sha2-2
000005a0  35:36:2c:68:6d:61:63:2d:73:68:61:32:2d:35:31:32  56,hmac-sha2-512
000005b0  2c:75:6d:61:63:2d:36:34:40:6f:70:65:6e:73:73:68  ,umac-64@openssh
000005c0  2e:63:6f:6d:2c:75:6d:61:63:2d:31:32:38:40:6f:70  .com,umac-128@op
000005d0  65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73  enssh.com,hmac-s
000005e0  68:61:31:2d:39:36:2c:68:6d:61:63:2d:73:68:61:31  ha1-96,hmac-sha1
000005f0  2c:68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61  ,hmac-md5-96,hma
00000600  63:2d:6d:64:35:00:00:00:1a:6e:6f:6e:65:2c:7a:6c  c-md5....none,zl
00000610  69:62:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:7a  ib@openssh.com,z
00000620  6c:69:62:00:00:00:1a:6e:6f:6e:65:2c:7a:6c:69:62  lib....none,zlib
00000630  40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:7a:6c:69  @openssh.com,zli
00000640  62:00:00:00:00:00:00:00:00:00:00:00:00:00        b.............

<- NET_SSH2_MSG_KEXINIT (since last: 0.0056, network: 0.0055s)
00000000  f9:f4:f8:3a:6f:e8:c6:40:9f:9c:59:33:51:72:00:5b  ...:o..@..Y3Qr.[
00000010  00:00:01:09:63:75:72:76:65:32:35:35:31:39:2d:73  ....curve25519-s
00000020  68:61:32:35:36:2c:63:75:72:76:65:32:35:35:31:39  ha256,curve25519
00000030  2d:73:68:61:32:35:36:40:6c:69:62:73:73:68:2e:6f  -sha256@libssh.o
00000040  72:67:2c:65:63:64:68:2d:73:68:61:32:2d:6e:69:73  rg,ecdh-sha2-nis
00000050  74:70:32:35:36:2c:65:63:64:68:2d:73:68:61:32:2d  tp256,ecdh-sha2-
00000060  6e:69:73:74:70:33:38:34:2c:65:63:64:68:2d:73:68  nistp384,ecdh-sh
00000070  61:32:2d:6e:69:73:74:70:35:32:31:2c:73:6e:74:72  a2-nistp521,sntr
00000080  75:70:37:36:31:78:32:35:35:31:39:2d:73:68:61:35  up761x25519-sha5
00000090  31:32:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:64  12@openssh.com,d
000000a0  69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72  iffie-hellman-gr
000000b0  6f:75:70:2d:65:78:63:68:61:6e:67:65:2d:73:68:61  oup-exchange-sha
000000c0  32:35:36:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d  256,diffie-hellm
000000d0  61:6e:2d:67:72:6f:75:70:31:36:2d:73:68:61:35:31  an-group16-sha51
000000e0  32:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e  2,diffie-hellman
000000f0  2d:67:72:6f:75:70:31:38:2d:73:68:61:35:31:32:2c  -group18-sha512,
00000100  64:69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67  diffie-hellman-g
00000110  72:6f:75:70:31:34:2d:73:68:61:32:35:36:00:00:00  roup14-sha256...
00000120  0b:73:73:68:2d:65:64:32:35:35:31:39:00:00:00:6c  .ssh-ed25519...l
00000130  63:68:61:63:68:61:32:30:2d:70:6f:6c:79:31:33:30  chacha20-poly130
00000140  35:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:61:65  5@openssh.com,ae
00000150  73:31:32:38:2d:63:74:72:2c:61:65:73:31:39:32:2d  s128-ctr,aes192-
00000160  63:74:72:2c:61:65:73:32:35:36:2d:63:74:72:2c:61  ctr,aes256-ctr,a
00000170  65:73:31:32:38:2d:67:63:6d:40:6f:70:65:6e:73:73  es128-gcm@openss
00000180  68:2e:63:6f:6d:2c:61:65:73:32:35:36:2d:67:63:6d  h.com,aes256-gcm
00000190  40:6f:70:65:6e:73:73:68:2e:63:6f:6d:00:00:00:6c  @openssh.com...l
000001a0  63:68:61:63:68:61:32:30:2d:70:6f:6c:79:31:33:30  chacha20-poly130
000001b0  35:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:61:65  5@openssh.com,ae
000001c0  73:31:32:38:2d:63:74:72:2c:61:65:73:31:39:32:2d  s128-ctr,aes192-
000001d0  63:74:72:2c:61:65:73:32:35:36:2d:63:74:72:2c:61  ctr,aes256-ctr,a
000001e0  65:73:31:32:38:2d:67:63:6d:40:6f:70:65:6e:73:73  es128-gcm@openss
000001f0  68:2e:63:6f:6d:2c:61:65:73:32:35:36:2d:67:63:6d  h.com,aes256-gcm
00000200  40:6f:70:65:6e:73:73:68:2e:63:6f:6d:00:00:00:d5  @openssh.com....
00000210  75:6d:61:63:2d:36:34:2d:65:74:6d:40:6f:70:65:6e  umac-64-etm@open
00000220  73:73:68:2e:63:6f:6d:2c:75:6d:61:63:2d:31:32:38  ssh.com,umac-128
00000230  2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d  -etm@openssh.com
00000240  2c:68:6d:61:63:2d:73:68:61:32:2d:32:35:36:2d:65  ,hmac-sha2-256-e
00000250  74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68  tm@openssh.com,h
00000260  6d:61:63:2d:73:68:61:32:2d:35:31:32:2d:65:74:6d  mac-sha2-512-etm
00000270  40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61  @openssh.com,hma
00000280  63:2d:73:68:61:31:2d:65:74:6d:40:6f:70:65:6e:73  c-sha1-etm@opens
00000290  73:68:2e:63:6f:6d:2c:75:6d:61:63:2d:36:34:40:6f  sh.com,umac-64@o
000002a0  70:65:6e:73:73:68:2e:63:6f:6d:2c:75:6d:61:63:2d  penssh.com,umac-
000002b0  31:32:38:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c  128@openssh.com,
000002c0  68:6d:61:63:2d:73:68:61:32:2d:32:35:36:2c:68:6d  hmac-sha2-256,hm
000002d0  61:63:2d:73:68:61:32:2d:35:31:32:2c:68:6d:61:63  ac-sha2-512,hmac
000002e0  2d:73:68:61:31:00:00:00:d5:75:6d:61:63:2d:36:34  -sha1....umac-64
000002f0  2d:65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d  -etm@openssh.com
00000300  2c:75:6d:61:63:2d:31:32:38:2d:65:74:6d:40:6f:70  ,umac-128-etm@op
00000310  65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73  enssh.com,hmac-s
00000320  68:61:32:2d:32:35:36:2d:65:74:6d:40:6f:70:65:6e  ha2-256-etm@open
00000330  73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61  ssh.com,hmac-sha
00000340  32:2d:35:31:32:2d:65:74:6d:40:6f:70:65:6e:73:73  2-512-etm@openss
00000350  68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61:31:2d  h.com,hmac-sha1-
00000360  65:74:6d:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c  etm@openssh.com,
00000370  75:6d:61:63:2d:36:34:40:6f:70:65:6e:73:73:68:2e  umac-64@openssh.
00000380  63:6f:6d:2c:75:6d:61:63:2d:31:32:38:40:6f:70:65  com,umac-128@ope
00000390  6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68  nssh.com,hmac-sh
000003a0  61:32:2d:32:35:36:2c:68:6d:61:63:2d:73:68:61:32  a2-256,hmac-sha2
000003b0  2d:35:31:32:2c:68:6d:61:63:2d:73:68:61:31:00:00  -512,hmac-sha1..
000003c0  00:15:6e:6f:6e:65:2c:7a:6c:69:62:40:6f:70:65:6e  ..none,zlib@open
000003d0  73:73:68:2e:63:6f:6d:00:00:00:15:6e:6f:6e:65:2c  ssh.com....none,
000003e0  7a:6c:69:62:40:6f:70:65:6e:73:73:68:2e:63:6f:6d  zlib@openssh.com
000003f0  00:00:00:00:00:00:00:00:00:00:00:00:00           .............

-> NET_SSH2_MSG_KEX_ECDH_INIT (since last: 0.0064, network: 0s)
00000000  00:00:00:20:ae:e6:9e:8e:23:30:6a:66:d1:98:1f:4f  ... ....#0jf...O
00000010  4a:33:b0:64:64:2e:01:f8:de:c5:d0:da:3b:f8:2d:79  J3.dd.......;.-y
00000020  65:7f:25:23                                      e.%#

<- NET_SSH2_MSG_KEX_ECDH_REPLY (since last: 0.0307, network: 0.0307s)
00000000  00:00:00:33:00:00:00:0b:73:73:68:2d:65:64:32:35  ...3....ssh-ed25
00000010  35:31:39:00:00:00:20:49:b2:4e:53:97:00:4c:dd:1a  519... I.NS..L..
00000020  cf:f3:28:2f:3d:06:56:a7:f3:00:25:0b:64:1c:77:5d  ..(/=.V...%.d.w]
00000030  22:7e:95:74:bf:5b:5d:00:00:00:20:f9:a3:88:5f:6d  "~.t.[]... ..._m
00000040  9b:57:ed:d7:07:57:d6:bb:81:42:99:b4:00:68:52:a7  .W...W...B...hR.
00000050  bc:80:e4:ea:f3:04:5c:7a:47:62:4a:00:00:00:53:00  ......\zGbJ...S.
00000060  00:00:0b:73:73:68:2d:65:64:32:35:35:31:39:00:00  ...ssh-ed25519..
00000070  00:40:84:b7:2c:f6:4b:4d:53:06:fb:ae:ff:7e:4d:69  .@..,.KMS....~Mi
00000080  c7:46:88:54:1e:16:27:8b:43:28:56:78:9c:85:17:46  .F.T..'.C(Vx...F
00000090  ab:9c:22:52:30:64:79:a4:b5:f4:3c:31:52:24:63:10  .."R0dy....1R$c.
000000a0  57:17:24:a7:5d:9c:21:1d:99:00:9f:8d:03:b9:44:40  W.$.].!.......D@
000000b0  48:0d                                            H.

-> NET_SSH2_MSG_NEWKEYS (since last: 0.0008, network: 0s)
                                                 

<- NET_SSH2_MSG_NEWKEYS (since last: 0, network: 0s)
                                                 

-> NET_SSH2_MSG_SERVICE_REQUEST (since last: 0.0003, network: 0s)
00000000  00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68  ....ssh-userauth

<- NET_SSH2_MSG_SERVICE_ACCEPT (since last: 0.0735, network: 0.0735s)
00000000  00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68  ....ssh-userauth

-> NET_SSH2_MSG_USERAUTH_REQUEST (since last: 0.0001, network: 0s)
00000000  00:00:00:09:73:76:73:75:6e:6c:69:6d:65:00:00:00  ....svsunlime...
00000010  0e:73:73:68:2d:63:6f:6e:6e:65:63:74:69:6f:6e:00  .ssh-connection.
00000020  00:00:04:6e:6f:6e:65                             ...none

<- NET_SSH2_MSG_USERAUTH_FAILURE (since last: 0.0235, network: 0.0234s)
00000000  00:00:00:09:70:75:62:6c:69:63:6b:65:79:00        ....publickey.

-> NET_SSH2_MSG_USERAUTH_REQUEST (since last: 0.0026, network: 0s)
00000000  00:00:00:09:73:76:73:75:6e:6c:69:6d:65:00:00:00  ....svsunlime...
00000010  0e:73:73:68:2d:63:6f:6e:6e:65:63:74:69:6f:6e:00  .ssh-connection.
00000020  00:00:09:70:75:62:6c:69:63:6b:65:79:00:00:00:00  ...publickey....
00000030  07:73:73:68:2d:72:73:61:00:00:02:17:00:00:00:07  .ssh-rsa........
00000040  73:73:68:2d:72:73:61:00:00:00:03:01:00:01:00:00  ssh-rsa.........
00000050  02:01:00:a9:fa:bd:87:00:f7:63:30:ea:65:6e:10:ce  .........c0.en..
00000060  b4:64:b0:70:67:05:1a:57:30:34:84:e4:73:86:a8:9d  .d.pg..W04..s...
00000070  9f:4f:fa:b2:ea:41:d7:e4:d5:04:82:57:5f:94:59:c6  .O...A.....W_.Y.
00000080  9b:74:ab:c9:b1:92:ad:43:91:70:21:de:89:97:c4:10  .t.....C.p!.....
00000090  08:3e:59:d6:ef:03:e5:6e:a9:20:f4:a7:61:9f:9e:cc  .>Y....n. ..a...
000000a0  be:e0:ac:25:3a:61:95:8c:c1:7b:f0:2b:b7:90:69:fd  ...%:a...{.+..i.
000000b0  18:65:e9:24:bc:f6:73:c3:16:3f:70:13:3b:ed:11:c9  .e.$..s..?p.;...
000000c0  a4:63:9a:8f:6c:71:0e:f4:ba:60:6e:f6:f6:7c:6f:7c  .c..lq...`n..|o|
000000d0  f0:5e:dc:3d:25:2f:c1:3b:20:05:ae:de:d4:78:13:be  .^.=%/.; ....x..
000000e0  29:3d:b0:aa:af:ac:44:41:fa:b7:ca:85:b6:d0:b7:98  )=....DA........
000000f0  95:df:b4:57:d7:8f:31:0e:15:21:55:6b:f3:e5:c4:39  ...W..1..!Uk...9
00000100  76:c5:d0:90:d9:96:b9:19:42:13:cb:a3:06:68:c1:0a  v.......B....h..
00000110  cb:5a:8f:61:d4:9c:d3:70:5c:8e:20:f7:34:1c:1e:46  .Z.a...p\. .4..F
00000120  c9:6f:e1:fb:1a:a9:8a:69:af:1e:44:66:39:fc:8e:a8  .o.....i..Df9...
00000130  ba:2c:5c:ed:c6:59:b1:41:f5:85:6a:8a:c6:69:6a:1f  .,\..Y.A..j..ij.
00000140  81:22:2d:4f:d3:92:71:77:e7:47:af:f5:21:9d:84:2c  ."-O..qw.G..!..,
00000150  a7:ab:24:d9:33:ee:b2:f6:4d:9f:1e:25:73:20:0e:bb  ..$.3...M..%s ..
00000160  a2:2d:39:ab:fa:dc:ed:19:c2:55:e3:c0:23:08:d2:09  .-9......U..#...
00000170  c2:78:79:bc:69:cf:3f:88:12:0a:af:83:6a:61:7d:8a  .xy.i.?.....ja}.
00000180  f4:93:8c:c8:75:4b:32:bd:88:e3:23:50:8b:7f:8b:b1  ....uK2...#P....
00000190  4e:91:85:85:ed:60:7e:3f:10:c3:15:26:0c:1b:49:ba  N....`~?...&..I.
000001a0  99:14:14:7c:6b:df:53:ee:2a:4d:c7:be:81:71:24:99  ...|k.S.*M...q$.
000001b0  4b:97:b9:b5:dc:8e:90:a3:e5:8f:8b:4f:74:5f:12:06  K..........Ot_..
000001c0  6a:a4:ea:2c:27:73:36:22:65:2f:6f:aa:a4:71:d4:0f  j..,'s6"e/o..q..
000001d0  80:5b:2a:ba:7a:f2:5e:0c:62:d8:44:16:2e:bc:c5:aa  .[*.z.^.b.D.....
000001e0  a6:77:fa:9b:28:a9:18:ea:af:d0:1e:fb:4e:fe:f6:e3  .w..(.......N...
000001f0  c0:6b:fb:a9:61:ec:bc:58:f2:c9:f7:1e:ab:31:35:75  .k..a..X.....15u
00000200  41:76:80:37:4d:25:f4:cc:f4:47:88:7f:d9:19:b8:42  Av.7M%...G.....B
00000210  df:1b:df:bb:a4:1a:33:fa:db:60:13:a6:df:65:c8:62  ......3..`...e.b
00000220  cb:ae:94:1e:e5:ce:f7:67:4f:76:29:8e:cc:f1:9b:0a  .......gOv).....
00000230  bb:91:e2:54:ee:90:80:4d:80:ec:07:b4:44:21:c1:b4  ...T...M....D!..
00000240  61:b8:63:c1:e7:d6:5c:be:87:8d:3a:8b:d0:9b:a9:66  a.c...\...:....f
00000250  46:8a:f7                                         F..

<- NET_SSH2_MSG_USERAUTH_FAILURE (since last: 0.0211, network: 0.021s)
00000000  00:00:00:09:70:75:62:6c:69:63:6b:65:79:00        ....publickey.

Here is the output of ssh -v

alfred@batman:~$ ssh -v myuser@myhost.com
OpenSSH_8.4p1 Debian-5+deb11u2, OpenSSL 1.1.1w  11 Sep 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to myhost.com [12::34] port 22.
debug1: Connection established.
debug1: identity file /home/alfred/.ssh/id_rsa type 0
debug1: identity file /home/alfred/.ssh/id_rsa-cert type -1
debug1: identity file /home/alfred/.ssh/id_dsa type -1
debug1: identity file /home/alfred/.ssh/id_dsa-cert type -1
debug1: identity file /home/alfred/.ssh/id_ecdsa type -1
debug1: identity file /home/alfred/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/alfred/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/alfred/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/alfred/.ssh/id_ed25519 type -1
debug1: identity file /home/alfred/.ssh/id_ed25519-cert type -1
debug1: identity file /home/alfred/.ssh/id_ed25519_sk type -1
debug1: identity file /home/alfred/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/alfred/.ssh/id_xmss type -1
debug1: identity file /home/alfred/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1
debug1: match: OpenSSH_8.9p1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to myhost.com:22 as 'myuser'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:xxxxxxxxxxxxxxxxxxxxxx
debug1: Host 'myhost.com' is known and matches the ED25519 host key.
debug1: Found key in /home/alfred/.ssh/known_hosts:229
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/alfred/.ssh/id_rsa RSA SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Will attempt key: /home/alfred/.ssh/id_dsa
debug1: Will attempt key: /home/alfred/.ssh/id_ecdsa
debug1: Will attempt key: /home/alfred/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/alfred/.ssh/id_ed25519
debug1: Will attempt key: /home/alfred/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/alfred/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/alfred/.ssh/id_rsa RSA SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Server accepts key: /home/alfred/.ssh/id_rsa RSA SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Authentication succeeded (publickey).
Authenticated to myhost.com ([12::34]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: /var/www/htdocs/myuser/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /var/www/htdocs/myuser/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 6.1.0-13-amd64 x86_64)

The text was updated successfully, but these errors were encountered:

terrafrost · 2023-11-22T11:26:12Z

I think 356ab5f (implementation of RFC8308) should fix the issue for you if you want to pull the latest 3.0 version from git (or just copy / paste phpseclib/Net/SSH2.php). More specifically, I think this issue would be a non-issue if phpseclib tried rsa-sha2-256 or rsa-sha2-512 auth vs just ssh-rsa auth but phpseclib isn't trying rsa-sha2-256 / rsa-sha2-512, which I believe the commit I just made should fix.

It is a little strange, tho - according to your SSH debug info the SSH server should support ssh-rsa auth. It mentions it as a supported signing algorithm on this line:

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>

Regardless, I still think this code change should fix the issue for you!

LordSimal · 2023-11-22T12:38:27Z

I just tried the current state of dev-master but get the following error with logging enabled:

Error: Cannot access uninitialized non-nullable property phpseclib3\Net\SSH2::$log_size by reference
#0 /path/to/myapp/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php(1160): phpseclib3\Net\SSH2->append_log('<-', 'SSH-2.0-OpenSSH...')
#1 /path/to/myapp/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php(1953): phpseclib3\Net\SSH2->connect()
#2 /path/to/myapp/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php(1934): phpseclib3\Net\SSH2->sublogin('svsunlime')
#3 /path/to/myapp/src/Utility/FTP/TypeImplementations/SFTP.php(145): phpseclib3\Net\SSH2->login('myuser', Object(phpseclib3\Crypt\RSA\PrivateKey))

Therefore I just copied the contents of that file as you described over the current state of 3.0.33

With that new file its still not working.
Here is the new output: ssh.log

LordSimal · 2023-11-22T12:47:23Z

Sorry, I had to use the 3.0.x-dev branch, not the master.
The access error above is gone but I still have the same problem with it not working (and the same log output as above)

terrafrost · 2023-11-22T14:23:54Z

Try it again.

Relevant commit:

49c9439

LordSimal · 2023-11-22T18:09:32Z

Still not working.

If it helps, the state of $algos at the point

$algo = self::array_intersect_first($algos, $this->supported_private_key_algorithms);

is

array (
  0 => 'rsa-sha2-256',
  1 => 'rsa-sha2-512',
  2 => 'ssh-rsa',
)

and $this->supported_private_key_algorithms

array (
  0 => 'ssh-ed25519',
)

therefore it defaults to

$hash = 'sha1';
$signatureType = 'ssh-rsa';

later in the switch-case

terrafrost · 2023-11-22T18:49:51Z

Try it again!

Also, I apologize for the trial and error - I don't have a server that reproduces the issue (well that claims to support ssh-rsa but then doesn't, among other things), which complicates things. I could put more effort into trying to create a server that reproduces the issue but I'm also trying to get some stuff taken care of before Thanksgiving Day in the United States tomorrow so I'm trying to multi task and meh.

LordSimal · 2023-11-22T18:58:01Z

Oh no worries, I am very grateful for your quick and very supportive attitude because.... it now works 🥳

Many thanks for getting this resolved 🙇🏻

terrafrost · 2023-11-23T00:10:44Z

Glad to hear it! And thank you for the donation! 😀

terrafrost referenced this issue Nov 22, 2023

SSH2: add support for RFC8308

356ab5f

terrafrost added a commit to terrafrost/phpseclib that referenced this issue Nov 22, 2023

SSH2: another attempt at phpseclib#1960

e84886f

LordSimal closed this as completed Nov 22, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cannot connect to server with private key #1960

Cannot connect to server with private key #1960

LordSimal commented Nov 21, 2023 •

edited

Loading

terrafrost commented Nov 22, 2023

LordSimal commented Nov 22, 2023

LordSimal commented Nov 22, 2023 •

edited

Loading

terrafrost commented Nov 22, 2023

LordSimal commented Nov 22, 2023 •

edited

Loading

terrafrost commented Nov 22, 2023

LordSimal commented Nov 22, 2023

terrafrost commented Nov 23, 2023

Cannot connect to server with private key #1960

Cannot connect to server with private key #1960

Comments

LordSimal commented Nov 21, 2023 • edited Loading

terrafrost commented Nov 22, 2023

LordSimal commented Nov 22, 2023

LordSimal commented Nov 22, 2023 • edited Loading

terrafrost commented Nov 22, 2023

LordSimal commented Nov 22, 2023 • edited Loading

terrafrost commented Nov 22, 2023

LordSimal commented Nov 22, 2023

terrafrost commented Nov 23, 2023

LordSimal commented Nov 21, 2023 •

edited

Loading

LordSimal commented Nov 22, 2023 •

edited

Loading

LordSimal commented Nov 22, 2023 •

edited

Loading