Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ed25519 private keys are not supported. #20

Closed
mmaguigan opened this issue Jun 17, 2016 · 16 comments
Closed

ed25519 private keys are not supported. #20

mmaguigan opened this issue Jun 17, 2016 · 16 comments
Labels
enhancement
Milestone
2020.0.0-beta1

Comments

@mmaguigan
Copy link

Please consider adding support for ed25519 private keys.
@jestemkojak
Copy link

I would also recommend ecdsa-sha2-nistp256 which is a default for ubuntu servers.
Here's a list of what type of keys openssh client supports. It would be nice to have them all:

@ypid ypid mentioned this issue Jul 28, 2016
Closed
@wskinner
Copy link

This issue is over a year old. Are there any plans to support modern ciphers and macs in SSH.NET?

@wskinner wskinner mentioned this issue Oct 15, 2017
Closed
@VinsonY
Copy link

VinsonY commented Jul 17, 2018

Does anyone know of a way to simply add ecdsa-sha2-nistp256 to the key exchange algorithm manually? I'm trying to connect to an SFTP site and it is telling me:

No suitable authentication method found to complete authentication (publickey,keyboard-interactive).

@sveeke
Copy link

sveeke commented Jul 18, 2018

I get the same errors. ed25519 keys can't be used. This is actually a dealbreaker since more and more defaults and policies are moving away from RSA in favour of ecdsa and ed25519.

@Rondom Rondom mentioned this issue Sep 6, 2018
Closed
@masaeedu masaeedu mentioned this issue Nov 11, 2018
Closed
@darinkes
Copy link
Collaborator

I would also recommend ecdsa-sha2-nistp256 which is a default for ubuntu servers.
Here's a list of what type of keys openssh client supports. It would be nice to have them all:

* ssh-rsa

* ssh-dss

* ssh-ed25519

* ecdsa-sha2-nistp256

* ecdsa-sha2-nistp384

* ecdsa-sha2-nistp521

* [ssh-rsa-cert-v01@openssh.com](mailto:ssh-rsa-cert-v01@openssh.com)

* [ssh-dss-cert-v01@openssh.com](mailto:ssh-dss-cert-v01@openssh.com)

* [ecdsa-sha2-nistp256-cert-v01@openssh.com](mailto:ecdsa-sha2-nistp256-cert-v01@openssh.com)

* [ecdsa-sha2-nistp384-cert-v01@openssh.com](mailto:ecdsa-sha2-nistp384-cert-v01@openssh.com)

* [ecdsa-sha2-nistp521-cert-v01@openssh.com](mailto:ecdsa-sha2-nistp521-cert-v01@openssh.com)

* [ssh-rsa-cert-v00@openssh.com](mailto:ssh-rsa-cert-v00@openssh.com)

* [ssh-dss-cert-v00@openssh.com](mailto:ssh-dss-cert-v00@openssh.com)

* [ssh-ed25519-cert-v01@openssh.com](mailto:ssh-ed25519-cert-v01@openssh.com)

FYI, I'm working now on this PR #489 to be able to use ECDSA (no ed25519).
Real World Tests would be highly appreciated.

These Keys already work with this diff:

  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521

But I also want to take a look if these can be added accordingly:

@darinkes
Copy link
Collaborator

Just a short update, cause of interest and need I spend now some time to update SSH.NET in this area:

There are now working (at least on my machine ;)) Diffs for:

If anybody wants to help and/or test those Diffs, it would be highly appreciated.

@ghost
Copy link

ghost commented Apr 20, 2019

@darinkes repos are now deleted - does anyone have the code?

@darinkes
Copy link
Collaborator

@voltagex it just moved => #496

@drieseng drieseng added this to the 2020.0.0-beta1 milestone Jan 22, 2020
@drieseng
Copy link
Member

@darinkes' changes have landed in the develop branch, and will be part of the next release.

@ygoe
Copy link

ygoe commented Nov 20, 2020

@drieseng Is it safe to use the current develop branch snapshot? There hasn't been a release and this merge is almost a year ago, the last commit almost half a year. To be able to use it, I'd need to publish an unofficial NuGet package of a pre-release myself.

@drieseng
Copy link
Member

@ygoe There's a 2020.0.0-beta1 pre-release package., which should be safe to use.

@ygoe ygoe mentioned this issue Jan 5, 2021
Closed
@ygoe
Copy link

ygoe commented Feb 20, 2021
edited

Something isn't working here. When I try to use an Ed25519 key in OpenSSH format, I get this error message:

Exception: SshException
Message: cipher name aes256-ctr for openssh key file is not supported
StackTrace:
at Renci.SshNet.PrivateKeyFile.ParseOpenSshV1Key(Byte[] keyFileData, String passPhrase)
at Renci.SshNet.PrivateKeyFile.Open(Stream privateKey, String passPhrase)
at Renci.SshNet.PrivateKeyFile..ctor(String fileName, String passPhrase)

Hasn't this been included in the NuGet package version 2020.0.1?

Update: The aforementioned is for password-protected keys. Unprotected keys give me this error message instead:

Exception: ArgumentOutOfRangeException
Message: Error loading the private key: The requested length (6243) is greater than the actual number of bytes read (29).
Parametername: length
StackTrace:
at Renci.SshNet.Common.SshDataStream.ReadBytes(Int32 length)
at Renci.SshNet.Common.SshDataStream.ReadString(Encoding encoding)
at Renci.SshNet.PrivateKeyFile.ParseOpenSshV1Key(Byte[] keyFileData, String passPhrase)
at Renci.SshNet.PrivateKeyFile.Open(Stream privateKey, String passPhrase)
at Renci.SshNet.PrivateKeyFile..ctor(String fileName, String passPhrase)
at DotnetSshDeploy.Deploy.InitializeConnectionInfo() in C:\Source\Web\DotnetSshDeploy\DotnetSshDeploy\Deploy.cs:line 406

@darinkes
Copy link
Collaborator

@ygoe can you try a build which includes this PR #614?
If not, could you tell me how you generated those keys and maybe sent me a keypair.

Thanks

@ygoe
Copy link

ygoe commented Feb 21, 2021

That PR is still open, so I'm not sure where to get a build that includes it.

I just created it with puttygen, nothing fancy. Just create a new key with Ed25519, add its public part to the SSH config and export in any format, with and without password, until it may work. There are so many incompatible formats and puttygen does something else each time for each key type that I cannot predict what's going on.

@darinkes
Copy link
Collaborator

Ok, made multiple test with puttygen and those keys work without an issue.
Encrypted keys fail in current release, cause PR #614 will add aes256-ctr for OpenSSH Format Keys.
Confirmed Encrypted Keys also work with PR #614.

puttygen: Release 0.74
Worflow: Selected Ed25519 -> [Generate] -> Conversions -> Export OpenSSH key -> Without Password [yes]

You can send me one of your failing keys to "stefan.rinkes at gmail.com" if you like.

@darinkes
Copy link
Collaborator

@ygoe thanks for sending a test keypair. This really need #614 to be merged.

Here is the issue in the old code: https://github.com/sshnet/SSH.NET/pull/614/files#diff-5ff67ce9967b2cc4fc2bbeeb0668079c1f46873bdb011ce12ea67bc81c112dbcL484

Hardcoded length values.

Pinging @drieseng so he is aware there is an issue with current OpenSSH-Format Parser which "accidentaly" also got fixed by #614

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
2020.0.0-beta1
Development

No branches or pull requests
8 participants
@drieseng @darinkes @jestemkojak @ygoe @wskinner @mmaguigan @sveeke @VinsonY