Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SFTP: Login Not Attempting Public Key Authentication #1016

Closed
cyberduck opened this issue Feb 3, 2007 · 6 comments
Closed

SFTP: Login Not Attempting Public Key Authentication #1016

cyberduck opened this issue Feb 3, 2007 · 6 comments
Assignees
Labels
bug fixed sftp SFTP Protocol Implementation
Milestone

Comments

@cyberduck
Copy link
Collaborator

caee3c7 created the issue

Great app, however I can't get SFTP to try public key authentication against my linux server (running "OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006"). I can log in with password authentication. I can also log in fine with the OpenSSH sftp command line client ("OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004") using password and public key authentication.

I ran "defaults write ch.sudo.cyberduck logging INFO", and the console output is below. I'm not getting any IO or key parsing errors like the other public key authentication related bugs I found in Trac.

I've tried both RSA and DSA SSH Protocol 2 keys, both password-less. (And I am checking off the "Use Public Key Authentication" option in the connect dialog, and then selecting either my id_rsa or id_dsa private key files.)

I've tried 2.7.2 and nightly 2813.

599080 [Background] INFO ch.cyberduck.core.Session  - Mounting myhost...
599081 [Background] INFO ch.cyberduck.core.Session  - Opening SSH connection to myhost...
599510 [Background] INFO com.sshtools.j2ssh.transport.TransportProtocolCommon  - Starting transport protocol
599511 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.TransportProtocolCommon  - Registering transport protocol messages with inputstream
599512 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.TransportProtocolCommon  - Negotiating protocol version
599815 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.TransportProtocolCommon  - Protocol negotiation complete
600167 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.TransportProtocolCommon  - Starting key exchange
600168 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.kex.DhGroup1Sha1  - Starting client side key exchange.
600560 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.HostKeyVerification  - Verifying myhost,my.hst.ip.add host key
600562 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.TransportProtocolCommon  - The host key signature is  valid
600562 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.TransportProtocolCommon  - Completing key exchange
600564 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.cipher.SshCipherFactory  - Creating new blowfish-cbc cipher instance
600566 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.cipher.SshCipherFactory  - Creating new blowfish-cbc cipher instance
600797 [Background] INFO ch.cyberduck.core.Session  - SSH connection opened
600798 [Background] INFO ch.cyberduck.core.Session  - Authenticating as 'ibrandt'
600798 [Background] INFO ch.cyberduck.core.sftp.SFTPSession  - Trying Password authentication...
600899 [Background] INFO ch.cyberduck.core.sftp.SFTPSession  - Trying Keyboard Interactive (PAM) authentication...
600992 [Background] INFO ch.cyberduck.core.Session  - Login failed
618326 [main] INFO ch.cyberduck.ui.cocoa.CDWindowController  - Cancel login...
618501 [Background] INFO ch.cyberduck.core.Session  - Disconnecting…
618502 [Background] INFO com.sshtools.j2ssh.connection.ConnectionProtocol  - Closing all active channels
618503 [Background] INFO ch.cyberduck.core.Session  - Disconnected
618508 [Transport protocol 2] INFO com.sshtools.j2ssh.transport.TransportProtocolCommon  - The Transport Protocol has been stopped
@cyberduck
Copy link
Collaborator Author

@dkocher commented

Looking at the look it does indeed not even attempt to use Public Key Authentication as otherwise there would be a line saying Trying Public Key authentication....
However, I have just tested this many times selecting keys from different locations on my system and I am unable to see this problem here. Make sure the 'Use Public Key Authentication' is really checked and maybe try creating a bookmark instead and entering the connection settings there.

@cyberduck
Copy link
Collaborator Author

caee3c7 commented

If I create it as a bookmark and connect via that it works. Still no luck from the standard connect dialog however.

I am definitely checking off the 'Use Public Key Authentication' option. As confirmation after choosing it and selecting my private key the path to the key is displayed as a text field. I've just tried making the selection of the option the first thing I enter into the dialog (it was the last thing I was doing) in hopes that entering a value after it ('Server' for example) would encourage the selection to "take", but it made no difference.

I've got the trunk up and running in Xcode with the debugger attached. I can reproduce the issue. Aside from a Hello World tutorial I did over a year ago I'm totally green with Xcode and native Mac apps. I do know Java well, and I have academic knowledge of Objective-C, so I might be able to root out the problem. If you could recommend any particular breakpoints to start from that would speed things up a lot on my end.

Lowering the severity to normal as there is now a known workaround.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Thanks for your additional comment. I think I have narrowed down the problem that you must be running a localized version of Cyberduck. There is an assumption in the code that two (identical) strings are translated the same in two different places which may not be the case.

@cyberduck
Copy link
Collaborator Author

caee3c7 commented

Interesting as I think I just found the issue, but it doesn't appear related to localization:

CDConnectionController line 608 calls:

host.getCredentials().setPrivateKeyFile(pkLabel.stringValue());

but then 641 calls:

host.setCredentials(usernameField.stringValue(), passField.stringValue(), keychainCheckbox.state() == NSCell.OnState);

which in turn in Host 454 does:

this.setCredentials(new Login(this.getHostname(), this.getProtocol(), username, password, addToKeychain));

The "new Login" there loses the existing Login.privateKeyFile value.

When we get to SFTPSession line 286 the call to host.getCredentials().usesPublicKeyAuthentication() returns false on account of the null privateKeyFile value, and public key authentication is not attempted.

I couldn't get Xcode to stop at my breakpoints, so this analysis is based on a quick reading of the code and compiling in a few debug statements. I very well may have erred, or perhaps this chain of events is only triggered for certain locales?

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Thanks for spotting the bug. To debug Cyberduck, run the debug.sh script and connect using the Java Remote Debugger eg. from inside the IntelliJ IDEA IDE. Within XCode, it is not possible to debug Cyberduck.

Fixed in 6563bab.

@cyberduck
Copy link
Collaborator Author

moskovskie individualki commented

Hi!
http://shuhimoskvy.t35.com moskovskie shluhi
http://bestdosug.awardspace.biz intim dosug moskvy
http://libtorrent.rakshasa.no/ticket/241 moskovskie shalavy
http://trac.cedricgaspoz.com/projects/pydigitemp/ticket/17 moskovskie intim uslugi
hier.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug fixed sftp SFTP Protocol Implementation
Projects
None yet
Development

No branches or pull requests

2 participants