Cyberduck Mountain Duck CLI

#10412 reopened defect

Exception authenticating with ECDSA key

Reported by: elliott balsley Owned by:
Priority: normal Milestone: 7.1
Component: sftp Version: 6.6.2
Severity: normal Keywords:
Cc: Architecture: Intel
Platform: macOS 10.13

Description

I'm unable to login to my SFTP server using an ECDSA public key. This key is 521 bits and password-protected. This used to work fine with an RSA key before I switched. The first time I connect, it says "Broken transport; encountered EOF. The connection attempt was rejected. The server may be down, or your network may not be properly configured.". When I try again, it says "Exhausted available authentication methods." I've tried in the latest 6.6.2 and this is what I get from the log:

Jul 29 18:40:31 fifteen Cyberduck[24028]: [reader] ERROR net.schmizz.sshj.transport.TransportImpl - Dying because - Broken transport; encountered EOF
	
	net.schmizz.sshj.transport.TransportException: Broken transport; encountered EOF
		at net.schmizz.sshj.transport.Reader.run(Reader.java:57)
Jul 29 18:40:31 fifteen Cyberduck[24028]: [background-9] ERROR net.schmizz.concurrent.Promise - <<authenticated>> woke to: net.schmizz.sshj.userauth.UserAuthException: Broken transport; encountered EOF
Jul 29 18:40:49 fifteen Cyberduck[24028]: [reader] ERROR net.schmizz.sshj.transport.TransportImpl - Dying because - null
	
	java.lang.ArrayIndexOutOfBoundsException
		at java.lang.System.arraycopy(Native Method)
		at net.schmizz.sshj.signature.SignatureECDSA.encode(SignatureECDSA.java:96)
		at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:74)
		at net.schmizz.sshj.userauth.method.AuthPublickey.sendSignedReq(AuthPublickey.java:74)
		at net.schmizz.sshj.userauth.method.AuthPublickey.handle(AuthPublickey.java:45)
		at net.schmizz.sshj.userauth.UserAuthImpl.handle(UserAuthImpl.java:142)
		at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:500)
		at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:102)
		at net.schmizz.sshj.transport.Decoder.received(Decoder.java:170)
		at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
Jul 29 18:40:49 fifteen Cyberduck[24028]: [background-10] ERROR net.schmizz.concurrent.Promise - <<authenticated>> woke to: net.schmizz.sshj.userauth.UserAuthException

And this is what shows in the sshd server log:

Jul 29 18:46:39 kodi sshd[4422]: error: buffer_get_bignum2_ret: negative numbers not supported
Jul 29 18:46:39 kodi sshd[4422]: fatal: buffer_get_bignum2: buffer error
Jul 29 18:46:41 kodi sshd[4424]: Connection closed by 192.168.3.101 [preauth]
Jul 29 18:46:49 kodi sshd[4429]: Received disconnect from 192.168.3.101: 11:  [preauth]

Change History (10)

comment:1 Changed on Aug 6, 2018 at 3:40:57 PM by dkocher

  • Summary changed from Unable to login with ECDSA key to Exception authenticating with ECDSA key

comment:2 Changed on Nov 20, 2018 at 9:03:18 AM by dkocher

  • Milestone set to 7.0

Please update to the latest snapshot build available and let us know if you still see this issue.

comment:3 Changed on Nov 22, 2018 at 9:57:09 AM by dkocher

  • Resolution set to fixed
  • Status changed from new to closed

comment:4 Changed on Nov 26, 2018 at 7:01:26 AM by elliott balsley

  • Resolution fixed deleted
  • Status changed from closed to reopened

Same problem with the latest snapshot 6.8.5 (29289). I don't remember how I got that verbose error message before, but this time the log drawer shows nothing. I found this in Console system.log:

Nov 25 22:53:19 fifteen Cyberduck[21644]: [reader] ERROR net.schmizz.sshj.transport.TransportImpl - Dying because - null
Nov 25 22:53:19 fifteen Cyberduck[21644]: [background-20] ERROR net.schmizz.concurrent.Promise - <<authenticated>> woke to: net.schmizz.sshj.userauth.UserAuthException

And this in sshd log:

Nov 25 22:57:02 kodi sshd[22815]: error: buffer_get_bignum2_ret: negative numbers not supported
Nov 25 22:57:02 kodi sshd[22815]: fatal: buffer_get_bignum2: buffer error
Nov 25 22:57:05 kodi CRON[22818]: pam_unix(cron:session): session closed for user elliott

comment:5 Changed on Jan 23, 2019 at 1:43:35 PM by dkocher

  • Milestone changed from 7.0 to 6.9.2
  • Resolution set to worksforme
  • Status changed from reopened to closed

Please reopen this issue if you can reproduce with the current snapshot build.

comment:6 Changed on Mar 20, 2019 at 7:24:26 AM by elliott balsley

  • Resolution worksforme deleted
  • Status changed from closed to reopened

This problem still exists in version 7.0 on Mojave.

Mar 20 00:22:47 fifteen Cyberduck[33899]: [reader] ERROR net.schmizz.sshj.transport.TransportImpl - Dying because - null
	
	java.lang.ArrayIndexOutOfBoundsException
		at java.lang.System.arraycopy(Native Method)
		at net.schmizz.sshj.signature.SignatureECDSA.encode(SignatureECDSA.java:96)
		at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:74)
		at net.schmizz.sshj.userauth.method.AuthPublickey.sendSignedReq(AuthPublickey.java:74)
		at net.schmizz.sshj.userauth.method.AuthPublickey.handle(AuthPublickey.java:45)
		at net.schmizz.sshj.userauth.UserAuthImpl.handle(UserAuthImpl.java:142)
		at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:500)
		at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
		at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
		at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
		at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
Mar 20 00:22:47 fifteen Cyberduck[33899]: [Thread-30] ERROR net.schmizz.concurrent.Promise - <<authenticated>> woke to: net.schmizz.sshj.userauth.UserAuthException
Last edited on Mar 20, 2019 at 7:24:52 AM by elliott balsley (previous) (diff)

comment:7 Changed on Mar 21, 2019 at 9:17:05 AM by dkocher

  • Milestone changed from 6.9.2 to 6.9.5

We will try to reproduce using a key generated with ssh-keygen -t ecdsa -b 521.

comment:8 Changed on May 22, 2019 at 12:35:36 PM by dkocher

  • Milestone changed from 6.9.5 to 7.0

Ticket retargeted after milestone closed

comment:9 Changed on May 26, 2019 at 5:45:56 PM by elliott balsley

I tried again in the latest snapshot, making new keys with the above command, just to make sure there isn't something weird with my key. Same problem, and it only happens when the key has a passphrase.

If you login once with SSH in Terminal using this key, it will be cached by ssh-agent, and then Cyberduck works. To test properly, you should flush the cache with ssh-add -D.

comment:10 Changed on Jun 4, 2019 at 1:49:59 PM by dkocher

  • Milestone changed from 7.0 to 7.1

I can reproduce the error.

Note: See TracTickets for help on using tickets.
swiss made software