Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exception authenticating with ECDSA key #10412

Closed
cyberduck opened this issue Jul 30, 2018 · 10 comments
Closed

Exception authenticating with ECDSA key #10412

cyberduck opened this issue Jul 30, 2018 · 10 comments
Labels
bug fixed sftp SFTP Protocol Implementation
Milestone

Comments

@cyberduck
Copy link
Collaborator

99373a5 created the issue

I'm unable to login to my SFTP server using an ECDSA public key. This key is 521 bits and password-protected. This used to work fine with an RSA key before I switched. The first time I connect, it says "Broken transport; encountered EOF. The connection attempt was rejected. The server may be down, or your network may not be properly configured.". When I try again, it says "Exhausted available authentication methods."
I've tried in the latest 6.6.2 and this is what I get from the log:

Jul 29 18:40:31 fifteen Cyberduck[24028]: [reader] ERROR net.schmizz.sshj.transport.TransportImpl - Dying because - Broken transport; encountered EOF
	
	net.schmizz.sshj.transport.TransportException: Broken transport; encountered EOF
		at net.schmizz.sshj.transport.Reader.run(Reader.java:57)
Jul 29 18:40:31 fifteen Cyberduck[24028]: [background-9] ERROR net.schmizz.concurrent.Promise - <<authenticated>> woke to: net.schmizz.sshj.userauth.UserAuthException: Broken transport; encountered EOF
Jul 29 18:40:49 fifteen Cyberduck[24028]: [reader] ERROR net.schmizz.sshj.transport.TransportImpl - Dying because - null
	
	java.lang.ArrayIndexOutOfBoundsException
		at java.lang.System.arraycopy(Native Method)
		at net.schmizz.sshj.signature.SignatureECDSA.encode(SignatureECDSA.java:96)
		at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:74)
		at net.schmizz.sshj.userauth.method.AuthPublickey.sendSignedReq(AuthPublickey.java:74)
		at net.schmizz.sshj.userauth.method.AuthPublickey.handle(AuthPublickey.java:45)
		at net.schmizz.sshj.userauth.UserAuthImpl.handle(UserAuthImpl.java:142)
		at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:500)
		at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:102)
		at net.schmizz.sshj.transport.Decoder.received(Decoder.java:170)
		at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
Jul 29 18:40:49 fifteen Cyberduck[24028]: [background-10] ERROR net.schmizz.concurrent.Promise - <<authenticated>> woke to: net.schmizz.sshj.userauth.UserAuthException

And this is what shows in the sshd server log:

Jul 29 18:46:39 kodi sshd[4422]: error: buffer_get_bignum2_ret: negative numbers not supported
Jul 29 18:46:39 kodi sshd[4422]: fatal: buffer_get_bignum2: buffer error
Jul 29 18:46:41 kodi sshd[4424]: Connection closed by 192.168.3.101 [preauth]
Jul 29 18:46:49 kodi sshd[4429]: Received disconnect from 192.168.3.101: 11:  [preauth]
@cyberduck
Copy link
Collaborator Author

@dkocher commented

Please update to the latest snapshot build available and let us know if you still see this issue.

@cyberduck
Copy link
Collaborator Author

99373a5 commented

Same problem with the latest snapshot 6.8.5 (29289). I don't remember how I got that verbose error message before, but this time the log drawer shows nothing. I found this in Console system.log:

Nov 25 22:53:19 fifteen Cyberduck[21644]: [reader] ERROR net.schmizz.sshj.transport.TransportImpl - Dying because - null
Nov 25 22:53:19 fifteen Cyberduck[21644]: [background-20] ERROR net.schmizz.concurrent.Promise - <<authenticated>> woke to: net.schmizz.sshj.userauth.UserAuthException

And this in sshd log:

Nov 25 22:57:02 kodi sshd[22815]: error: buffer_get_bignum2_ret: negative numbers not supported
Nov 25 22:57:02 kodi sshd[22815]: fatal: buffer_get_bignum2: buffer error
Nov 25 22:57:05 kodi CRON[22818]: pam_unix(cron:session): session closed for user elliott

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Please reopen this issue if you can reproduce with the current snapshot build.

@cyberduck
Copy link
Collaborator Author

99373a5 commented

This problem still exists in version 7.0 on Mojave.

Mar 20 00:22:47 fifteen Cyberduck[33899]: [reader] ERROR net.schmizz.sshj.transport.TransportImpl - Dying because - null
	
	java.lang.ArrayIndexOutOfBoundsException
		at java.lang.System.arraycopy(Native Method)
		at net.schmizz.sshj.signature.SignatureECDSA.encode(SignatureECDSA.java:96)
		at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:74)
		at net.schmizz.sshj.userauth.method.AuthPublickey.sendSignedReq(AuthPublickey.java:74)
		at net.schmizz.sshj.userauth.method.AuthPublickey.handle(AuthPublickey.java:45)
		at net.schmizz.sshj.userauth.UserAuthImpl.handle(UserAuthImpl.java:142)
		at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:500)
		at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
		at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
		at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
		at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
Mar 20 00:22:47 fifteen Cyberduck[33899]: [Thread-30] ERROR net.schmizz.concurrent.Promise - <<authenticated>> woke to: net.schmizz.sshj.userauth.UserAuthException

@cyberduck
Copy link
Collaborator Author

@dkocher commented

We will try to reproduce using a key generated with ssh-keygen -t ecdsa -b 521.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Ticket retargeted after milestone closed

@cyberduck
Copy link
Collaborator Author

99373a5 commented

I tried again in the latest snapshot, making new keys with the above command, just to make sure there isn't something weird with my key. Same problem, and it only happens when the key has a passphrase.

If you login once with SSH in Terminal using this key, it will be cached by ssh-agent, and then Cyberduck works. To test properly, you should flush the cache with ssh-add -D.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

I can reproduce the error.

@cyberduck
Copy link
Collaborator Author

99373a5 commented

This is still a problem in 7.1.1 and macOS Catalina

@cyberduck
Copy link
Collaborator Author

99373a5 commented

Thank you! I can confirm this is working in 7.7.1

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug fixed sftp SFTP Protocol Implementation
Projects
None yet
Development

No branches or pull requests

1 participant