Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Broken usage of .ppk auth keys #11887

Closed
cyberduck opened this issue Oct 28, 2021 · 13 comments
Closed

Broken usage of .ppk auth keys #11887

cyberduck opened this issue Oct 28, 2021 · 13 comments
Assignees
Labels
bug fixed sftp SFTP Protocol Implementation
Milestone

Comments

@cyberduck
Copy link
Collaborator

4e25709 created the issue

Upgrading to Version 8.0.0 (upgraded via Mac App Store) has broken usage of .ppk auth keys for me. Can no longer log in to several servers that have been long set up and have been working fine until the upgrade. I am still able to log in to these servers on other tools, using the exact same credentials, so the problem is definitely Cyberduck. I think the .ppk filetype is the issue, since my server using a different key type is still working fine on Cyberduck.

It may be worth noting that my server keys are stored OUTSIDE of the standard .ssh/ folder. Version 8.0.0 successfully fixed my previous ticket (#11782) that key locations outside of the .ssh/ folder were not remembered properly on Mac and these keys had to be relocated upon each server login which was tedious. It is possible that the fix for this ticket could be related to this new bug.

Login fails with message: "Login failed. Exhausted available authentication methods. Invalid passphrase. Please contact your web hosting service provider for assistance."

Interestingly, after failing, it seems to "forget" the key location that I input, no matter how many times i keep reinputting it. (see screenshot)

Many thanks if you can look into it.


Attachments

@cyberduck
Copy link
Collaborator Author

4e25709 commented

Oh and just to clarify: these are password-protected .ppk keys, so the password relates to the key, not the username

@cyberduck
Copy link
Collaborator Author

a434540 commented

I can confirm this issue on windows 10 with a newly updated 8.0.0, all servers using .ppks now fail to authenticate.

ssh logins to those servers with the same key still work, and actually show the cyberduck attempts as failed logins on entry to bash

can also confirm that the auth dialog also unsets the saved .ppk location every time i try again.

have had to swap to filezilla for now, without an easy way to roll back cyberduck.

If it helps narrow anything down my .ppk is stored in a google drive folder, and I've recently updated to the new google drive desktop app that does handle files differently.

edit: rolled back to 7.10.2 and they all work again

@cyberduck
Copy link
Collaborator Author

b99d0aa commented

I can confirm this issue on windows 10 with a newly updated 8.0.0. I was using Pageant with my .ppk stored on my c drive. Logins now fail. I cannot find instructions to roll back to a previous version of cyberduck.

@cyberduck
Copy link
Collaborator Author

a434540 commented

hi sduncan, you can roll back using the installer executable on the changelog page: https://cyberduck.io/changelog/
the links are just under the version numbers on the left hand side. if you uninstall th old version first and then run to install the old one it shoud work. backup your settings first though, not sure where they're stored on macOS or linux but on windows they're in your %appdata% folder

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Ticket retargeted after milestone closed

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Regression from 93a0cf0.

@cyberduck
Copy link
Collaborator Author

@ylangisc commented

Replying to [comment:4 ianfiretoys]:

hi sduncan, you can roll back using the installer executable on the changelog page: https://cyberduck.io/changelog/
the links are just under the version numbers on the left hand side. if you uninstall th old version first and then run to install the old one it shoud work. backup your settings first though, not sure where they're stored on macOS or linux but on windows they're in your %appdata% folder

What is the key type you are using? Can you please share the first line of a failing .ppk key? With PuTTY-User-Key-File-2: ssh-rsa and PuTTY-User-Key-File-3: ssh-rsa I was unable to reproduce the issue.

@cyberduck
Copy link
Collaborator Author

b99d0aa commented

Replying to [comment:8 yla]:

Replying to [comment:4 ianfiretoys]:

hi sduncan, you can roll back using the installer executable on the changelog page: https://cyberduck.io/changelog/
the links are just under the version numbers on the left hand side. if you uninstall th old version first and then run to install the old one it shoud work. backup your settings first though, not sure where they're stored on macOS or linux but on windows they're in your %appdata% folder

What is the key type you are using? Can you please share the first line of a failing .ppk key? With PuTTY-User-Key-File-2: ssh-rsa and PuTTY-User-Key-File-3: ssh-rsa I was unable to reproduce the issue.

I switched back to the older version and it's now working. I haven't tried re-installing 8. These are the first two lines:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc

@cyberduck
Copy link
Collaborator Author

a434540 commented

puttygen generated RSA key,
first lines:

PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc

@cyberduck
Copy link
Collaborator Author

4e25709 commented

Same here:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Upstream fix.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Test in 0e90638.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

In 799665e.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 27, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug fixed sftp SFTP Protocol Implementation
Projects
None yet
Development

No branches or pull requests

2 participants