New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot connect with SSH public key authentication ("Can't read key due to internal IO problems") #12331
Comments
I generated a new keypair, which worked within Cyberduck. The problem, it seems, is with the extraneous tags that were included in the private key file. The Proc-Type and DEK-Info tags, which are actually defined in RFC1421, seem to be giving Cyberduck some parsing problems. SSH Agent, a utility I use to manage my key forwarding, added these encapsulated headers to my private keys whenever I put them under its control. I've lowered the priority and severity of this bug, but Cyberduck should, to play nicely with other software, simply skip over these headers whilst parsing the private key. |
Thanks for the detailed bug report. I can reproduce this with one key of my own but have not yet found the reason for the failure. You should be able to work around this by creating another key pair. |
Not sure what would be causing the problem, then. Here's how I narrowed it down:
Repeating the process above, but setting mode to a-w before activating the public key in SSH Agent will allow Cyberduck and SSH Agent to play nicely together. It's quite possible (probable, perhaps) that the problem actually lies with SSH Agent, but since it does handle forwarding correctly for other apps (including command-line ssh), who knows? |
Seems to me this exception is triggered when a wrong password for the key is entered. Can you confirm this? |
That exception does occur when an incorrect password is entered. However, my particular problem is a little more complicated. When I try to use my original key (I'll call it tonks-1 from now on), it doesn't even ask for my password, even though I entered one when I generated the key. The problem might be the cause, as I speculated earlier, of SSH Agent instead. The original key I used, tonks-1, which causes this problem was generated inside SSH Agent instead of using the CLI ssh-keygen utility, which also perhaps explains why the Proc-Type and DEK-Info headers show up inside the key. Since Cyberduck seems to work well with other keys and you have other more important defects and enhancements to work on (I'm really looking forward to that key forwarding enhancement in #12024!), I'd say this is a very minor issue and would, in fact, be inclined to assign the problem to SSH Agent. |
I have three Tiger machines with the same cofiguration, 1: PowerMac G4 (in my home) I mean I have exactly the same ssh keys under ~/.ssh/, While I'm quite confortable with using cyberduck on 1, IO Error: Can't read key due to internal IO problems: java.io.IOException: Assertion failed, next byte value is 48 instead of asserted 30 (not f8 but 48) I have tried to use fugu and fetch also. Though they I don't understand what is happening. |
Thanks, it's solved in version 2.6. Apparently, this bug dissapeared by distinguishing password and passphrase in cyberduck of version 2.6. For machines 2 and 3, I tested the connection by using password first. Thanks again. |
I concur! The 2.6 release has fixed this problem and I feel confident enough to call it resolved. |
I'm afraid I have the problem now, with version 2.6. I did not experience this with earlier versions :( |
I am seeing this problem with version 2.6.2. I suspect (OK guess) it is related to SSHKeyChain having the file open since if |
Pleaes check against build 2844 from http://update.cyberduck.ch/nightly/ |
Whilst trying to use SSH public key authentication to connect to a server, the following error is returned from Cyberduck:
-IO Error: Can't read key due to internal IO problems: java.io.IOException: Assertion failed, next byte value is f8 instead of asserted 30*
Cyberduck is able to connect normally (over SFTP) if password authentication is used instead of public key authentication.
Private key is in format of
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4C69CBBC6918389F
and is correctly selected inside my Cyberduck bookmark for the site to which I am attempt to connect.
I would much prefer to connect via public key authentication (especially if Cyberduck support ssh-agent key forwarding!, but that's an enhancement, not a defect) but as of yet have been unable to connect via SFTP except with password authentication.
The text was updated successfully, but these errors were encountered: