Cyberduck Mountain Duck CLI

#8371 closed defect (worksforme)

Login failure with public key authentication

Reported by: lucaboss74 Owned by: dkocher
Priority: normal Milestone: 4.6.2
Component: sftp Version: 4.6
Severity: normal Keywords: SFTP public key
Cc: Architecture: Intel
Platform:

Description

Hi, after an upgrade of Cyberduck to release 4.6 (15810) on Mac OS X Yosemite 10.10.1, Cyberduck stopped working with SFTP and public key authentication. I was using same profiles used with previous release of Cyberduck, same key and same servers, all saved on bookmarks. I've also tried to remove bookmarks and create them again without luck.

If I use login authentication via username/password, everything works.

Change History (16)

comment:1 Changed on Nov 26, 2014 at 8:44:13 AM by dkocher

  • Component changed from core to sftp
  • Milestone set to 4.6.1
  • Owner set to dkocher

comment:2 Changed on Nov 26, 2014 at 8:56:12 AM by lucaboss74

If I look at server's log I see lines like this:

Nov 26 09:48:36 web01 sshd[8476]: Received disconnect from 172.16.6.4: 11:  [preauth]
Nov 26 09:49:09 web01 sshd[8489]: Received disconnect from 172.16.6.4: 11:  [preauth]

Server is a Linux Ubuntu 12.04 LTS machine. Server SSL version is OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012

Last edited on Nov 26, 2014 at 12:13:48 PM by dkocher (previous) (diff)

comment:3 follow-up: Changed on Nov 26, 2014 at 12:44:24 PM by dkocher

What is the login failure message displayed?

Last edited on Nov 26, 2014 at 1:10:57 PM by dkocher (previous) (diff)

comment:4 Changed on Nov 26, 2014 at 12:45:01 PM by dkocher

  • Summary changed from SFTP public key authentication broken to Login failure with public key authentication

comment:5 in reply to: ↑ 3 Changed on Nov 26, 2014 at 1:36:58 PM by lucaboss74

Replying to dkocher:

What is the login failure message displayed?

Nothing. It just connect and suddenly disconnect without showing file list.

comment:6 follow-up: Changed on Nov 26, 2014 at 9:00:35 PM by dkocher

Can you find any related output in the system.log (/Applications/Utilities/Console.app)?

comment:7 in reply to: ↑ 6 ; follow-up: Changed on Nov 27, 2014 at 6:31:00 PM by lucaboss74

Replying to dkocher:

Can you find any related output in the system.log (/Applications/Utilities/Console.app)?

No, there's no output there (neither by enabling debug logging). But I've started Cyberduck directly from command line in terminal and captured all output into logfile. I can send you the file via PM (it contains private keys exposed so I can't attach it).

comment:8 in reply to: ↑ 7 Changed on Nov 27, 2014 at 8:02:41 PM by dkocher

Replying to lucaboss74:

Replying to dkocher:

Can you find any related output in the system.log (/Applications/Utilities/Console.app)?

No, there's no output there (neither by enabling debug logging). But I've started Cyberduck directly from command line in terminal and captured all output into logfile. I can send you the file via PM (it contains private keys exposed so I can't attach it).

Please remove the keys logged and attach the remaining output or send the file to [feedback@…].

comment:9 follow-up: Changed on Nov 28, 2014 at 7:39:30 PM by dkocher

2014-11-27 19:26:28,099 [background-1] DEBUG ch.cyberduck.core.sftp.SFTPPublicKeyAuthentication - Login using public key authentication with credentials Credentials{user='root'}
2014-11-27 19:26:28,109 [background-1] DEBUG net.schmizz.concurrent.Promise - Setting <<service accept>> to `null`
2014-11-27 19:26:28,109 [background-1] DEBUG net.schmizz.sshj.transport.TransportImpl - Sending SSH_MSG_SERVICE_REQUEST for ssh-userauth
2014-11-27 19:26:28,109 [background-1] DEBUG net.schmizz.concurrent.Promise - Awaiting <<service accept>>
2014-11-27 19:26:28,111 [reader] DEBUG net.schmizz.concurrent.Promise - Setting <<service accept>> to `SOME`
2014-11-27 19:26:28,111 [background-1] DEBUG net.schmizz.sshj.transport.TransportImpl - Setting active service to ssh-userauth
2014-11-27 19:26:28,112 [background-1] DEBUG net.schmizz.concurrent.Promise - Setting <<authenticated>> to `null`
2014-11-27 19:26:28,112 [background-1] DEBUG net.schmizz.sshj.userauth.UserAuthImpl - Trying `publickey` auth...
2014-11-27 19:26:28,112 [background-1] DEBUG net.schmizz.sshj.userauth.method.AuthPublickey - Attempting authentication using PKCS8KeyFile{resource=[PrivateKeyReaderResource] java.io.InputStreamReader@305aee69}

comment:10 in reply to: ↑ 9 ; follow-up: Changed on Dec 2, 2014 at 7:40:12 AM by lucaboss74

Replying to dkocher:

2014-11-27 19:26:28,099 [background-1] DEBUG ch.cyberduck.core.sftp.SFTPPublicKeyAuthentication - Login using public key authentication with credentials Credentials{user='root'}
2014-11-27 19:26:28,109 [background-1] DEBUG net.schmizz.concurrent.Promise - Setting <<service accept>> to `null`
2014-11-27 19:26:28,109 [background-1] DEBUG net.schmizz.sshj.transport.TransportImpl - Sending SSH_MSG_SERVICE_REQUEST for ssh-userauth
2014-11-27 19:26:28,109 [background-1] DEBUG net.schmizz.concurrent.Promise - Awaiting <<service accept>>
2014-11-27 19:26:28,111 [reader] DEBUG net.schmizz.concurrent.Promise - Setting <<service accept>> to `SOME`
2014-11-27 19:26:28,111 [background-1] DEBUG net.schmizz.sshj.transport.TransportImpl - Setting active service to ssh-userauth
2014-11-27 19:26:28,112 [background-1] DEBUG net.schmizz.concurrent.Promise - Setting <<authenticated>> to `null`
2014-11-27 19:26:28,112 [background-1] DEBUG net.schmizz.sshj.userauth.UserAuthImpl - Trying `publickey` auth...
2014-11-27 19:26:28,112 [background-1] DEBUG net.schmizz.sshj.userauth.method.AuthPublickey - Attempting authentication using PKCS8KeyFile{resource=[PrivateKeyReaderResource] java.io.InputStreamReader@305aee69}

Hi, am I doing something wrong in account configuration ? I've seen you quoted part of log file, but with no comment attached.

Thank you,

Luca

comment:11 in reply to: ↑ 10 Changed on Dec 2, 2014 at 4:05:39 PM by dkocher

Replying to lucaboss74:

Hi, am I doing something wrong in account configuration ? I've seen you quoted part of log file, but with no comment attached.

Thank you,

Luca

I have no educated guess what is going wrong here. Would it be possible to have a test account on the server with a key configured that shows the same login failure issue?

comment:12 Changed on Dec 3, 2014 at 1:26:04 PM by dkocher

#8391 closed as duplicate.

comment:13 Changed on Dec 3, 2014 at 3:04:36 PM by dkocher

#8380 closed as duplicate.

comment:14 Changed on Jan 13, 2015 at 1:53:39 PM by dkocher

Tracking upstream issue 153.

comment:15 Changed on Jan 13, 2015 at 2:13:50 PM by dkocher

Would it be possible for you to create a new key pair that does not work and attach it here.

comment:16 Changed on Jan 13, 2015 at 8:02:33 PM by dkocher

  • Resolution set to worksforme
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.
swiss made software