SSH 4.5 bug ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SSH 4.5 bug ?

Jean Parpaillon-2
Hi all,
Sorry if this question has already been raised but I couldn't get any information...

I've written an ssh-based application with OTP. I'm using rsa keys for authentication.
ssh version:

$ ssh -V
OpenSSH_7.5p1 Debian-5, OpenSSL 1.0.2l  25 May 2017

With elixir 1.4.5 / erlang 18.3, the application works fine. With elixir 1.4.5 / erlang 20.0 (Debian package from Erlang Solutions), authentication fails with 'Permission denied (publickey)'.

The failing call trace:
ssh_auth:handle_userauth_request/1
ssh_transport:verify/4
public_key:verify/4
crypto:verify/5 -> returns false

I've seen potential incompatibilites in http://erlang.org/doc/apps/ssh/notes.html
I suppose using recent ssh client, negotation should avoid incompatibilites...

Any idea ? Known bug ?

Thank you for your help !


Here is the trace from SSH connection:

$ ssh -p 10022 -v localhost
OpenSSH_7.5p1 Debian-5, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /home/jean/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [::1] port 10022.
debug1: connect to address ::1 port 10022: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 10022.
debug1: Connection established.
debug1: identity file /home/jean/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5p1 Debian-5
debug1: Remote protocol version 2.0, remote software version Mingus Orchestrator
debug1: no match: Mingus Orchestrator
debug1: Authenticating to localhost:10022 as 'jean'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/Yf6jxsGavhDvq5XRwjdG6sgLT3o2Xs06d63lhXWRjg
debug1: Host '[localhost]:10022' is known and matches the ECDSA host key.
debug1: Found key in /home/jean/.ssh/known_hosts:895
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jean/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 277
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: [hidden email]
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/jean/.ssh/id_dsa
debug1: Trying private key: /home/jean/.ssh/id_ecdsa
debug1: Trying private key: /home/jean/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).



-- 
Jean Parpaillon
--
Senior Developper @ KBRW Adventure
Chairman @ OW2 Consortium
--
Phone: +33 6 30 10 92 86
skype: jean.parpaillon

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SSH 4.5 bug ?

Hans Nilsson R (AL/EAB)
Can you try
  $ ssh -p 10022 -vvv localhost
to get more details?

-Hans

On 07/25/2017 12:41 PM, Jean Parpaillon wrote:
> $ ssh -p 10022 -v localhost
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Loading...