[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ssh_pki_import_privkey_file always returns -1

Thank you for your answer Andreas,

I did implemented a callback for log message and set the log level to 4.
I discovered that my application was trying to read id_rsa.pub and id_rsa file instead of the specific file names I was specifying ... I don't know why yet ... 
I did rename my files to match these ones and noticed that the private key was not recognized.

I finally used open-ssh to generate the key instead of puttygen and it worked like a charm!

Thanks for your help
Eric


-----Original Message-----
From: Andreas Schneider [mailto:asn@xxxxxxxxxxxxxx] 
Sent: Monday, April 17, 2017 2:12 PM
To: libssh@xxxxxxxxxx
Subject: Re: ssh_pki_import_privkey_file always returns -1

On Monday, 17 April 2017 18:30:46 CEST Eric Lemasson wrote:
> Hello
> 
> I hope this is the right place to ask this kind of question, 
> apologizes in advance if I should send my question somewhere else. I 
> am new to libssh and trying to use it properly in a windows 
> application that needs to do sftp. I have followed samples found 
> online (mostly in the tutorial section of libssh website) and came up with the following piece of code:
> 
>                 ssh_session my_ssh_session = ssh_new();
>                 if (my_ssh_session == NULL) {
>                                 exit(-1);
>                 }
>                 ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, 
> serverIP.GetBuffer()); ssh_options_set(my_ssh_session, 
> SSH_OPTIONS_LOG_VERBOSITY, &verbosity); 
> ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port); 
> ssh_options_set(my_ssh_session, SSH_OPTIONS_USER, User.GetBuffer());
> 
>                 rc = ssh_connect(my_ssh_session);
>                 if (rc != SSH_OK)
>                 {
>                                 ssh_free(my_ssh_session);
>                                 exit(-1);
>                 }
>                 if (verify_knownhost(my_ssh_session) < 0)
>                 {
>                                 ssh_disconnect(my_ssh_session);
>                                 ssh_free(my_ssh_session);
>                                 exit(-1);
>                 }
>                 rc = ssh_userauth_publickey_auto(my_ssh_session, NULL, 
> NULL); if (rc != SSH_AUTH_SUCCESS)
>                 {
>                                 ssh_key pubKey, privKey;
>                                 rc =
> ssh_pki_import_pubkey_file("C:\\Users\\XXXX\\.ssh\\key.pub", &pubKey); 
> if (rc == SSH_OK) {
>                                                 rc = 
> ssh_userauth_try_publickey(my_ssh_session, NULL, pubKey); if (rc ==
> SSH_AUTH_SUCCESS) { rc =
> ssh_pki_import_privkey_file("C:\\Users\\XXXX\\.ssh\\key", NULL, NULL, 
> NULL, &privKey); if (rc == SSH_OK) { rc = 
> ssh_userauth_publickey(my_ssh_session,
> NULL, privKey); ssh_key_free(privKey); }
>                                                 }
>                                                 ssh_key_free(pubKey);
>                                 }
>                                 if (!authenticated) {
>                                                 rc = 
> ssh_userauth_password(my_ssh_session, NULL, password.GetBuffer()); if 
> (rc != SSH_AUTH_SUCCESS) {
>                                                                
> ssh_disconnect(my_ssh_session); ssh_free(my_ssh_session); exit(-1); }
>                                 }
>                 }
> 
> The key pair have been generated with puttygen tool, and I understand 
> that putty uses a different format to store the private key, so I have 
> used the Conversion / Export OpenSSH key (force new file format) 
> option to have the private key in standard format. The public key has 
> been added to the authorized_key file on the remote server and the 
> manual connection using putty works fine, using a password, or using 
> the putty key agent (pageant) without having to enter a password.
> 
> In my code above, the call to the function ssh_pki_import_privkey_file 
> always return -1. I have tried different key type but I still get the 
> same thing. Also tried to remove the line (--- BEGIN OPENSSH PRIVATE 
> KEY ----) in the key file but no luck. I know that on linux / unix, 
> permission checking on key files are very strict in .ssh directory and 
> may be a reason for failing to authenticate.
> 
> The fact that I am getting SSH_ERROR and not SSH_EOF tells me that it 
> is able to find the file, so I am thinking it is a file format or a 
> file permission issue.
> 
> I don't know if the same permission checks are done on Windows and if 
> so, what the permission should be.
> 
> The password authentication in the code works fine so I am still able 
> to connect to the server but I would like to have the key method to work.
> 
> If you have any suggestion or tips, that would be greatly appreciated,

Turn on debug messages and it will give you some hints :)

http://api.libssh.org/master/
group__libssh__session.html#ga7a801b85800baa3f4e16f5b47db0a73d


	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx
References:
ssh_pki_import_privkey_file always returns -1Eric Lemasson <eric.lemasson@xxxxxxxxxxxxxx>
Re: ssh_pki_import_privkey_file always returns -1Andreas Schneider <asn@xxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org