cURL / Mailing Lists / curl-library / Single Mail

curl-library

Problem authenticating with DSA key using SFTP and CURL

From: Alvaro Palma <Alvaro.Palma_at_synopsys.com>
Date: Tue, 29 Nov 2011 07:14:57 -0800

Hi guys.

I'm developing a small application to transfer files via SFTP.

In the local side, I've set both the DSA and RSA keys, and logging to the remote server using them works as a charm. Next is the detailed log for the DSA key.

[11:42 alvaro_at_LOCAL_SERVER ~]% ssh -v REMOTE_SERVER
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to REMOTE_SERVER [10.12.198.52] port 22.
debug1: Connection established.
debug1: identity file /remote/home/alvaro/.ssh/identity type -1
debug1: identity file /remote/home/alvaro/.ssh/id_rsa type -1
debug1: identity file /remote/home/alvaro/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'REMOTE_SERVER' is known and matches the RSA host key.
debug1: Found key in /remote/home/alvaro/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /remote/home/alvaro/.ssh/identity
debug1: Trying private key: /remote/home/alvaro/.ssh/id_rsa
debug1: Offering public key: /remote/home/alvaro/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).

But for some reason, it doesn't work for libCURL/libSSH2:

* About to connect() to REMOTE_SERVER port 22 (#0)
* Trying 10.12.198.52... * connected
* SSH authentication methods available: publickey,gssapi-with-mic,password
* Using ssh public key file /remote/home/alvaro/.ssh/id_dsa.pub
* Using ssh private key file /remote/home/alvaro/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0

I saw this problem documented before, but no solution was described at that time:

http://cygwin.com/ml/cygwin/2011-11/msg00013.html

Is this a known problem in libCURL? Or in libSSH2? I'm using latest versions from both sides.

As I said, please notice that in my case, I did try SSH using the DSA key (not only the RSA one) and it worked fine (to do so, I removed temporarily the RSA key from ~/.ssh).

But in the other hand, libCURL is not capable to use the RSA key. I made the test, remove temporarily the DSA key from ~/.ssh and the error changed:

* About to connect() to REMOTE_SERVER port 22 (#0)
* Trying 10.12.198.52... * connected
* SSH authentication methods available: publickey,gssapi-with-mic,password
* Using ssh public key file /remote/home/alvaro/.ssh/id_dsa.pub
* Using ssh private key file /remote/home/alvaro/.ssh/id_dsa
* SSH public key authentication failed: Unable to open public key file
* Authentication failure
* Closing connection #0

Any clues how to make it work with the DSA key at least?

Thanks a lot for your help.

------------
Att.
Alvaro Palma

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-11-29