intero
Reputation: 51
SSH connection key authentication errors
I'm new to C and want to write a program that connects to my vps (ubuntu, apache) and then transfers a folder to it. I have the following problems when trying to authenticate the public keys:
[2024/05/12 18:45:12.534159, 2] ssh_config_parse_line: Unapplicable option: SendEnv, line: 51
[2024/05/12 18:45:12.534333, 1] ssh_config_parse_line: Unsupported option: HashKnownHosts, line: 52
[2024/05/12 18:45:12.534503, 2] ssh_connect: libssh 0.9.6 (c) 2003-2021 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread
[2024/05/12 18:45:12.534670, 2] ssh_socket_connect: Nonblocking connection socket: 3
[2024/05/12 18:45:12.534717, 2] ssh_connect: Socket connecting, now waiting for the callbacks to work
[2024/05/12 18:45:12.558900, 1] socket_callback_connected: Socket connection callback: 1 (0)
[2024/05/12 18:45:12.590355, 2] ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
[2024/05/12 18:45:12.590388, 2] ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
[2024/05/12 18:45:12.590402, 2] ssh_analyze_banner: We are talking to an OpenSSH client version: 8.9 (80900)
[2024/05/12 18:45:12.592963, 1] ssh_key_cmp: key types don't match!
[2024/05/12 18:45:12.593048, 1] ssh_key_cmp: key types don't match!
[2024/05/12 18:45:12.593059, 1] ssh_key_cmp: key types don't match!
[2024/05/12 18:45:12.593079, 1] ssh_known_hosts_read_entries: Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
[2024/05/12 18:45:12.613836, 2] ssh_kex_select_methods: Negotiated curve25519-sha256,ssh-ed25519,[email protected],[email protected],aead-gcm,aead-gcm,none,none,,
[2024/05/12 18:45:12.688394, 2] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[2024/05/12 18:45:12.688466, 2] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[2024/05/12 18:45:12.688524, 2] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
[2024/05/12 18:45:12.689244, 2] ssh_packet_newkeys: Signature verified and valid
Connected to server
[2024/05/12 18:45:12.689486, 1] ssh_key_cmp: key types don't match!
[2024/05/12 18:45:12.689664, 1] ssh_key_cmp: key types don't match!
[2024/05/12 18:45:12.689698, 1] ssh_key_cmp: key types don't match!
[2024/05/12 18:45:12.690957, 1] ssh_agent_get_ident_count: Answer type: 12, expected answer: 12
[2024/05/12 18:45:12.808627, 1] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,password
[2024/05/12 18:45:12.808699, 2] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,password
[2024/05/12 18:45:12.808772, 1] ssh_pki_import_pubkey_file: Error opening /home/intero/.ssh/id_ed25519.pub: No such file or directory
[2024/05/12 18:45:12.808817, 1] ssh_pki_import_privkey_file: Error opening /home/intero/.ssh/id_ed25519: No such file or directory
[2024/05/12 18:45:12.808863, 1] ssh_pki_import_pubkey_file: Error opening /home/intero/.ssh/id_ecdsa.pub: No such file or directory
[2024/05/12 18:45:12.808903, 1] ssh_pki_import_privkey_file: Error opening /home/intero/.ssh/id_ecdsa: No such file or directory
[2024/05/12 18:45:12.842444, 1] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,password
[2024/05/12 18:45:12.842516, 2] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,password
[2024/05/12 18:45:12.842589, 1] ssh_pki_import_pubkey_file: Error opening /home/intero/.ssh/id_dsa.pub: No such file or directory
[2024/05/12 18:45:12.842634, 1] ssh_pki_import_privkey_file: Error opening /home/intero/.ssh/id_dsa: No such file or directory
[2024/05/12 18:45:12.842668, 2] ssh_userauth_publickey_auto: Tried every public key, none matched
authenticated
with this code:
#include <libssh/libssh.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define ENV_PATH "../source/"
typedef struct {
char host[50];
char username[50];
int port;
int verbosity;
} ConnectionInfo;
void read_env(ConnectionInfo *credentials) {
char env_full_path[50];
int env_print =
snprintf(env_full_path, sizeof(env_full_path), "%s.env", ENV_PATH);
if (env_print < 0) {
printf("Error printing environment path to environment buffer.\n");
exit(1);
};
FILE *file = fopen(env_full_path, "r");
if (file == NULL) {
printf("Error opening env file.\n");
exit(1);
}
char line[50];
while (fgets(line, sizeof(line), file)) {
char *token = strtok(line, "=");
if (strcmp(token, "HOST") == 0) { // Fixed comparison
token = strtok(NULL, "=");
strcpy(credentials->host, token);
credentials->host[strcspn(credentials->host, "\n")] = '\0';
} else if (strcmp(token, "USERNAME") == 0) {
token = strtok(NULL, "=");
strcpy(credentials->username, token);
credentials->username[strcspn(credentials->username, "\n")] = '\0';
}
}
fclose(file);
credentials->verbosity = SSH_LOG_PROTOCOL;
credentials->port = 22;
}
// build folder, vps folder name, reminder that the build folder on vps will be
// replaced if it exists
void prompt_for_info(char *path_variable, char *vps_folder_name) {
puts("Please remember that the target folder on the vps will be deleted if "
"it already exists. If this is not desired, please cancel.");
puts("Enter build path:");
scanf("%s", path_variable);
puts("Enter vps folder name:");
scanf("%s", vps_folder_name);
}
void set_ssh_options(ssh_session session, ConnectionInfo *credentials) {
ssh_options_set(session, SSH_OPTIONS_HOST, &credentials->host);
ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &credentials->verbosity);
ssh_options_set(session, SSH_OPTIONS_HOST, &credentials->port);
}
int verify_knownhost(ssh_session session) {
enum ssh_known_hosts_e state;
state = ssh_session_is_known_server(session);
switch (state) {
case SSH_KNOWN_HOSTS_OK:
/* OK */
break;
case SSH_KNOWN_HOSTS_CHANGED:
fprintf(stderr, "Host key for server changed: it is now:\n");
fprintf(stderr, "For security reasons, connection will be stopped\n");
return -1;
case SSH_KNOWN_HOSTS_OTHER:
fprintf(stderr, "The host key for this server was not found but an other"
"type of key exists.\n");
fprintf(stderr,
"An attacker might change the default server key to"
"confuse your client into thinking the key does not exist\n");
return -1;
case SSH_KNOWN_HOSTS_NOT_FOUND:
fprintf(stderr, "Could not find known host file.\n");
fprintf(stderr, "If you accept the host key here, the file will be"
"automatically created.\n");
/* FALL THROUGH*/
case SSH_KNOWN_HOSTS_UNKNOWN:
fprintf(stderr, "The server is unknown. Do you trust the host key?\n");
return -1;
case SSH_KNOWN_HOSTS_ERROR:
fprintf(stderr, "Error %s", ssh_get_error(session));
return -1;
}
return 0;
}
int authenticate_pubkey(ssh_session session, char *passphrase, char *username) {
int rc;
rc = ssh_userauth_publickey_auto(session, username, passphrase);
if (rc == SSH_AUTH_ERROR) {
fprintf(stderr, "Authentication failed: %s\n", ssh_get_error(session));
return SSH_AUTH_ERROR;
}
return rc;
}
int main(int argc, char *argv[]) {
ConnectionInfo server_login;
int rc;
enum ssh_known_hosts_e state;
read_env(&server_login);
char build_path[250], vps_folder_name[250], passphrase[50];
prompt_for_info(build_path, vps_folder_name);
ssh_session ssh_conn = ssh_new();
if (ssh_conn == NULL) {
printf("Error creating SSH session.\n");
exit(-1);
}
set_ssh_options(ssh_conn, &server_login);
rc = ssh_connect(ssh_conn);
if (rc != SSH_OK) {
fprintf(stderr, "Error connecting to localhost: %s\n",
ssh_get_error(ssh_conn));
exit(-1);
};
printf("Connected to server\n");
if (verify_knownhost(ssh_conn) < 0) {
printf("Problem with verifying known host");
ssh_disconnect(ssh_conn);
ssh_free(ssh_conn);
exit(-1);
}
sprintf(passphrase, "passphraseHardcodedForNow");
rc = authenticate_pubkey(ssh_conn, server_login.username, passphrase);
if (rc == SSH_AUTH_ERROR) {
ssh_disconnect(ssh_conn);
ssh_free(ssh_conn);
printf("Couldnt authenticate through pubkey");
exit(-1);
}
printf("authenticated\n");
ssh_disconnect(ssh_conn);
ssh_free(ssh_conn);
return 0;
}
In the .ssh folder on my vps I have the following files:
. moduli
ssh_config.d
ssh_host_ecdsa_key.pub
ssh_host_ed25519_key.pub
ssh_host_rsa_key.pub
sshd_config
ssh_config
ssh_host_ecdsa_key
ssh_host_ed25519_key
ssh_host_rsa_key
ssh_import_id
sshd_config.d
with the ssh_config having this content:
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
on my local computer I have the following files:
id_rsa id_rsa.pub known_hosts known_hosts.old
So I guess the error message that certain files don't exist is accurate.
I created the keys using:
and copied them to the server using:
In the authorized_keys file on my vps there is one key associated with my personal computer so that seems to be right.
The key has a passphrase associated with it.
I have not tried anything yet since I didn't find anything on this on the internet.
Upvotes: 0
Views: 155
Answers (0)
Related Questions
- How do I remove the passphrase for the SSH key without having to create a new key?
- Could not open a connection to your authentication agent
- How to specify the private SSH-key to use when executing shell command on Git?
- How to use SSH to run a local shell script on a remote machine?
- ssh "permissions are too open"
- SSH Key - Still asking for password and passphrase
- Git push results in "Authentication Failed"
- How do I access my SSH public key?