Hi, can I get some help with ECDSA key login.
My ssh client is built with libssh2. After upgrading to version 1.11.1, ECDSA key login stopped working.
I can reproduce the issue with same key pair, same remote ssh host, the only difference is in libssh2 version:
- ssh client with libssh2 version 1.10.0 + RSA key/ED25519 key/ECDSA key/DSA key: Worked
- ssh client with libssh2 version 1.11.0 + RSA key/ED25519 key/ECDSA key/DSA key: Worked
- ssh client with libssh2 version 1.11.1 + RSA key/ED25519 key/DSA key: Worked
- ssh client with libssh2 version 1.11.1 + ECDSA key: Not Worked
So only with version 1.11.1, ECDSA key login does not work. Older versions work fine. Other key types work fine.
Remote ssh host side debug log:
Jan 24 21:24:01 rhel74 sshd[510]: debug1: PAM: initializing for "username"
Jan 24 21:24:01 rhel74 sshd[510]: debug1: PAM: setting PAM_RHOST to "someipaddress"
Jan 24 21:24:01 rhel74 sshd[510]: debug1: PAM: setting PAM_TTY to "ssh"
Jan 24 21:24:01 rhel74 sshd[510]: debug1: userauth-request for user azureuser service ssh-connection method publickey [preauth]
Jan 24 21:24:01 rhel74 sshd[510]: debug1: attempt 1 failures 0 [preauth]
Jan 24 21:24:01 rhel74 sshd[510]: error: key_from_blob: invalid format [preauth]
Jan 24 21:24:01 rhel74 sshd[510]: error: userauth_pubkey: cannot decode key: ecdsa-sha2-nistp256 [preauth]
Jan 24 21:24:01 rhel74 sshd[510]: Connection closed by someipaddress port 7150 [preauth]
local ssh client side debug log:
guacd[17909]: DEBUG: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 [libssh2] 0.778970 Userauth: Permitted auth methods: publickey,gssapi-keyex,gssapi-with-mic,password
guacd[17909]: DEBUG: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 Supported authentication methods: publickey,gssapi-keyex,gssapi-with-mic,password
guacd[17909]: DEBUG: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 [libssh2] 0.779144 Userauth: Computing public key from private key.
guacd[17909]: DEBUG: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 [libssh2] 0.780742 Userauth: Computing public key from EC private key envelope
guacd[17909]: DEBUG: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 [libssh2] 0.780924 Key Ex: Signing using ecdsa-sha2-nistp256
guacd[17909]: DEBUG: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 [libssh2] 0.780978 Userauth: Attempting publickey authentication
guacd[17909]: DEBUG: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 [libssh2] 0.781156 Failure Event: -37 - Would block
guacd[17909]: DEBUG: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 [libssh2] 0.788343 Failure Event: -18 - Username/PublicKey combination invalid
guacd[17909]: ERROR: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 Public key authentication failed: Username/PublicKey combination invalid
guacd[17909]: INFO: $f06e4b29-20e7-48bf-b252-17fe2f9bd1e0 User "@234f4721-5f50-4a56-b9bd-f3c2295ff186" disconnected (0 users remain)
Hi, can I get some help with ECDSA key login.
My ssh client is built with libssh2. After upgrading to version 1.11.1, ECDSA key login stopped working.
I can reproduce the issue with same key pair, same remote ssh host, the only difference is in libssh2 version:
So only with version 1.11.1, ECDSA key login does not work. Older versions work fine. Other key types work fine.
Remote ssh host side debug log:
local ssh client side debug log: