Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug Authentication SSH-KEY #17

Open
marcianobandeira opened this issue Nov 13, 2024 · 7 comments
Open

Bug Authentication SSH-KEY #17

marcianobandeira opened this issue Nov 13, 2024 · 7 comments

Comments

@marcianobandeira
Copy link

Hello, congratulations on your project, it's great!

I'm having a problem when using the ssh tunnel to authenticate using an ssh key. When I'm debugging the application, something strange happens, but it works. Please watch the video below:
https://www.youtube.com/watch?v=ail18nxIyNY

However, when I'm outside of Delphi, running the application directly, I get an access violation in ntdll.dll.

Below is an image of the code at the exact point where I capture the exception and also an image with the message displayed on my system.
Codigo Delphi
Erro SSH Key Sem Delphi

Is there any way to use the contents of the ssh-key so that I don't have to save the temporary file on disk?

@pyscripter
Copy link
Owner

I have noticed in https://libssh2.org/libssh2_userauth_publickey_fromfile_ex.html that:
publickey - Path name of the public key file. (e.g. /etc/ssh/hostkey.pub). If libssh2 is built against OpenSSL, this option can be set to NULL.

publickey can only be nil if libssh2 is built against OpenSSL. If you are using the binaries in this repo they are built against Microsoft's WinCNG.
So I have modified TSshSession.UserAuthKey to accept a PublicKeyFile parameter as well.

Could you please test with a public key file as well and report whether this fixes the error?

@pyscripter pyscripter reopened this Nov 15, 2024
@pyscripter
Copy link
Owner

@marcianobandeira Could you please provide some feedback on the fix?

@marcianobandeira
Copy link
Author

Hello @pyscripter , I have a private key and I generated the public key with the following command:
openssl rsa -in private-key.pem -pubout > public-key.pub

After that, with the project source code updated with github, I passed the parameters as follows:

FSession.UserAuthKey(cUser, 'd:\public-key.pub', 'd:\private-key.pem', cPassSshKey);

However, it no longer worked, not even when debugging through Delphi as it did before.

@pyscripter
Copy link
Owner

pyscripter commented Nov 16, 2024

As you see below UserAthKey is a thin wrapper to the API function:

function TSshSession.UserAuthKey(const UserName, PublicKeyFile, PrivateKeyFile,
  PassPhrase: string): Boolean;
Var
  M: TMarshaller;
begin
  if FState = session_Authorized then Exit(True);
  if FState <> session_Connected then Exit(False);

  if amKey in AuthMethods(UserName) then
    Result := libssh2_userauth_publickey_fromfile(FAddr,
      M.AsAnsi(UserName, FCodePage).ToPointer,
      M.AsAnsi(PrivateKeyFile, FCodePage).ToPointer,
      M.AsAnsi(PrivateKeyFile, FCodePage).ToPointer,
      M.AsAnsi(PassPhrase, FCodePage).ToPointer) = 0
  else
    Result := False;

  if Result then
  begin
    FState := session_Authorized;
    FUserName := UserName;
  end;
end;

This is how it is used in the libssh2 examples:

static const char *pubkey = "/home/username/.ssh/id_rsa.pub";
static const char *privkey = "/home/username/.ssh/id_rsa";

while((rc = libssh2_userauth_publickey_fromfile(session, username,
                                                        pubkey, privkey,
                                                        password)) ==
              LIBSSH2_ERROR_EAGAIN);
        if(rc) {
            fprintf(stderr, "Authentication by public key failed.\n");
            goto shutdown;
        }
    }

I have modified the code to check for LIBSSH2_ERROR_EAGAIN (would only happen is the session was non-blocking). Can you try again?

What is the return value you are getting? You can use CheckLibSsh2Result to get the error message.

Normally you generate keys using ssh-keygen. It is possible that your key is not accepted by the server.
Does ssh -i '/path/to/keyfile' username@server work?

Note: You can still use an empty string as PublicKeyFile, and that would behave the same as it was before PublicKeyFile was introduced.

@marcianobandeira
Copy link
Author

Hello @pyscripter

I noticed that the "UserAuthKey" function does not use the PublicKeyFile parameter, see the print below:
Function UserAuthKey

However, even changing the function as shown in the image above, I receive a return of -16 and using the CheckLibSsh2Result method I receive the message as below (In the UserName parameter of the UserAuthKey function, I am using the same username that I use to access my server with the private key):

Error Public Key

Regarding my public key generated with ssh-keygen, comparing its content with my server's authorized_keys, it was really different. So I generated it using PuttyGen, this time the content of the public key is identical to my server's authorized_keys.

I can access the server using ssh -i privatekey... I can't using ssh -i publickey.

I also can't get the same behavior as before by passing an empty string in the PublicKeyFile parameter of the UserAuthKey function, even after the adjustment as per the first print.

@pyscripter
Copy link
Owner

pyscripter commented Nov 17, 2024

I fixed the error in UserAuthKey.

However when I tried, I could not get it to work either. Not sure what the issue is.
I use ssh agent authentication with the same keys and that works fine.

I am not sure whether this is a libssh2 issue or the way this repo uses its functions. When I searched, I found many issues related to libssh2_userauth_publickey_fromfile, but they appear to have been fixed.

I leave the issue open hoping that someone finds a solution.

@marcianobandeira
Copy link
Author

Hello @pyscripter,

Thank you very much for your time.
I will try to find a solution here, and if I find a solution I will post it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants