I am having difficulties authenticating using pki. I have a private/public key
pair that allows me to authenticate with a server via
ssh -i <path_to_priv_key> <user>@<host>
The private key is password protected so I am prompted for the password but
beyond that I am able to connect without any user interaction. I'm trying to
replicate the same functionality using libssh using the following code
void connect_via_ssh(
const char* host,
int port,
const char* user,
const char* path_to_pub,
const char* path_to_priv,
const char* priv_pass
)
{
ssh_session ssh = ssh_new();
int verbosity = SSH_LOG_FUNCTIONS;
long timeout = 30;
ssh_options_set(ssh, SSH_OPTIONS_HOST, host);
ssh_options_set(ssh, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
ssh_options_set(ssh, SSH_OPTIONS_PORT, &port);
ssh_options_set(ssh, SSH_OPTIONS_USER, user);
ssh_options_set(ssh, SSH_OPTIONS_TIMEOUT, &timeout);
int rc = ssh_connect(ssh);
ssh_key key = NULL;
rc = ssh_pki_import_pubkey_file(path_to_pub, &key);
if (rc != SSH_OK)
{
printf("Error ssh_pki_import_pubkey_file\r\n");
return;
}
rc = ssh_userauth_try_publickey(ssh, NULL, key);
ssh_key_free(key);
if (rc != SSH_AUTH_SUCCESS)
{
printf("ssh_userauth_try_publickey : %s\r\n", ssh_get_error(ssh));
exit(0);
}
rc = ssh_pki_import_privkey_file(path_to_priv, priv_pass, NULL, NULL, &key);
if (rc != SSH_OK)
{
printf("Error ssh_pki_import_privkey_file\r\n");
return;
}
rc = ssh_userauth_publickey(ssh, NULL, key);
if (rc != SSH_AUTH_SUCCESS)
{
printf("ssh_userauth_publickey : %s\r\n", ssh_get_error(ssh));
return;
}
// create channel, etc...
}
Everything works fine until the call to ssh_userauth_publickey - that returns
SSH_AUTH_DENIED. I've verified the exact same keypair can be used with ssh so
I'm guessing I'm missing a step in my code. Here are the last lines of debug
output. Any suggestions would be appreciated.
John
[2021/05/04 14:05:27.896286, 2] ssh_pki_import_privkey_base64: Trying to
decode privkey passphrase=true
[2021/05/04 14:05:27.896286, 2] ssh_pki_openssh_import: Opening OpenSSH
private key: ciphername: aes256-cbc, kdf: bcrypt, nkeys: 1
[2021/05/04 14:05:27.897285, 3] pki_private_key_decrypt: Decryption: 32 key,
16 IV, 16 rounds, 16 bytes salt
[2021/05/04 14:05:27.997018, 3] ssh_key_algorithm_allowed: Checking ssh-ed25519 with
list
<ssh-ed25519-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[2021/05/04 14:05:27.997455, 3] ssh_socket_unbuffered_write: Enabling POLLOUT
for socket
[2021/05/04 14:05:27.997455, 3] packet_send2: packet: wrote [type=50, len=208,
padding_size=9, comp=198, payload=198]
[2021/05/04 14:05:27.997455, 4] ssh_socket_pollcallback: Poll callback on
socket 744 (POLLOUT ), out buffer 0
[2021/05/04 14:05:27.998455, 4] ssh_socket_pollcallback: sending control flow
event
[2021/05/04 14:05:27.998455, 4] ssh_packet_socket_controlflow_callback:
sending channel_write_wontblock callback
[2021/05/04 14:05:28.008735, 4] ssh_socket_pollcallback: Poll callback on
socket 744 (POLLIN ), out buffer 0
[2021/05/04 14:05:28.009231, 3] ssh_packet_socket_callback: packet: read type
51 [len=48,padding=11,comp=36,payload=36]
[2021/05/04 14:05:28.009231, 3] ssh_packet_process: Dispatching handler for
packet type 51
[2021/05/04 14:05:28.009231, 1] ssh_packet_userauth_failure: Access denied for
'publickey'. Authentication that can continue: publickey,keyboard-interactive
[2021/05/04 14:05:28.009231, 2] ssh_packet_userauth_failure: Access denied for
'publickey'. Authentication that can continue: publickey,keyboard-interactive
ssh_userauth_publickey : Access denied for 'publickey'. Authentication that can
continue: publickey,keyboard-interactive
