I would like to establish connection following the procedure listed in libssh documentation:
https://api.libssh.org/stable/libssh_tutor_authentication.html
Chapter: "Authenticating with public keys"
Steps:
if you wish to authenticate with public key by your own, follow these steps:
-Retrieve the public key with ssh_pki_import_pubkey_file()
-Offer the public key to the SSH server using ssh_userauth_try_publickey(). If the return value is SSH_AUTH_SUCCESS, the SSH server accepts to authenticate using the public key and you can go to the next step.
function ssh_pki_import_pubkey_file() returns success
function ssh_userauth_try_publickey() returns SSH_AUTH_AGAIN
function ssh_pki_export_pubkey_blob() returns success
Causes ssh connection error:
ERROR: Starting the SSH session failed (No public key in packet).
Based on ssh_userauth_try_publickey() documentation:
https://api.libssh.org/stable/group__libssh__auth.html#ga592f673c4d417a6a46cd4876ac8287aa
SSH_AUTH_AGAIN exit code is described as:
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.
Repeating ssh_userauth_try_publickey() with or without delay between calls does not change anything.
I modified the code in curve25519.c, function static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init)
by replacing the following line:
rc = ssh_dh_get_next_server_publickey_blob(session, &server_pubkey_blob);
with
rc = ssh_pki_import_pubkey_file( pubkey, &public_key);
rc = ssh_userauth_try_publickey(session, NULL, public_key);
rc = ssh_pki_export_pubkey_blob (public_key, &server_pubkey_blob);
in order to use public key specified by myself.
Variable pubkey points to test.pub - rsa 2048 public key generated with:
ssh-keygen -t rsa -b 2048 -f test
I use libssh version 0.9.5
tag: https://github.com/CanonicalLtd/libssh/releases/tag/libssh-0.9.5
hash: 0cceefd
Could you please verify if ssh_userauth_try_publickey() function works. If not, could you please fix it?
Or maybe there is yet another way of authenticating I could use? If so, Could you please suggest how to do it?
I've added several traces to the library to debug the issue but haven't found the solution yet. That's why I am asking you for help guys.
Traces below:
pki.c ssh_pki_export_pubkey_blob: inside function
pki.c ssh_pki_export_pubkey_blob: key: 0xffff8c009480
pki.c ssh_pki_export_pubkey_blob: pblob: 0xffff9f690440
pki_crypto.c pki_publickey_to_blob
pki_crypto.c pki_publickey_to_blob: ssh_key: 0xffff8c009480
pki_crypto.c pki_publickey_to_blob: buffer: 0xffff8c003f00
pki_crypto.c pki_publickey_to_blob: key->cert: (nil)
pki_crypto.c pki_publickey_to_blob: key->type_c: ssh-rsa
pki_crypto.c pki_publickey_to_blob: ssh_buffer_add_ssh_string: 0
pki_crypto.c pki_publickey_to_blob: switch (key->type)
pki_crypto.c pki_publickey_to_blob: SSH_KEYTYPE_RSA
pki_crypto.c pki_publickey_to_blob: inside makestring
pki_crypto.c pki_publickey_to_blob: ssh_string_fill rc: 0
pki.c ssh_pki_export_pubkey_blob: assign pblob = blob
pki.c ssh_pki_export_pubkey_blob: return SSH_OK
pki.c ssh_pki_export_pubkey_blob: inside function
pki.c ssh_pki_export_pubkey_blob: key: 0xffff8c009480
pki.c ssh_pki_export_pubkey_blob: pblob: 0xffff9f690420
pki_crypto.c pki_publickey_to_blob
pki_crypto.c pki_publickey_to_blob: ssh_key: 0xffff8c009480
pki_crypto.c pki_publickey_to_blob: buffer: 0xffff8c00a6d0
pki_crypto.c pki_publickey_to_blob: key->cert: (nil)
pki_crypto.c pki_publickey_to_blob: key->type_c: ssh-rsa
pki_crypto.c pki_publickey_to_blob: ssh_buffer_add_ssh_string: 0
pki_crypto.c pki_publickey_to_blob: switch (key->type)
pki_crypto.c pki_publickey_to_blob: SSH_KEYTYPE_RSA
pki_crypto.c pki_publickey_to_blob: inside makestring
pki_crypto.c pki_publickey_to_blob: ssh_string_fill rc: 0
pki.c ssh_pki_export_pubkey_blob: assign pblob = blob
pki.c ssh_pki_export_pubkey_blob: return SSH_OK
pki.c ssh_pki_import_pubkey_file: filename: /etc/keys/test.pub
pki.c ssh_pki_import_pubkey_file: pkey:
pki.c ssh_pki_import_pubkey_file: file size: 381
pki.c ssh_pki_import_pubkey_file: cmp: 140
pki.c ssh_pki_import_pubkey_file: type: 2
pki.c ssh_pki_import_pubkey_base64: b64_key: BASE64 encoded content read from test.pub file here
pki.c ssh_pki_import_pubkey_base64: type: 2
pki.c ssh_pki_import_pubkey_base64: pkey:
pki.c ssh_pki_import_pubkey_base64: pkey: sizeof 8
pki.c ssh_pki_import_pubkey_base64 buffer:
pki.c ssh_pki_import_pubkey_base64 type_s:
pki.c ssh_pki_import_pubkey_base64 pki_import_pubkey_buffer: 0
pki.c ssh_pki_import_pubkey_file: ssh_pki_import_pubkey_base64 rc: 0
curve25519.c ssh_pki_import_pubkey_file rc: 0
curve25519.c public_key
curve25519.c type: 2
curve25519.c flags: 1
curve25519.c type_c: ssh-rsa
curve25519.c ecdsa_nid: 0
curve25519.c ed25519_pubkey: (nil)
curve25519.c ed25519_pubkey: (null)
curve25519.c ed25519_pubkey is NULL
curve25519.c ed25519_pubkey sizeof: 8
curve25519.c ed25519_privkey: (nil)
curve25519.c ed25519_privkey: (null)
curve25519.c ed25519_privkey is NULL
curve25519.c ed25519_privkey sizeof: 8
curve25519.c cert: (nil)
curve25519.c cert: (null)
curve25519.c cert sizeof: 8
curve25519.c cert is NULL
curve25519.c cert_type: 0
curve25519.c ssh_userauth_try_publickey call
auth.c ssh_userauth_try_publickey function call
auth.c ssh_userauth_try_publickey sig_type_c: rsa-sha2-512
auth.c ssh_userauth_try_publickey ssh_userauth_request_service function call
client.c ssh_service_request function body
client.c session->auth.service_state 0
client.c ssh_service_request ssh_buffer_pack: rc: 0
client.c Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
client.c ssh_handle_packets_termination: rc: -2
client.c ssh_service_request SSH_AUTH_SERVICE_SENT
client.c ssh_service_request end of function: rc: -2
auth.c ssh_userauth_try_publickey ssh_userauth_request_service function rc: -2
auth.c ssh_userauth_try_publickey SSH_AUTH_AGAIN
curve25519.c ssh_userauth_try_publickey rc: 4
pki.c ssh_pki_export_pubkey_blob: inside function
pki.c ssh_pki_export_pubkey_blob: key: 0xffff8c009590
pki.c ssh_pki_export_pubkey_blob: pblob: 0xffff9f690498
pki_crypto.c pki_publickey_to_blob
pki_crypto.c pki_publickey_to_blob: ssh_key: 0xffff8c009590
pki_crypto.c pki_publickey_to_blob: buffer: 0xffff8c004390
pki_crypto.c pki_publickey_to_blob: key->cert: (nil)
pki_crypto.c pki_publickey_to_blob: key->type_c: ssh-rsa
pki_crypto.c pki_publickey_to_blob: ssh_buffer_add_ssh_string: 0
pki_crypto.c pki_publickey_to_blob: switch (key->type)
pki_crypto.c pki_publickey_to_blob: SSH_KEYTYPE_RSA
pki_crypto.c pki_publickey_to_blob: inside makestring
pki_crypto.c pki_publickey_to_blob: ssh_string_fill rc: 0
pki.c ssh_pki_export_pubkey_blob: assign pblob = blob
pki.c ssh_pki_export_pubkey_blob: return SSH_OK
curve25519.c ssh_pki_export_pubkey_blob rc: 0
curve25519.c ssh_buffer_add_ssh_string rc: 0
curve25519.c ssh_buffer_add_ssh_string rc: 0
curve25519.c ssh_buffer_add_ssh_string rc: 0
curve25519.c ssh_packet_send rc: 0
curve25519.c ssh_buffer_add_u8 rc: 0
curve25519.c ssh_packet_send rc: 0
curve25519.c SSH_LOG_PROTOCOL rc: 0