pubkey auth fail

Bastien Durel bastien.durel at data.fr
Thu Nov 25 17:25:58 CET 2021


Hello,

I wrote a while ago about crypto engine detection, because
libssh2_userauth_publickey_frommemory() doc says "It's only supported
when libssh2 is backed by OpenSSL."

I wrote a fallback using libssh2_userauth_publickey_fromfile() ,which
has no such warning, but it fails too.

Here is a project replicating this project :
https://github.com/BastienDurel/test-libssh2

this file
https://github.com/BastienDurel/test-libssh2/blob/master/ssh.cpp holds
the auth_pukey_mem() & _auth_pukey_mem2file() fallback I use in my own
project, with ssh_more.cpp containing the plumbing.

I made a few docker containers to run compilation/test in Debian with a
custom-built libssh2 :
https://hub.docker.com/r/datafr/libssh2/tags

only the container with libssh2-1.10 linked with onpenssl succeeds :

-> 1.10 with libgcrypt

bastien at data-bastien:~$ docker run --rm -ti -v ~/project/test_libssh2:/mnt datafr/libssh2:1.10
root at 3e8615e2395d:/# ./test.sh 
-- The C compiler identification is GNU 10.3.0
[...]
[100%] Built target Tests
Running tests against ssh-test.cloud.data.fr
Running 1 test case...
Entering test module "agent"
/mnt/main.cpp(85): Entering test case "ssh"
[2021-11-25 15:22:43.471260] [0x00007ff239b83300] [debug]   Using provided key data for user test
[2021-11-25 15:22:43.483161] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 15:22:43.483315] [0x00007ff239b83300] [debug]   Writing key material into /tmp/ssh-tmp-key-dd58-cea0-4821-fe9f.AqAP2d & /tmp/ssh-tmp-key-dd58-cea0-4821-fe9f.nkXiYJ
[2021-11-25 15:22:43.493661] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(97): error: in "ssh": check rc == expected has failed [-19 != 0]
[2021-11-25 15:22:43.685141] [0x00007ff239b83300] [debug]   Using provided key data for user test
[2021-11-25 15:22:43.696604] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 15:22:43.696721] [0x00007ff239b83300] [debug]   Writing key material into /tmp/ssh-tmp-key-53ae-7964-4aa0-d6fa.9hPwCg & /tmp/ssh-tmp-key-53ae-7964-4aa0-d6fa.RxfLgN
[2021-11-25 15:22:43.706941] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(99): error: in "ssh": check rc == expected has failed [-19 != 0]
[2021-11-25 15:22:43.905904] [0x00007ff239b83300] [debug]   Using provided key data for user test
[2021-11-25 15:22:43.917264] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 15:22:43.917381] [0x00007ff239b83300] [debug]   Writing key material into /tmp/ssh-tmp-key-2776-46b7-cc42-3950.eBpgFk & /tmp/ssh-tmp-key-2776-46b7-cc42-3950.P79L3R
[2021-11-25 15:22:43.927695] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(101): error: in "ssh": check rc == expected has failed [-19 != 0]
[2021-11-25 15:22:44.125428] [0x00007ff239b83300] [debug]   Using provided key data for user test
[2021-11-25 15:22:44.136920] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 15:22:44.137104] [0x00007ff239b83300] [debug]   Writing key material into /tmp/ssh-tmp-key-4e81-95b1-199a-ca79.UHPlcq & /tmp/ssh-tmp-key-4e81-95b1-199a-ca79.ppzWkY
[2021-11-25 15:22:44.147346] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(103): error: in "ssh": check rc == expected has failed [-19 != 0]
[2021-11-25 15:22:44.339505] [0x00007ff239b83300] [debug]   Using provided key data for user test
[2021-11-25 15:22:44.351120] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 15:22:44.351258] [0x00007ff239b83300] [debug]   Writing key material into /tmp/ssh-tmp-key-c2d6-09f3-37f9-9cd5.aCArcx & /tmp/ssh-tmp-key-c2d6-09f3-37f9-9cd5.zWgX35
[2021-11-25 15:22:44.361270] [0x00007ff239b83300] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(85): Leaving test case "ssh"; testing time: 1022372us
Leaving test module "agent"; testing time: 1022400us

*** 4 failures are detected in the test module "agent"

-> 1.10 with openssl

bastien at data-bastien:~$ docker run --rm -ti -v ~/project/test_libssh2:/mnt datafr/libssh2:1.10-openssl
root at 232ecd103209:/# ./test.sh 
-- The C compiler identification is GNU 10.3.0
[...]
[100%] Built target Tests
Running tests against ssh-test.cloud.data.fr
Running 1 test case...
Entering test module "agent"
/mnt/main.cpp(85): Entering test case "ssh"
[2021-11-25 15:18:34.989547] [0x00007f68d5063740] [debug]   Using provided key data for user test
[2021-11-25 15:18:35.093402] [0x00007f68d5063740] [debug]   Using provided key data for user test
[2021-11-25 15:18:35.327315] [0x00007f68d5063740] [debug]   Using provided key data for user test
[2021-11-25 15:18:35.423502] [0x00007f68d5063740] [debug]   Using provided key data for user test
[2021-11-25 15:18:35.658814] [0x00007f68d5063740] [debug]   Using provided key data for user test
[2021-11-25 15:18:35.670527] [0x00007f68d5063740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 15:18:35.670677] [0x00007f68d5063740] [debug]   Writing key material into /tmp/ssh-tmp-key-e498-71eb-90f5-92fe.t0kOjW & /tmp/ssh-tmp-key-e498-71eb-90f5-92fe.9vDAWV
[2021-11-25 15:18:35.680901] [0x00007f68d5063740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(85): Leaving test case "ssh"; testing time: 702556us
Leaving test module "agent"; testing time: 702588us

*** No errors detected

-> 1.8.2 with openssl

bastien at data-bastien:~$ docker run --rm -ti -v ~/project/test_libssh2:/mnt datafr/libssh2:1.8-openssl
root at 253a2a9cb406:/# ./test.sh 
-- The C compiler identification is GNU 10.3.0
[...]
[100%] Built target Tests
Running tests against ssh-test.cloud.data.fr
Running 1 test case...
Entering test module "agent"
/mnt/main.cpp(85): Entering test case "ssh"
[2021-11-25 16:15:24.037142] [0x00007eff97d92740] [debug]   Using provided key data for user test
[2021-11-25 16:15:24.172284] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 16:15:24.172460] [0x00007eff97d92740] [debug]   Writing key material into /tmp/ssh-tmp-key-c8b5-c3a4-8274-ceeb.dqhjZk & /tmp/ssh-tmp-key-c8b5-c3a4-8274-ceeb.uFneUi
[2021-11-25 16:15:24.253417] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(97): error: in "ssh": check rc == expected has failed [-19 != 0]
[2021-11-25 16:15:24.338374] [0x00007eff97d92740] [debug]   Using provided key data for user test
[2021-11-25 16:15:24.349975] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 16:15:24.350113] [0x00007eff97d92740] [debug]   Writing key material into /tmp/ssh-tmp-key-ac8c-b11e-62d5-817c.Jz3oqh & /tmp/ssh-tmp-key-ac8c-b11e-62d5-817c.u8nAWf
[2021-11-25 16:15:24.360342] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(99): error: in "ssh": check rc == expected has failed [-19 != 0]
[2021-11-25 16:15:24.445610] [0x00007eff97d92740] [debug]   Using provided key data for user test
[2021-11-25 16:15:24.457375] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 16:15:24.457518] [0x00007eff97d92740] [debug]   Writing key material into /tmp/ssh-tmp-key-2536-20b1-874b-9198.S9HhPe & /tmp/ssh-tmp-key-2536-20b1-874b-9198.SvJZHd
[2021-11-25 16:15:24.467618] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(101): error: in "ssh": check rc == expected has failed [-19 != 0]
[2021-11-25 16:15:24.550877] [0x00007eff97d92740] [debug]   Using provided key data for user test
[2021-11-25 16:15:24.562895] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 16:15:24.563066] [0x00007eff97d92740] [debug]   Writing key material into /tmp/ssh-tmp-key-c45d-d2bc-b793-01e8.qfdPWc & /tmp/ssh-tmp-key-c45d-d2bc-b793-01e8.mVLFbc
[2021-11-25 16:15:24.573456] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(103): error: in "ssh": check rc == expected has failed [-19 != 0]
[2021-11-25 16:15:24.658899] [0x00007eff97d92740] [debug]   Using provided key data for user test
[2021-11-25 16:15:24.670122] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
[2021-11-25 16:15:24.670253] [0x00007eff97d92740] [debug]   Writing key material into /tmp/ssh-tmp-key-792c-120f-be3b-899b.fyrZMb & /tmp/ssh-tmp-key-792c-120f-be3b-899b.bsNjob
[2021-11-25 16:15:24.680356] [0x00007eff97d92740] [debug]   LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED
/mnt/main.cpp(85): Leaving test case "ssh"; testing time: 708743us
Leaving test module "agent"; testing time: 708791us

*** 4 failures are detected in the test module "agent"


The 4th (last) test is expected to return
LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED, as the public key does not match
with the private key, but other should return ok (after the fallback in
non-openssl case)

I've exposed a VM where the user test can log-on with the keys embedded
in the repo (with a /bin/false shell) on ssh-test.cloud.data.fr.

Do you have hints on why it fails ?

Thanks,

-- 
Bastien Durel
DATA
Intégration des données de l'entreprise,
Systèmes d'information décisionnels.

bastien.durel at data.fr
tel : +33 (0) 1 57 19 59 28
fax : +33 (0) 1 57 19 59 73
45 avenue Carnot, 94230 CACHAN France
www.data.fr



More information about the libssh2-devel mailing list