[erlang-questions] SSH 4.5 bug ?

Jean Parpaillon <>
Tue Jul 25 12:41:53 CEST 2017


Hi all,
Sorry if this question has already been raised but I couldn't get any
information...

I've written an ssh-based application with OTP. I'm using rsa keys for
authentication.
ssh version:

$ ssh -V
OpenSSH_7.5p1 Debian-5, OpenSSL 1.0.2l  25 May 2017

With elixir 1.4.5 / erlang 18.3, the application works fine. With
elixir 1.4.5 / erlang 20.0 (Debian package from Erlang Solutions),
authentication fails with 'Permission denied (publickey)'.

The failing call trace:
ssh_auth:handle_userauth_request/1
ssh_transport:verify/4
public_key:verify/4
crypto:verify/5 -> returns false

I've seen potential incompatibilites in http://erlang.org/doc/apps/ssh/
notes.html
I suppose using recent ssh client, negotation should avoid
incompatibilites...

Any idea ? Known bug ? 

Thank you for your help !

Here is the trace from SSH connection:

$ ssh -p 10022 -v localhost
OpenSSH_7.5p1 Debian-5, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /home/jean/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [::1] port 10022.
debug1: connect to address ::1 port 10022: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 10022.
debug1: Connection established.
debug1: identity file /home/jean/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jean/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5p1 Debian-5
debug1: Remote protocol version 2.0, remote software version Mingus
Orchestrator
debug1: no match: Mingus Orchestrator
debug1: Authenticating to localhost:10022 as 'jean'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256
compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256
compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:/Yf6jxsGavhDvq5XRwjdG6sgLT3o2Xs06d63lhXWRjg
debug1: Host '[localhost]:10022' is known and matches the ECDSA host
key.
debug1: Found key in /home/jean/.ssh/known_hosts:895
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ecdsa-sha2-nistp384,ecdsa-
sha2-nistp521,ecdsa-sha2-nistp256,ssh-rsa,rsa-sha2-256,rsa-sha2-
512,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jean/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 277
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: 
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/jean/.ssh/id_dsa
debug1: Trying private key: /home/jean/.ssh/id_ecdsa
debug1: Trying private key: /home/jean/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).






-- 
Jean Parpaillon
--
Senior Developper @ KBRW Adventure
Chairman @ OW2 Consortium
--
Phone: +33 6 30 10 92 86
im: 
skype: jean.parpaillon
linkedin: http://www.linkedin.com/in/jeanparpaillon/en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170725/db70b64c/attachment.html>


More information about the erlang-questions mailing list