F-Secure Server - WeOnlyDo Client issue to authen - WeOnlyDo Discussion board

F-Secure Server - WeOnlyDo Client issue to authen (General questions)

by Sreekumar, Thursday, October 21, 2004, 07:46 (7339 days ago)

I installed the F-secure server and tried to connect using WeOnlyDo client. I am unable to authenticate using Public/Private key pair. It works fine with F-Secure Server - F-secure client. When tried to connect F-secure server with User Name Password from WeOnlyDo client it worked fine.

Attached is the list of steps i did along with the code snippet.

1. Code to create Public/Private Key

//Private Key
String Filename = @ C:UserKeysWeOnlyDoSshUser ;
//Public Key
String FilenamePub = @ C:UserKeysWeOnlyDoSshUser.pub ;

KeyManager km = new KeyManager();
try
{
km.Generate(SSHKeyTypes.DSAKey );
km.Save(SSHKeyTypes.DSAKey, Filename);

//Public Key Tried copying and pasting from the output
Console.Write(km.PublicKeySSH(SSHKeyTypes.DSAKey));

//Public Key Tried directly writing to file
StreamWriter sw = new StreamWriter(FilenamePub);
sw.Write(km.PublicKeySSH(SSHKeyTypes.DSAKey));
sw.Flush();
sw.Close();

}
catch(Exception ex)
{
string msg = ex.Message ;
}

2. Created a user 'SshUser' (Local to that machine) in the server running F-secure Server

4. Copied WeOnlyDoSshUser.pub to C:Documents and Settingssshuser.ssh2

5. Created a file named authorization in the above stated folder with key WeOnlyDoSshUser.pub as text data

6. F-Secure server setting are default except only enabled authentication is Public Key

7. Code to connect to server
SSH Ssh1 = new SSH();
Ssh1.Hostname = TextBox2.Text //IP Address;
Ssh1.Login = sshuser ;
Ssh1.Port =22;
String Filename = @ CUserKeysWeOnlyDoSshUser ;
Ssh1.Protocol = WeOnlyDo.Client.SSH.SupportedProtocols.SSH2;
Ssh1.Timeout = 30;

Ssh1.Authentication = WeOnlyDo.Client.SSH.Authentications.PublicKey;

WeOnlyDo.Security.Cryptography.KeyManager km = new WeOnlyDo.Security.Cryptography.KeyManager();

WeOnlyDo.Security.Cryptography.SSHKeyTypes type = km.Load(Filename);

Ssh1.PrivateKey = km.PrivateKey(type);
Ssh1.Connect();

------------------------------------------------------------
This is showing error
Authentication with the server failed.
------------------------------------------------------------
Note : While connecting using f-secure client to F-secure server
using Public key it's working.

While connecting using WeOnlyDo client to F-secure server
using Password it's working.

Please help me

Thanks

Sreekumar

Re: F-Secure Server - WeOnlyDo Client issue to au

by wodSupport, Thursday, October 21, 2004, 10:49 (7339 days ago) @ Sreekumar

Sreekumar,

if you have existing key that work with f-secure client, did you try loading that key to wodKeyManager and connect with it? So, you can do something like this:

[code]KeyManager km = new KeyManager();
km.Load( your_private_key_from_f-secure );

SSH Ssh1 = new SSH();
Ssh1.Hostname = TextBox2.Text //IP Address;
Ssh1.Login = sshuser ;
Ssh1.Port =22;
Ssh1.Protocol = WeOnlyDo.Client.SSH.SupportedProtocols.SSH2;
Ssh1.Timeout = 30;
Ssh1.Authentication = WeOnlyDo.Client.SSH.Authentications.PublicKey;
Ssh1.PrivateKey = km.PrivateKey(type);
Ssh1.Connect();
[/code]

Re: F-Secure Server - WeOnlyDo Client issue to au

by Sreekumar, Friday, October 22, 2004, 11:42 (7338 days ago) @ wodSupport

I tried using the key generated by F-secure and even with Putty
It's getting connected but at the same moment it's getting
disconnected. When I click connect button

The text box to show status shows

CONNECTED!

DISCONNECTED!

But's it's working fine with SFTP, Can we specify portocol for SFTP as SSH2 or so, is the SFTP by default using SSH2 protocol ?


Re: F-Secure Server - WeOnlyDo Client issue to au

by wodSupport, Friday, October 22, 2004, 16:15 (7337 days ago) @ Sreekumar

Sreekumar,

SFTP always work on top of SSH2 - so you cannot specify any other protocol.

About this 'Disconnect' issue. Can you run F-Secure in debug mode, and then check out it's debug log why it disconnects client?

Re: F-Secure Server - WeOnlyDo Client issue to au

by Sreekumar, Thursday, October 28, 2004, 08:45 (7332 days ago) @ wodSupport

Following is the debuglog when i tried to use public key and getting disconnected just after getting connected, but works fine with password.
42:20:392 - Connect::start
42:20:432 - SetState start: b
42:20:442 - SetState end
42:20:442 - Connect::BeginConnect
42:20:442 - Connect:end
42:20:472 - MethodNotification:start
42:20:472 - MethodNotification:ExtendedStates.Connecting
42:20:482 - SetState start: c
42:20:482 - SetState end
42:20:533 - ReceiveNotification:start
42:20:533 - ReceiveNotification:ExchangingIdentification
42:20:543 - ExchangeIdentification:start2
42:20:543 - ExchangeIdentification:received SSH-2.0-3.2.3 F-Secure SSH Windows NT Server

42:20:543 - ExchangeIdentification:sent SSH-2.0-WeOnlyDo.Net

42:20:563 - ExchangeIdentification:end
42:20:563 - SetState start: d
42:20:563 - SetState end
42:20:573 - ReceiveNotification:start
42:20:573 - ReceiveNotification:Default
42:20:583 - DoSSH2Packet:start type=2
42:20:583 - DoSSH2Packet:end
42:20:583 - DoSSH2Packet:start type=20
42:20:593 - KexInit:start
42:20:603 - SendPacket:start
42:20:613 - SendPacket:end
42:20:793 - SendPacket:start
42:20:793 - SendPacket:end
42:20:793 - KexInit:end
42:20:793 - DoSSH2Packet:end
42:20:803 - MethodNotification:start
42:20:803 - MethodNotification:ExtendedStates.Default
42:20:803 - MethodNotification:start
42:20:803 - MethodNotification:ExtendedStates.Default
42:20:823 - ReceiveNotification:start
42:20:823 - ReceiveNotification:Default
42:20:823 - DoSSH2Packet:start type=2
42:20:833 - DoSSH2Packet:end
42:20:833 - DoSSH2Packet:start type=31
42:20:833 - KexReply:start
42:20:843 - CheckHostKey2:start
42:20:843 - CheckHostKey2:end
42:21:143 - SendPacket:start
42:21:143 - SendPacket:end
42:21:153 - KexInit:end
42:21:153 - DoSSH2Packet:end
42:21:153 - MethodNotification:start
42:21:153 - MethodNotification:ExtendedStates.Default
42:21:164 - ReceiveNotification:start
42:21:164 - ReceiveNotification:Default
42:21:164 - DoSSH2Packet:start type=2
42:21:174 - DoSSH2Packet:end
42:21:174 - DoSSH2Packet:start type=21
42:21:174 - NewKeys:start
42:21:184 - SendPacket:start
42:21:194 - SendPacket:end
42:21:194 - NewKeys:end
42:21:194 - DoSSH2Packet:end
42:21:204 - MethodNotification:start
42:21:204 - MethodNotification:ExtendedStates.Default
42:21:354 - ReceiveNotification:start
42:21:364 - ReceiveNotification:Default
42:21:374 - DoSSH2Packet:start type=2
42:21:374 - DoSSH2Packet:end
42:21:374 - DoSSH2Packet:start type=6
42:21:384 - SendAuth:start
42:21:384 - SendAuth:trying 'none'
42:21:384 - SendPacket:start
42:21:394 - SendPacket:end
42:21:394 - SendAuth:end
42:21:394 - DoSSH2Packet:end
42:21:404 - MethodNotification:start
42:21:404 - MethodNotification:ExtendedStates.Default
42:21:404 - ReceiveNotification:start
42:21:414 - ReceiveNotification:Default
42:21:414 - DoSSH2Packet:start type=2
42:21:414 - DoSSH2Packet:end
42:21:424 - DoSSH2Packet:start type=51
42:21:424 - CheckUserAuth:start
42:21:434 - SendAuth:start
42:21:434 - SendAuth:trying pubkey
42:21:434 - SendPacket:start
42:21:444 - SendPacket:end
42:21:444 - SendAuth:end
42:21:454 - DoSSH2Packet:end
42:21:454 - MethodNotification:start
42:21:464 - MethodNotification:ExtendedStates.Default
42:21:464 - ReceiveNotification:start
42:21:464 - ReceiveNotification:Default
42:21:474 - DoSSH2Packet:start type=2
42:21:474 - DoSSH2Packet:end
42:21:474 - DoSSH2Packet:start type=60
42:21:544 - SendPacket:start
42:21:554 - SendPacket:end
42:21:554 - DoSSH2Packet:end
42:21:554 - MethodNotification:start
42:21:564 - MethodNotification:ExtendedStates.Default
42:21:564 - ReceiveNotification:start
42:21:574 - ReceiveNotification:Default
42:21:574 - DoSSH2Packet:start type=2
42:21:584 - DoSSH2Packet:end
42:21:584 - DoSSH2Packet:start type=52
42:21:584 - CheckUserAuth:start
42:21:594 - SendPacket:start
42:21:594 - SendPacket:end
42:21:604 - CheckUserAuth:end
42:21:604 - DoSSH2Packet:end
42:21:614 - MethodNotification:start
42:21:614 - MethodNotification:ExtendedStates.Default
42:21:624 - ReceiveN

Re: F-Secure Server - WeOnlyDo Client issue to au

by wodSupport, Thursday, October 28, 2004, 19:54 (7331 days ago) @ Sreekumar

Sreekumar,

if you look at our logs, you will see that public key authentication failed by the server.

I was hoping to see server logs. Can you get those?

Re: F-Secure Server - WeOnlyDo Client issue to au

by Sreekumar, Friday, October 29, 2004, 07:43 (7331 days ago) @ wodSupport

I couldn't find log from the server, it's logging to windows log, but didn't find access denayed error. It's getting connected, so it's getting authenticated, if i give a private key which does not have it's public key in the server it's reporting ' authentication error', so isn't getting validated ? SFTP component is working fine in the same condition. So the server configuration i accepting the private/public key authentication. Does this be an issue due to the fact that I am using evaluvation component?

Re: F-Secure Server - WeOnlyDo Client issue to au

by Sreekumar, Friday, October 29, 2004, 14:15 (7331 days ago) @ Sreekumar

When i try to use Command Property SSH is returning an error
Could not obtain channel pty on remote server. can u help me out in this too :(

thanks

Re: F-Secure Server - WeOnlyDo Client issue to au

by wodSupport, Friday, October 29, 2004, 14:20 (7331 days ago) @ Sreekumar

Sreekumar,

to run server in debug mode, first stop it as a service, then go to it's folder (in program files...), then start it with -ddd or -d4 switch.

Pty problem is easy - set wodSSH.AllocatePty = FALSE property.

Re: F-Secure Server - WeOnlyDo Client issue to au

by wodSupport, Friday, October 29, 2004, 14:21 (7331 days ago) @ wodSupport

Can you please send me email to techsupport@weonlydo.com about this. We'll try to work on this together - I can fire up our local f-secure server to play with, or we could connect to yours if possible, and finally resolve this problem.

Re: F-Secure Server - WeOnlyDo Client issue to au

by wodSupport, Friday, October 29, 2004, 14:22 (7331 days ago) @ wodSupport

Not sure if I asked (i don't see this question above), are you using same key to authenticate as you use with f-secure client? Or you use new key?

Re: F-Secure Server - WeOnlyDo Client issue to au

by Sreekumar, Saturday, October 30, 2004, 06:28 (7330 days ago) @ wodSupport

Yes the same key for SSH.NET and SFTP

Re: F-Secure Server - WeOnlyDo Client issue to au

by wodSupport, Sunday, October 31, 2004, 02:22 (7329 days ago) @ Sreekumar

Sreekumar,

I don't have problems like you. I just installed F-Secure (It announced itself as SSH-2.0-3.2.0 F-Secure SSH Windows NT Server)

and here's what I did:

1. I generated key and saved it locally
[code]WeOnlyDo.Security.Cryptography.KeyManager km = new WeOnlyDo.Security.Cryptography.KeyManager();
km.Generate(WeOnlyDo.Security.Cryptography.SSHKeyTypes.DSAKey);
km.Save(WeOnlyDo.Security.Cryptography.SSHKeyTypes.DSAKey, c:\\mykey.priv );[/code]


2. I took it's public key
[code]String a = km.PublicKeySSH(WeOnlyDo.Security.Cryptography.SSHKeyTypes.DSAKey);
Console.WriteLine(a);[/code]

and pasted contents on the server in c:\documents and settings\kreso\.ssh2\1.pub
and in file c:\documents and settings\kreso.ssh2\authorization I added line
key 1.pub

3. I used this code to connect:
[code]WeOnlyDo.Security.Cryptography.KeyManager km = new WeOnlyDo.Security.Cryptography.KeyManager();
km.Load( c:\mykey.priv );

WeOnlyDo.Client.SSH ssh = new WeOnlyDo.Client.SSH();
ssh.Hostname = 192.168.0.31 ;
ssh.Login = kreso ;
ssh.Authentication = WeOnlyDo.Client.SSH.Authentications.PublicKey;
ssh.PrivateKey = km.PrivateKey(WeOnlyDo.Security.Cryptography.SSHKeyTypes.DSAKey);
ssh.Blocking = true;
ssh.Connect();[/code]

it worked without any problems.

Can you try above steps?

Re: F-Secure Server - WeOnlyDo Client issue to au

by Benny, Sunday, October 31, 2004, 06:46 (7329 days ago) @ wodSupport

Sreekumar has sent you the mail as requested.
I am part of his team.

Let me explain our scenario.

We bought the f-secure client software, generated a public key, and sent it to our main office where our UNIX box is located. They loaded the key and gave us access to the UNIX box.
We are not able to send and recieve files to and from them.
At times, when the file sizes are really big, we have connection cut issues.
That is why we are evaluating your WeOnlyDo component in which error handling can be done in .NET

Now some questions for you.
can we use the public key generated from FSecure with your SSH and SFTP component?
Or do we need to generate a private key using PuttyGen and send to our main office for them to add in their UNIX box again?

Please outline the steps we need to follow in this regard.

Regards

Benny

Can you please send me email to techsupport@weonlydo.com about this. We'll try to work on this together - I can fire up our local f-secure server to play with, or we could connect to yours if possible, and finally resolve this problem.

Re: F-Secure Server - WeOnlyDo Client issue to au

by wodSupport, Sunday, October 31, 2004, 10:28 (7329 days ago) @ Benny

Benny,

yes, you can use keys generated by f-secure client, just load them using wodKeyManager. Since public key is already uploaded to the server in that case (I suppose it is since you use f-secure client with that key) there are less steps actually that you need to perform.

Did you try my code I posted in above message? It shows what you need to do. If you already have f-secure key, it's enough to use only last code snippet (one that starts with '3. I used this code to connect'), just replace path to your private key, and change hostname and login. That's it. Can you try that?