host public key retrival - WeOnlyDo Discussion board

host public key retrival (General questions)

by carsimex, Wednesday, October 08, 2008, 23:43 (5893 days ago)

Hello,
I need to retrieve host public key from SSHFTP server that supports automatic retrieval of host public key.

How do I do this using WeOnlyDo.Client.SFTP

Thank you,
Andrey.

Re: host public key retrival

by wodDamir, Thursday, October 09, 2008, 00:02 (5893 days ago) @ carsimex

Hi,

Do you perhaps have some client capable of doing so?

I'm not really sure that's possible... Usually this is done using fingerprint, which you can verify in HostFingerprint event. Is that what you had in mind?

Regards,
Damba

Re: host public key retrival

by carsimex, Thursday, October 09, 2008, 00:12 (5893 days ago) @ wodDamir

No,
My technical contact send me email and the only thing he said was:
Our SSHFTP server supports automatic retrieval of our host public key
If your software does not support automatic retrieval, contact us
and our host public key will be emailed to you.

Thanks

Re: host public key retrival

by wodDamir, Thursday, October 09, 2008, 09:29 (5892 days ago) @ carsimex

Hi,

No, that's not supported. I'm also unaware of any client capable of doing this. However, if your account supports password authentication, perhaps you could download the public key, since it is usually located in user's directory (usually in .ssh folder).

Also, if you're aware of any client supporting such a feature, we could perhaps add such a funtionality in the component.

Regards,
Damba

Re: host public key retrival

by carsimex, Thursday, October 09, 2008, 19:29 (5892 days ago) @ wodDamir

Thank you for a clearing this out to me. Now I just have one more thing to understand. I got host public key emailed to me. It looks somehting like this:
ssh-rsa AAAAB3NzaC1....

host SSHFTP connections will use public key authentication. PASSWORD AUTHENTICATION WILL NOT BE USED.

I also generate my private key using KeyManager and send it to company. Every example I see is using only one key. How do I use public key for authentication and where does the private key comes in play.

Thank you,
Andrey.

Re: host public key retrival

by carsimex, Thursday, October 09, 2008, 20:00 (5892 days ago) @ carsimex

Let me try to answer my own question.
I use public key I got from host to generate my private key that will be used in future communication.
This is the code I am using.

KeyManager km = new KeyManager();
try
{
km.Load(publicKeyPath, keyPassword);
}
catch (Exception)
{
km.Generate(SSHKeyTypes.RSAKey);
km.Save(SSHKeyTypes.RSAKey, path, Password);
}

Re: host public key retrival

by woddrazen, Thursday, October 09, 2008, 20:08 (5892 days ago) @ carsimex

Hi,


Public key is part of private key. Public key should be uploaded to server and private key should be used on client side.

So you can extract public key from private key but you can't do opposite. Public key that you received should be on server but you are still missing private key of that public key.

Do you maybe have somewhere that private key?

You can generate new private and public key using wodKeyManager but this will be new key pairs. In order to use that private and public key you should upload to server that public key and use generated private key on client side.

You can find here how to generate and save private and public key:
http://www.weonlydo.com/index.asp?kb=1&View=entry&EntryID=64


Drazen

Re: host public key retrival

by carsimex, Thursday, October 09, 2008, 21:42 (5892 days ago) @ woddrazen

this two lines Console.Write(key.PublicKeySSH(WeOnlyDo.Security.Cryptography.SSHKeyTypes.RSAKey)); Console.Write(key.PublicKeyOpenSSH(WeOnlyDo.Security.Cryptography.SSHKeyTypes.RSAKey));
put it in perspective for me.

Thank you for all you help.

Re: host public key retrival

by carsimex, Tuesday, October 14, 2008, 20:02 (5887 days ago) @ carsimex

I have generate Public and private keys, send my public key to host and trying to connect with my private key. I am able to connect to the host, but when I try to put file I am getting the following error:
Server returned an error: Permission denied

What I have been told, beside using private and public keys, I also must use there public key, but how do I use it?

I created debug file, Can you tell me if I am getting authenticated by the host and how I may use host public key in addition to my public / private keys pair.

Connect / Disconnect only
Connect::start
Connect::BeginConnect
Connect:end
ConnectNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Connecting
ConnectNotification:end
ReceiveNotification:start
ReceiveNotification:ExchangingIdentification
EndReceive before
ReceiveNotification:ExchangingIdentification received 39 bytes
ExchangeIdentification:start
ExchangeIdentification data: SSH-2.0-Connect:Enterprise_UNIX_2.2.00

ExchangeIdentification:sent SSH-2.0-WeOnlyDo.Net

ExchangeIdentification:end
ReceiveNotification:start
ReceiveNotification:Default
Received 288 bytes
CipherInbuf len = 288
DoSSH2Packet:start type=20
KexInit:start
Startpacket SSH2_MSG_KEXINIT
SendPacket:start
SendPacket:end
Startpacket SSH2_MSG_KEXDH_INIT
SendPacket:start
SendPacket:end
KexInit:end
DoSSH2Packet:end
SendNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Default
SendNotification:end
SendNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Default
SendNotification:end
ReceiveNotification:start
ReceiveNotification:Default
Received 464 bytes
CipherInbuf len = 464
DoSSH2Packet:start type=31
KexReply:start
CheckHostKey2:start
CheckHostKey2:end
Startpacket SSH2_MSG_NEWKEYS
SendPacket:start
SendPacket:end
KexInit:end
DoSSH2Packet:end
CipherInbuf len = 16
DoSSH2Packet:start type=21
NewKeys:start
Startpacket SSH2_MSG_SERVICE_REQUEST
SendPacket:start
SendPacket:end
NewKeys:end
DoSSH2Packet:end
SendNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Default
SendNotification:end
SendNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Default
SendNotification:end
ReceiveNotification:start
ReceiveNotification:Default
Received 52 bytes
CipherInbuf len = 52
DoSSH2Packet:start type=6
SendAuth:start
SendAuth:trying 'none'
SendPacket:start
SendPacket:end
SendAuth:end
DoSSH2Packet:end
SendNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Default
SendNotification:end
ReceiveNotification:start
ReceiveNotification:Default
Received 68 bytes
CipherInbuf len = 68
DoSSH2Packet:start type=51
CheckUserAuth:start
SendAuth:start
SendAuth:trying pubkey
SendPacket:start
SendPacket:end
SendAuth:end
DoSSH2Packet:end
SendNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Default
SendNotification:end
ReceiveNotification:start
ReceiveNotification:Default
Received 196 bytes
CipherInbuf len = 196
DoSSH2Packet:start type=60
SendPacket:start
SendPacket:end
DoSSH2Packet:end
SendNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Default
SendNotification:end
ReceiveNotification:start
ReceiveNotification:Default
Received 36 bytes
CipherInbuf len = 36
DoSSH2Packet:start type=52
CheckUserAuth:start
SendPacket:start
SendPacket:end
CheckUserAuth:end
DoSSH2Packet:end
SendNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Default
SendNotification:end
ReceiveNotification:start
ReceiveNotification:Default
Received 52 bytes
CipherInbuf len = 52
DoSSH2Packet:start type=91
SendChanRequest:start
SendChanRequest:end
StartShell:start
Startpacket SSH2_MSG_CHANNEL_REQUEST
SendPacket:start
SendPacket:end
StartShell:end
DoSSH2Packet:end
SendNotification:start
MethodNotification:start
MethodNotification:ExtendedStates.Default
SendNotification:end
ReceiveNotification:start
ReceiveNotification:Defau

When trying to putfile
Startpacket SSH2_MSG_CHANNEL_DATA
SendPacket:start
SendPacket:end
SendNotification:start
MethodNotification:start
MethodNotif...

Re: host public key retrival

by wodDamir, Tuesday, October 14, 2008, 20:16 (5887 days ago) @ carsimex

Hi,

Can you tell me what state was the component in when you receive this error?

Also, the error that you provided only tells that you don't have the sufficient rights to upload to that directory. Are you sure that you used the correct RemotePath? Can you verify that, perhaps with some other SFTP Client?

As for the Public key, it isn't used anywhere except on the server side. Client side doesn't use it since it uses private key for comparing both.

Regards,
Damba

Re: host public key retrival

by carsimex, Tuesday, October 14, 2008, 20:19 (5887 days ago) @ wodDamir

sftpClient.State Idle

Re: host public key retrival

by wodDamir, Tuesday, October 14, 2008, 20:23 (5887 days ago) @ carsimex

Hi,

In that case, you are connected, and Authentication was successful.

regards,
Damba

Re: host public key retrival

by carsimex, Tuesday, October 14, 2008, 20:38 (5887 days ago) @ wodDamir

Thank you for being patient with me.
The tech guy i am working with on the other side told me that I have to add there public key to my known host.
Any idea how I do this?

Thanks.

Re: host public key retrival

by wodDamir, Tuesday, October 14, 2008, 20:45 (5887 days ago) @ carsimex

Hi,

Actually, wodSFTP does that automatically. What you are reffering to is done in HostFingerPrint event by setting Accept parameter to true (default).

Usually a client will ask you to verify if that is the right server that you want to connect. When you connect to server, it presents you with hashed public key value (fingerprint), which you can then store (to verify it's the same server in future) etc. Since wodSFTP will automatically accept this, you don't need to do anything manually.

Regards,
Damba

Re: host public key retrival

by carsimex, Tuesday, October 14, 2008, 22:28 (5887 days ago) @ wodDamir

Is there specific place on a client I can store host's public key?

Re: host public key retrival

by wodDamir, Tuesday, October 14, 2008, 22:37 (5887 days ago) @ carsimex

Hi,

The public key is already in your PrivateKey... PrivateKey contains both, while Public key doesn't. Public key only contains public key part.

When you load PrivateKey into wodKeyManager, you can check public key, as well as PrivateKey.

I don't see what you're aiming at. You could store it (fingerprint) wherever you want, but you can then only use it to compare the local fingerprint with the one that server provides you with. But I don't think that's what you need.

The component loaded the private key. You got authenticated and connected. When you upload a file, you receive Permission denied error, which signals that you don't have permission to upload a file to that location. Are you sure that you set RemotePath correctly? Can you verify that?

Regards,
Damba

Re: host public key retrival

by carsimex, Wednesday, October 15, 2008, 17:46 (5886 days ago) @ wodDamir

After looking more closely I found that remote path was not reference correctly and instead of writing to a specific folder I was trying to put file in the root.

Thanks a lot for all of your support.