Xagent not working correctly [2]

Xagent not working correctly

Wednesday, January 23, 2013 8:04 AM - Ivan

Hi,

I am evaluating this software to be a primary tool for SSH connection. I have issues using Xagent.

First issue:
I have SSH1 and SSH2 keys imported and opened in the agent.

server1 is a "ssh gateway" server.

If I connect to server1 with SSH1 key, it is not possible to connect from server1 to server2 with SSH2 key.

Error:
user@sshgw:~>
$ ssh -v -2 pikacu
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /home/user/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to pikacu [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version Sun_SSH_1.1.3
debug1: no match: Sun_SSH_1.1.3
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-sha1 zlib
debug1: kex: client->server aes128-cbc hmac-sha1 zlib
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'pikacu' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1784
debug1: ssh_rsa_verify: signature correct
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key:
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug1: Offering public key:
debug1: Server accepts key: pkalg ssh-rsa blen 277
Agent admitted failure to sign using the key.
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).

When I close the key, Xagent is correctly asking password for the closed SSH2 key and opens it, but connection is closed with the same error.

If I connect to server1 with SSH2 key, it is not possible to connect from server1 to server2 with SSH1 key.

Error:
user@server:~>
$ ssh -v -1 pikacu
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /home/user/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to pikacu [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: Remote protocol version 1.99, remote software version Sun_SSH_1.1.3
debug1: no match: Sun_SSH_1.1.3
debug1: Local version string SSH-1.5-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'pikacu' is known and matches the RSA1 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1769
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication via agent with ''
debug1: Received RSA challenge from server.
Bad authentication response: 14

When I close the key, Xagent is correctly asking password for the closed SSH1 key and opens it, but connection is closed with the same error.

If the same version of SSH key is used to connect to server1 and server2, connection is OK.

Here is my SSH client config file:

user@sshgw:~>
$ cat .ssh/config
Host *
Compression yes
ForwardX11 yes
ForwardAgent yes
StrictHostKeyChecking no
CheckHostIP yes
Protocol 1,2

Second issue:
I have "cheap VPN" established via SSH with no TTY allocation and SSH tunneling to closed network.

When the SSH1 key is closed in the agent, password is requested to unlock the key. Key is unlocked and connection closed.

Error:
The server sent disconnect packet.
Protocol error: expected packet type 8, got 6

[16:45:35] Version exchange initiated...
[16:45:35] server: SSH-1.5-OpenSSH_2.3.0p7
[16:45:35] client: SSH-1.5-nsssh2_4.0.0027 NetSarang Computer, Inc.
[16:45:35] SSH1 is selected.
[16:45:35] Host authentication initiated...
[16:45:35] Hostkey fingerprint:
[16:45:35] ssh-rsa 1024 8a:ef:0a:f8:2f:c7:26:3e:c3:63:69:3e:9e:01:e4:43
[16:45:35] Accepted.
[16:45:35] Exchanging encryption algorithm...
[16:45:35] 3des is selected.
[16:45:35] User authentication initiated...
[16:45:35] Sent user name 'user'.
[16:45:35] Server support public key authentication method.
[16:45:35] Trying to find ssh-agent...
[16:45:35] Xagent is running. Connecting to ssh-agent...
[16:45:35] Received 2 identity-blob(s) from ssh-agent.
[16:45:35] Trying next identity blob...
[16:45:35] Sent public key blob.
[16:45:36] Received rsa challenge.

[16:45:36] Sent sign request to ssh-agent.
[16:45:39] Received an empty rsa response from ssh-agent.
[16:45:39] Trying next identity blob...
[16:45:39] Sent public key blob.

Connection closed by foreign host.

It is not possible to test with SSH2 key now.

Third issue:
It is not possible to use ssh-add on server1 to add another SSH key. Xagent is refusing to add this key to the list.

user@sshgw:~>
$ ssh-add .ssh/ssh2_key
Enter passphrase for .ssh/ssh_key:
SSH_AGENT_FAILURE
SSH_AGENT_FAILURE
Could not add identity: .ssh/ssh_key

The list of SSH keys listed from server1 is strange, also SSH key comments are missing in the output:

user@sshgw:~>
$ ssh-add -l
1024 63:3d:81:14:65:1a:36:ce:0a:f1:87:85:8c:45:0d:65 (RSA1)
2048 a7:da:84:b8:95:7f:f3:70:71:e3:5f:77:bd:3b:30:0f (RSA1)
1024 96:cf:c4:55:7e:07:a1:9c:6a:d8:cb:5d:42:20:42:4c (RSA)
2048 3d:f4:06:5b:e7:e7:f6:bb:07:88:63:11:a8:74:85:b5 (RSA)

All these issues are not present if putty and pageant are used.

Also please note the list of keys

user@sshgw:~>
$ ssh-add -l
1024 63:3d:81:14:65:1a:36:ce:0a:f1:87:85:8c:45:0d:65 comment (RSA1)
2048 3d:f4:06:5b:e7:e7:f6:bb:07:88:63:11:a8:74:85:b5 comment (RSA)

Kind regards,
Ivan

Program Ver. : Xshell 4


Re: Xagent not working correctly

Monday, January 28, 2013 7:01 PM - Support

We are investigating this issue right now. Thank you for reporting this.

Meanwhile, if you have any new information, please feel free to share.



---
Technical Support


Re: Xagent not working correctly

Monday, February 11, 2013 1:39 AM - Ivan

Hi,

I have no news, but I can help. You can reach me via email I specified ...

Kind regards,
Ivan


Previous views: 242