connectbot
Pubkey authentication fails on Ubuntu servers
I have 2 computers with Ubuntu 12.04 and OpenSSH pubkey-only authentication.
Both computer is accessible and both computer can connect to each other using public key authentication. Everything works fine.
However with ConnectBot I can't connect both of them. Public key was installed correctly, and I used it before with previous versions of ConnectBot.
Now I can connect to both computer from other devices, but ConnectBot fails at the pubkey authentication.
After the following message does not happening anything:
Connecting to 192.168.xxx.xxx:22 via ssh protocol Identified 'EC' computer key: ... Key exchange algorithm: ecdh-sha2-nistp256 Used algorithm: aes256-ctr hmac-sha2-256 Trying to authenticate Trying 'pubkey' authentication, using any key in the memory
At this point seems that nothing happens. There is no error message, or anything.
After a few minute I got the following message:
Connection lost
This happening wit both of my computer. The connection is lost at same point, however bot of my computer can connect each other, everything works perfectly.
In the server log I can see the following line only:
Received disconnect from 192.168.xxx.xxx: 11: Closed due to user request. [preauth]
The server permissions and the authorized_keys file does not seems like corrupt, and I can still connect from other devices, except ConnectBot.
Here is the logcat messages:
E/CB.SSH ( 8215): Problem during handleAuthentication() E/CB.SSH ( 8215): java.lang.NullPointerException E/CB.SSH ( 8215): at org.connectbot.transport.SSH.promptForPubkeyUse(SSH.java:916) E/CB.SSH ( 8215): at org.connectbot.transport.SSH.authenticate(SSH.java:239) E/CB.SSH ( 8215): at org.connectbot.transport.SSH.connect(SSH.java:476) E/CB.SSH ( 8215): at org.connectbot.service.TerminalBridge$3.run(TerminalBridge.java:284) E/CB.SSH ( 8215): at java.lang.Thread.run(Thread.java:841)
Any more info you can give? Is this through a shortcut on the desktop? Over a 3G connection or WiFi?
I'm having the same problem. I'm using 1.8.6 from google play. Password based authentication works, but public key authentication does not. (This problem seems specific ECDSA. For example, RSA 2432 works for me.) I've tried with my phone on wifi and using my wireless carrier. I've tried connecting to a couple of different hosts. I've tried an ECDSA128 key and an ECDSA521 key. As soon as I grant connectbot permission to use the key (or immediately if I configure connectbot to use the key without prompting for permission) the connection is disconnected, apparently by connectobot. I used "sshd -ddd" and received the following output... On the phone: ... Key exchange algorithm: ecdh-sha2-nistp256 Using algorithm: aes256-ctr hmac-sha2-256 Trying to authenticate Attempting 'publickey' authentication with a specific public key
Connection Lost
On the server: ... debug1: attempt 0 failures 0 [preauth] debug3: mm_getpwnamallow entering [preauth] debug3: mm_request_send entering: type 8 [preauth] debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] debug3: mm_request_receive_expect entering: type 9 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 8 debug3: mm_answer_pwnamallow debug2: parse_server_config: config reprocess config len 487 debug3: auth_shadow_acctexpired: today 16847 sp_expire -1 days left -16848 debug3: account expiration disabled debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 9 debug2: monitor_read: 8 used once, disabling now debug2: input_userauth_request: setting up authctxt for truth [preauth] debug3: mm_inform_authserv entering [preauth] debug3: mm_request_send entering: type 4 [preauth] debug2: input_userauth_request: try method none [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 4 used once, disabling now < at the point the server log pauses until the connectbot is allowed to use the key > Connection closed by 192.168.2.150 [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_cleanup debug1: Killing privsep child 31005 debug1: audit event euid 0 user truth event 12 (CONNECTION_ABANDON)
My phone is a Moto X running Android 5.1. Kernel version is 3.4.42-gb476356.
BTW, overall connect bot is a fantastic tool. Thanks!!!
I also experience this. I'm using a 521 bit EC key generated and used on connectbot 1.8.6 and android 6.0.1.
Here is the key it generated: ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAEEC0Axp2hKU7BaB43bGSSLAjyzjrumnRJBbuEdQbCVkSULMBtrao23L2xgOowqyfZ/FWywF2csOZNRt4y+q/XBygC+6p9PPgHoSR8gVVnWdQD+nzeLUxO0DhgBylw06Zw73POIgUtiUa6cNYHdZadP53ckYJ/hoJjOhTv8gp5GB/i9TA== Phone public key
-----BEGIN PRIVATE KEY----- MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAB1SBjzq0scHoPLS Cww2XkfgLEaLm8TESkLtlY41CTutK/mvRlVqXtbf0yYv0EiGHbkt1ql5Lf4HYYO +I205q8aShgYkDgYYABAEEC0Axp2hKU7BaB43bGSSLAjyzjrumnRJBbuEdQbCVk SULMBtrao23L2xgOowqyfZ/FWywF2csOZNRt4y+q/XBygC+6p9PPgHoSR8gVVnW dQD+nzeLUxO0DhgBylw06Zw73POIgUtiUa6cNYHdZadP53ckYJ/hoJjOhTv8gp5 GB/i9TA== -----END PRIVATE KEY-----
Hope this helps.
I'm not sure if I'm seeing the same issue, but I also cannot use key authentication with ConnectBot when connecting to Raspbian. Tried with the existing keys (used on a PC) or with the ConnectBot-generated keys but none worked. It does recognize the key (although on my existing keys it reports bit strength as unknown) and unlocks them after passphrase is entered. Unlike the original report, what I would get after Attempting 'publickey' authentication line is Authentication method 'publickey' with key 'name-of-the-key' failed and then a long loop of repeated Trying to authenticate followed by [Your host doesn't support 'password' or 'keyboard-interactive' authentication.] (which is correct as it's disabled on the host).
This works OK with the VX ConnectBot fork, but ConnectBot has been my SSH client of choice for years so I'd prefer if this was fixed. :)
@kruton I'm not very faimiliar with the topic but here's what I could find: the main one I'm regularly using from PC and tried to use in CB is ssh-rsa 2048 bits. I no longer remember how it was generated but it's in openSSH format. The CB pubkey manager reports it as "RSA unknown-bit". The one I generated in CB is also ssh-rsa 2048, but CB correctly reports it as "RSA 2048-bit (encrypted)".
Both keys act the same within pubkey manager (both can be unlocked by typing in their passphrase). But neither works when connecting. While connecting, it states that key exchange algorithm is ecdh-sha2-nistp256 and then "using algorithm" aes256-ctr hmac-sha2-256.
Edit: I tried to generate another rsa key of 1024 bits in CB, added to the host's authorized_keys, but it behaved the same (i.e. no luck). This fresh key worked normally when tested on a PC.
Edit July 2017: I just wanted to comment that it does work again for me. I have since switched to a new Android device and thought I'd give it a try and it just worked without a hassle with my Raspberry Pis so I guess the issue (at least the one I was facing) was resolved in the meantime.
I am currently getting this issue with a 2048 bit SSH-RSA key. I get the same sequence of events as the original poster, I can see the session start to open, then my auth.log shows a
sshd[xxx]: Connection closed by {my android phone / CB} port xxxx [preauth]
and it says connection closed on CB.
Running a Nexus 6p, straight from Google, up to date with newest CB on PlayStore.
I'm using a Pixel XL, stock, connectbot from the play store (newest version).
RSA 2048 bits "just works" when I connect to an ubuntu 16.04 system.
The "EC" key, labeled ecdsa-sha2-nistp521 does not work.
Using an openSSH generated 2048-bit RSA key, Connectbot loops trying to authenticate, Tried up to ConnectBot-git-v1.9.0-alpha2-9-g5bb7413.apk.
Importing the same key into VX Connectbot from the Play store works.
The Linux host openSSH server reports:
error: key_verify: invalid format Failed publickey for xxxxxx from xxx.xxx.xxx.xxx port 44764 ssh2: RSA SHA256:tw/ChUzfaxbJuCMRypQio8GNh5nwSL7+QAQ4EQJUZ3w
Bump. Same bug. I get "Authentification method 'publickey' failed" and "Authentification method 'password' failed" although I'm sure I'm using the right keys and password. Same bug in ConnectBot-git-v1.9.0-alpha2-9-g5bb7413.apk and an earlier version. I also can't connect using Android SSH clients Telnet or Juice.
EDIT I realized that I had been using the wrong ip. Not quite sure how that happened but it seems like there are a lot of small settings that could be set wrong and cause SSH to get this error. I also may have forgotten to disable/open ports in my firewall.
I have since switched to JuiceSSH+mosh on Android.
On Thu, Jul 13, 2017 at 12:30 PM, Daniel M. Drucker < [email protected]> wrote:
Same here - public key based authentication does not work in connectbot.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/connectbot/connectbot/issues/359#issuecomment-315113623, or mute the thread https://github.com/notifications/unsubscribe-auth/AMgNT1yGNOOvYuwwiM7HFC_D9r-a_P6rks5sNjf9gaJpZM4G7XWt .
Not sure if it's the same issue, but I'm also getting
Authentiation method 'publickey' with key '...' failed
ConnectBot 1.9.8-oss on Android 12 (crDroid), Ubuntu 18.04.6 server. Tried ed25519, ECDA and RSA 2048 bit keys - same result.
