Posh-SSH
Posh-SSH copied to clipboard
darkoperator
SSH Blank Password Issue (or maybe a FIPS issue...)
I've been successfully using version 1.7.2 due to my server logon requiring a username but a blank password over SSH. However, I would like to upgrade to 3.0+ but somewhere between 1.7.2 and 3.0.4, an issue has developed and I cannot connect due to this error (which I've only seen referenced in two other Posh-SSH issues which remain unresolved):
New-SSHSession : Exception has been thrown by the target of an invocation.
At line:1 char:1
+ New-SSHSession -AcceptKey:$true
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Renci.SshNet.SshClient:SshClient) [New-SSHSession], TargetInvocationE
xception
+ FullyQualifiedErrorId : SSH.NewSshSession
My organization would like to move me to the newer software for support/security reasons, but due to the above issue, I'm in a bit of a bind.
I can successfully login with 1.7.2:
But 3.0.4 (which I manually downloaded and unblocked the files) throws the above error:
I'm fairly certain that the issue is the blank password, because I'm at a loss to what else could be causing an issue simply at logon. Any attention that could be given to this issue would be greatly appreciated.
Can you test is it Posh-SSH or Renci.SSH.Net issue ?
$hostname = ''
$port = 22
$username = 'user'
$password = ''
#path to posh-ssh/Assembly/Renci
Add-Type -Path D:\Work\ps\Modules\Posh-SSH\3.0.4\Assembly\Renci.SshNet.dll
$ssh =[Renci.SshNet.SshClient]::new($host, $port, $username, $password)
$ssh.Connect()
If you get exception/error this is a https://github.com/sshnet/SSH.NET issue
Thanks. I gave that a try with my hostname/port/username/password and now I'm getting a different error, which I believe is likely going to be far more troublesome. Regardless of anyone's thoughts on FIPS, it is enabled by group policy and I have no ability to change that.
Not sure why 1.7.2 would be agreeable to FIPS but 3.0.4 not. I'll add a ticket to SSH.NET Thanks again for the direction.
Exception calling "Connect" with "0" argument(s): "This implementation is not part of the Windows Platform FIPS
validated cryptographic algorithms."
At line:1 char:1
+ $ssh.Connect()
+ ~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException
Weird error, are you sure you removed fully the previous version, I’m trying to replicate it on Windows 10 and 11 with no luck. What version of windows is this? DLLs loaded from a previous module are not unloaded with remove-module, you would need to start a new PS window JIC
On Jun 10, 2022, at 10:00 AM, mike-schmitt @.***> wrote:
I've been successfully using version 1.7.2 due to my server logon requiring a username but a blank password over SSH. However, I would like to upgrade to 3.0+ but somewhere between 1.7.2 and 3.0.4, an issue has developed and I cannot connect due to this error (which I've only seen referenced in two other Posh-SSH issues which remain unresolved):
New-SSHSession : Exception has been thrown by the target of an invocation. At line:1 char:1
- New-SSHSession -AcceptKey:$true
+ CategoryInfo : InvalidOperation: (Renci.SshNet.SshClient:SshClient) [New-SSHSession], TargetInvocationE xception + FullyQualifiedErrorId : SSH.NewSshSessionMy organization would like to move me to the newer software for support/security reasons, but due to the above issue, I'm in a bit of a bind.
I can successfully login with 1.7.2: https://user-images.githubusercontent.com/107260053/173081576-755a42f4-f47d-4b09-95db-7f14ee596717.png But 3.0.4 (which I manually downloaded and unblocked the files) throws the above error: https://user-images.githubusercontent.com/107260053/173081743-04721985-8396-46e2-be37-356e0e94a5f8.png I'm fairly certain that the issue is the blank password, because I'm at a loss to what else could be causing an issue simply at logon. Any attention that could be given to this issue would be greatly appreciated.
— Reply to this email directly, view it on GitHub https://github.com/darkoperator/Posh-SSH/issues/465, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAD7IHWFCVZ4ZHRNFAIRNLTVONC63ANCNFSM5YNZCNJQ. You are receiving this because you are subscribed to this thread.
FIPS is a know issue with the library, been open for 5yr it seems https://github.com/sshnet/SSH.NET/issues/190
Sent from my iPhone
On Jun 10, 2022, at 5:28 PM, Mike Schmitt @.***> wrote:
Thanks. I gave that a try with my hostname/port/username/password and now I'm getting a different error, which I believe is likely going to be far more troublesome. Regardless of anyone's thoughts on FIPS, it is enabled by group policy and I have no ability to change that.
Not sure why 1.7.2 would be agreeable to FIPS but 3.0.4 not. I'll add a ticket to SSH.NET Thanks again for the direction.
`Exception calling "Connect" with "0" argument(s): "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." At line:1 char:1
$ssh.Connect()
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : InvalidOperationException` — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.
I can confirm that version 2023.0.0 can be run on a FIPS compliant system.
Update your Nuget and this can be closed.
@A9G-Data-Droid - Thank you much for sharing.
@darkoperator - With the release of v3.1.1, I can confirm that the issue was resovled and I think I can verify that the issue was indeed a FIPS connection (which is still in place and unchanged from when I initially added this issue). I'm good with closing this issue. Thank you so much for your work on this project. It's a life saver for me and I'd likely quit my job if I wasn't able to use it :-D