Forum

Forums
SSH Support
Secure Shell
RSA3072
 
Notifications
Clear all

RSA3072

 
Secure Shell
Last Post by Daniel Jost 3 years ago
0 Posts
2 Users
0 Reactions
510 Views
RSS
 Daniel Jost
(@danjost)
Active Member
Joined: 3 years ago
Posts: 4
Topic starter 14/04/2022 6:04 pm  

I haven't been able to use Absolute with SSH key auth - I get invalid passphrase but it works with the windows baked in SSH client without a problem. The key length is 3072 on the key I have is that the issue?

Thanks


   
ReplyQuote
 bpence
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
14/04/2022 6:10 pm  

What version of Absolute are you using? There were some updates in the last release related to keys, key types, and encryption.

What was your procedure for generating the keypair? I could generate my own and test it end-to-end.

Brian


   
ReplyQuote
 Daniel Jost
(@danjost)
Active Member
Joined: 3 years ago
Posts: 4
Topic starter 08/06/2022 9:57 pm  

11.24

I did not generate the certificate so I can't say how it was done. It works with windows terminal and termius. I'd rather use Absolute though.


   
ReplyQuote
 bpence
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
09/06/2022 1:24 pm  

Strange. I generated a new 3072 bit rsa key using ssh-keygen under openssh and it works just fine.

Can you send me a spapshot of the key so I can see the format? Blur or cut out the key bits. I just need to see the top and bottom.

(see attached image for example)


   
ReplyQuote
 Daniel Jost
(@danjost)
Active Member
Joined: 3 years ago
Posts: 4
Topic starter 09/06/2022 1:49 pm  

It only has the begin and end markers, no markup in the file:
-----BEGIN OPENSSH PRIVATE KEY-----
thekeygoeshere
-----END OPENSSH PRIVATE KEY-----


   
ReplyQuote
 bpence
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
22/06/2022 8:51 pm  

I think I finally reproduced the problem and found an answer.

I had to generate a lot of keys in a lot of tools before I finally found it but I found it or at least something close enough to get us there.

The problem was twofold:
1. AbsoluteTelnet/SSH did not recognize a few of the encryption algorithms used to encrypt keys, so decryption was not possible.
2. Absolute was not reporting an unrecognized encryption type but was instead saying 'bad password' when opening the key failed.

So the fix is twofold as well....

1. Correctly report the accurate reason why a key cannot be opened (unrecognized encryption algorithm xxxxxx)
2. Implement some additional encryption algorithms more commonly used to encrypt keys

This may fix the problem completely for you, presuming this was the same as your problem and the additional encryption algorithms cover the one that you are using.

If not, it should give us a better error message that will guide us to the final solution.

Are you interested in trying the new 11.34 version?


   
ReplyQuote
 bpence
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
25/06/2022 4:03 am  

Well.... In case you get back here, this is the download link:

http://www.celestialsoftware.net/telnet/AbsoluteTelnet11.34.exe

Install it and try it. If the algorithm still isn't recognized, it should at least tell us which one it is. And we can go from there.

Brian


   
ReplyQuote
 Daniel Jost
(@danjost)
Active Member
Joined: 3 years ago
Posts: 4
Topic starter 17/07/2022 12:54 pm  

Sorry for the slow reply - I can connect now. Now I can get back to using a real SSH client.

Thanks!

Dan


   
ReplyQuote
 bpence
(@bpence)
Member Admin
Joined: 12 months ago
Posts: 1375
25/07/2022 11:28 am  

Thanks for getting back with me!! I'm glad everything is working now.


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: