Forum

Notifications
Clear all

RSA3072

0 Posts
2 Users
0 Reactions
596 Views
(@danjost)
Active Member
Joined: 3 years ago
Posts: 4
Topic starter  

I haven't been able to use Absolute with SSH key auth - I get invalid passphrase but it works with the windows baked in SSH client without a problem. The key length is 3072 on the key I have is that the issue?

Thanks


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

What version of Absolute are you using? There were some updates in the last release related to keys, key types, and encryption.

What was your procedure for generating the keypair? I could generate my own and test it end-to-end.

Brian


   
ReplyQuote
(@danjost)
Active Member
Joined: 3 years ago
Posts: 4
Topic starter  

11.24

I did not generate the certificate so I can't say how it was done. It works with windows terminal and termius. I'd rather use Absolute though.


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Strange. I generated a new 3072 bit rsa key using ssh-keygen under openssh and it works just fine.

Can you send me a spapshot of the key so I can see the format? Blur or cut out the key bits. I just need to see the top and bottom.

(see attached image for example)


   
ReplyQuote
(@danjost)
Active Member
Joined: 3 years ago
Posts: 4
Topic starter  

It only has the begin and end markers, no markup in the file:
-----BEGIN OPENSSH PRIVATE KEY-----
thekeygoeshere
-----END OPENSSH PRIVATE KEY-----


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

I think I finally reproduced the problem and found an answer.

I had to generate a lot of keys in a lot of tools before I finally found it but I found it or at least something close enough to get us there.

The problem was twofold:
1. AbsoluteTelnet/SSH did not recognize a few of the encryption algorithms used to encrypt keys, so decryption was not possible.
2. Absolute was not reporting an unrecognized encryption type but was instead saying 'bad password' when opening the key failed.

So the fix is twofold as well....

1. Correctly report the accurate reason why a key cannot be opened (unrecognized encryption algorithm xxxxxx)
2. Implement some additional encryption algorithms more commonly used to encrypt keys

This may fix the problem completely for you, presuming this was the same as your problem and the additional encryption algorithms cover the one that you are using.

If not, it should give us a better error message that will guide us to the final solution.

Are you interested in trying the new 11.34 version?


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Well.... In case you get back here, this is the download link:

http://www.celestialsoftware.net/telnet/AbsoluteTelnet11.34.exe

Install it and try it. If the algorithm still isn't recognized, it should at least tell us which one it is. And we can go from there.

Brian


   
ReplyQuote
(@danjost)
Active Member
Joined: 3 years ago
Posts: 4
Topic starter  

Sorry for the slow reply - I can connect now. Now I can get back to using a real SSH client.

Thanks!

Dan


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Thanks for getting back with me!! I'm glad everything is working now.


   
ReplyQuote
Share: