View Single Post
  #1  
Old 08-28-2012, 12:06 PM
rciulla rciulla is offline
Registered User
 
Join Date: Aug 2012
Posts: 2
Openssl with SecureCRT

Hi,
I'm evaluating SecureCRT to see if it will work with the SSH-2 server we a developing. I apologize if this question has already been answered and or its very basic . I have not been able to find anything using the forms search tool and I am very green with SecureCRT and openssl

Using a version of Openssl I created a root Certificate and private key

openssl req -nodes -config conf/openssl.cnf -days 3650 -x509 -newkey rsa:1024 -out public/root.pem -outform PEM

For the SSH client (secureCRT ) i created a certificate to be signed

openssl req -new -newkey rsa:1024 -nodes -keyout user1/user1_rsa.key -out user1/user1_rsa.pem

I then signed the certificate

openssl ca -config conf/openssl.cnf -out user1/user1_cert.pem -in user1/user1_rsa.pem

I concatenated the resulting cert and the users private key

cat user1_rsa.key user1_cert.pem > user1_id

I copied the user1_id file to the windows 7 machine where i installed SecureCRT.

within the SecureCRT GUI I created a new SSH session that I am trying to use to ssh to our DUT (SSH server that supports x.509 certs)
In the Sessions options dialog box I select SSH--->authentication.

Highlight PublicKey and select properties

Within the public key properties dialog box I selected "use session public key setting and then "use id or cert file"

I point to the certificate file that was concatenated above and select ok (a fingerprint shows up in the MD5 dialog box )

I then add the user and host IP and try to connect. A dialog box appears asking if i want to accept the host key. I select save.

the client fails to log into our DUT (below is the trace output from SecureCRT.

Can you tell from the tace what the error is ?? If i use this same cert on an openssh client (again build with RP patch) the client connects successfully.

 

thank you for any help you can provide.

[LOCAL] : SSH2Core version 7.0.0.326
[LOCAL] : Connecting to x.x.x.x:xx ...
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_3.5p1'
[LOCAL] : CAP : Remote can re-key
//snip
SecureCRT - Version 7.0.0 (build 326)
//snip
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint: 8e:73:2a:48:d9:3f:dc:01:43:30:5f:19:b0:32:09:b3]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint: 8e:73:2a:48:d9:3f:dc:01:43:30:5f:19:b0:32:09:b3]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
Public-key authentication with the server for
user admin failed. Please verify username and
public/private key pair.
Password: [LOCAL] : SENT : USERAUTH_REQUEST [password]

[LOCAL] : RECV : AUTH_SUCCESS
//snip

Last edited by miked; 08-28-2012 at 02:02 PM. Reason: Redacting potentially sensitive information
Reply With Quote