Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Reply
 
Thread Tools Display Modes
  #1  
Old 12-10-2017, 02:09 PM
JaTu JaTu is offline
Registered User
 
Join Date: Aug 2012
Posts: 17
8.31 error: Keys of type ecdsa-sha2 are not currently supported

This is a fresh install to a brand new laptop. I was just export/import:ing my old data from old laptop, but none of my ECDSA-keys seem to work.

That's really weird, same 8.31 64-bit install on both Windows 10 machines. Other one working, other one "not supported".

Any ideas what to try?

Regards,
Jari Turkia
Reply With Quote
  #2  
Old 12-11-2017, 08:51 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,026
Hi Jari,

You use "working" and "not working" phrases frequently, but please elaborate.

Are both SecureCRT installations connecting to the same remote?

And publickey authentication fails on one SecureCRT installation and not the other?

It's often useful to see trace options output which provides debugging information that may help us better understand the problem that you're experiencing.

To enable trace options output:
  • First, open SecureCRT's main File pull-down menu and select Trace Options. If you open the File pull down menu again you should see a checkmark next to Trace Options, indicating that troubleshooting output is now enabled.
  • Next, connect to the remote machine. With trace options enabled, you will notice debugging information displayed in the terminal window that isn't normally there by default when SecureCRT is attempting to establish a connection, and at certain times throughout the lifetime of the connection.
  • Once the problem occurs, please right-click inside the terminal window and choose Select All, then right-click again and choose Copy to transfer the information to the clipboard.
  • Finally, open a text editor, paste the information from the clipboard into the editor program, and save it as a text file.
Since trace options can contain sensitive information, feel free to send it as an attachment via email to support@vandyke.com. Please reference "Attn Brenda - Forum Thread #12936" in the subject line. Please attach trace options output from both a failed and successful connection to the email you send to support.

NOTICE: The requested troubleshooting data may include sensitive information (usernames, passwords, publicly-accessible host names or IP addresses, etc.).

Please redact sensitive information that would not be appropriate for email communication prior to sending the requested information.

If there is sensitive information that must be conveyed in order to provide a complete picture of the scenario you're facing, please let us know and we will set up a secure upload mechanism that can be used.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 12-11-2017, 11:46 AM
JaTu JaTu is offline
Registered User
 
Join Date: Aug 2012
Posts: 17
Ok.

First:
SecureCRT at least since version 8.1.4 is on suitable conditions capable of emitting following error:


The wording in the English is: "not currently supported". So, I'd like to claim that I'm not using expression "not working" or "working" frequently in my original blog post.

Second:
On the old Windows, tracing enabled, the message I'm able to see is:
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ecdsa-sha2-nistp521) - unsigned,fingerprint (SHA-2 hash):

However, on the machine which doesn't SUPPORT ECDSA-keys, no usable trace line is available to copy/paste here. Since the ECDSA-key cannot be decrypted after appropriate password prompt, SecureCRT-login is in a forever-loop asking for credentials and ultimately I cancel the authentication attempt. The user interaction of cancelling the authentication, is appropriately logged to trace, I might add.

Still, my original claim stands. ECDSA-keys are supported on SecureCRT 8.3.1 installation on my old machine, but are apparently NOT supported on SecureCRT 8.3.1 installation on my new machine. The site configuration and keys ware imported from the old machine with export/import -functionality of SecureCRT.

Anything else you'd want me to try?

Regards,
Jari Turkia
Reply With Quote
  #4  
Old 12-11-2017, 12:15 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,026
Hi Jari,

Quote:
Anything else you'd want me to try?
Yes, I would like you to send complete trace options output to support@vandyke.com. Trying to analyze just one line, out of context, from the trace options output is not usually a good idea.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #5  
Old 12-11-2017, 03:07 PM
JaTu JaTu is offline
Registered User
 
Join Date: Aug 2012
Posts: 17
Yes, I understand that.

But this particular case is very trivial:
There is nothing in the trace to analyse. The trace does not contain anything about private key until it is sent to the server. And as the decrypting the key fails, SecureCRT does not send it to the server and thus, logs nothing.

Regards,
Jari Turkia
Reply With Quote
  #6  
Old 12-11-2017, 03:41 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,026
Hi Jari,

How was the public/private keypair created?
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply

Tags
ecdsa , elliptic-curves , private key


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 08:38 AM.