Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Reply
 
Thread Tools Display Modes
  #16  
Old 12-12-2017, 03:37 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 930
Quote:
Did you see the .exe-part in md5sum run?
No. I missed that. Sorry!

The only time I can think of where SecureCRT would prompt you for the passphrase before verifying with the server that it has the unsigned public key portion, is when the .pub file isn't present for SecureCRT to load. In such cases, SecureCRT must then load the private key to then extract the public key.

For the sake of example -- I'm not trying to pry information from you that you are not comfortable sharing -- let's say your private key file could be named something like id_ecdsa.
Is there a corresponding id_ecdsa.pub file on the old SecureCRT machine that does not exist on the new SecureCRT machine?
And, if it's not there on your new machine, what if you copy that .pub file over from the old machine and put it in the same location as your private key file... do things now work for you?

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
  #17  
Old 12-13-2017, 12:04 AM
JaTu JaTu is offline
Registered User
 
Join Date: Aug 2012
Posts: 17
Solved!

Yes, adding the public-part of the key solves the problem. Thank you!

Since there is no mathematical requirement for both parts of the key to exist on the same machine, and no other SSH-client to my knowledge requires that, the guy who wrote import/export-tool to SecureCRT didn't bother transferring the public keys either. But it seems, that on my old machine, the public keys are all there.

It was couple years back, when I first used ECDSA-keys with SecureCRT and I must have somehow figured that out back then, but I have no recollection of ever doing that.

Suggestions:
  • Add tracing about private key, especially if something fails with it
  • Re-visit the ECDSA-usage, drop the public-key requirement
  • Make sure import/export is capable of transferring all the required information and files
  • Finally: Make some sense to the error message when ECDSA-key cannot be used!

Regards,
Jari Turkia
Reply With Quote
  #18  
Old 12-13-2017, 09:11 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 930
Quote:
Originally Posted by JaTu View Post
Yes, adding the public-part of the key solves the problem. Thank you!
Good to hear.

Quote:
Originally Posted by JaTu View Post
Since there is no mathematical requirement for both parts of the key to exist on the same machine, and no other SSH-client to my knowledge requires that, the guy who wrote import/export-tool to SecureCRT didn't bother transferring the public keys either.
Sometimes it feels good to rant, doesn't it?

To be fair, our development team consists of both guys and gals, and there are times that the assumptions we make don't turn out to be sufficient for 100% of possible usage scenarios. We admit that we're not perfect, and we appreciate the opportunity to resolve problems that arise in our products.

We've created several bug reports related to the behavior you've seen and we'll gladly offer you newer versions that we hope will resolve this problem.

Quote:
Originally Posted by JaTu View Post
But it seems, that on my old machine, the public keys are all there.

It was couple years back, when I first used ECDSA-keys with SecureCRT and I must have somehow figured that out back then, but I have no recollection of ever doing that.
Older versions of our client products required both the private and the public key file to be located in the same directory. While not mathematically required, this route was seen as an efficiency where the public key would already be available so it would not have to be mathematically extracted every time a publickey authentication attempt was made.

Newer versions of our clients still prefer to have the .pub file available; so, if a .pub file doesn't exist, SecureCRT attempts to extract the public key into a corresponding .pub file. It's this action that, for ecdsa key types, was failing and generating the not-so-helpful and altogether misleading error message you were seeing.

Quote:
Originally Posted by JaTu View Post
Suggestions:
  • Add tracing about private key, especially if something fails
  • Re-visit the ECDSA-usage, drop the public-key requirement
  • Make sure import/export is capable of transferring all the required information and files
  • Finally: Make some sense to the error message when ECDSA-key cannot be used!
All the suggestions except for your first one are included as part of the incidents I've already created for our development team to investigate.

Regarding your request to add tracing about the private key, especially if something goes wrong, what specific information do you think would be most helpful for you to see?

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
  #19  
Old 12-16-2017, 01:40 AM
JaTu JaTu is offline
Registered User
 
Join Date: Aug 2012
Posts: 17
Quote:
Originally Posted by jdev View Post
Sometimes it feels good to rant, doesn't it?
Ok. Try to keep this professional and on-topic. That's not appropriate conduct.

Regards,
Jari Turkia
Reply With Quote
  #20  
Old 12-18-2017, 08:37 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 930
Quote:
Regarding your request to add tracing about the private key, especially if something goes wrong, what specific information do you think would be most helpful for you to see?
Did you want to provide any feedback regarding your request to add tracing about the private key?

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
  #21  
Old 01-24-2018, 01:30 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 3,997
Hi JaTu,

There is a new build of SecureCRT available that should be able to extract the public key file from the private key file.

Please contact support@vandyke.com if you would like me to make that available. Please include "Attn Brenda - Forum Thread #12936".

If writing from an email address other than the one associated with your VanDyke Software download account, please include the email address that *is* associated with it, if you have one.

If you do not have a VanDyke Software download account, you can register for one here.
The registration form helps ensure that we are compliant with U.S. Homeland Security export restrictions for strong encryption software. This is a one-time only requirement.
Since I would not have prior installer downloads to pattern-match on, please let me know if you need an integrated (with SecureFX) or non-integrated installer?
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply

Tags
ecdsa , elliptic-curves , private key


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 01:03 PM.