Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 08-28-2012, 12:06 PM
rciulla rciulla is offline
Registered User
 
Join Date: Aug 2012
Posts: 2
Openssl with SecureCRT

Hi,
I'm evaluating SecureCRT to see if it will work with the SSH-2 server we a developing. I apologize if this question has already been answered and or its very basic . I have not been able to find anything using the forms search tool and I am very green with SecureCRT and openssl

Using a version of Openssl I created a root Certificate and private key

openssl req -nodes -config conf/openssl.cnf -days 3650 -x509 -newkey rsa:1024 -out public/root.pem -outform PEM

For the SSH client (secureCRT ) i created a certificate to be signed

openssl req -new -newkey rsa:1024 -nodes -keyout user1/user1_rsa.key -out user1/user1_rsa.pem

I then signed the certificate

openssl ca -config conf/openssl.cnf -out user1/user1_cert.pem -in user1/user1_rsa.pem

I concatenated the resulting cert and the users private key

cat user1_rsa.key user1_cert.pem > user1_id

I copied the user1_id file to the windows 7 machine where i installed SecureCRT.

within the SecureCRT GUI I created a new SSH session that I am trying to use to ssh to our DUT (SSH server that supports x.509 certs)
In the Sessions options dialog box I select SSH--->authentication.

Highlight PublicKey and select properties

Within the public key properties dialog box I selected "use session public key setting and then "use id or cert file"

I point to the certificate file that was concatenated above and select ok (a fingerprint shows up in the MD5 dialog box )

I then add the user and host IP and try to connect. A dialog box appears asking if i want to accept the host key. I select save.

the client fails to log into our DUT (below is the trace output from SecureCRT.

Can you tell from the tace what the error is ?? If i use this same cert on an openssh client (again build with RP patch) the client connects successfully.

 

thank you for any help you can provide.

[LOCAL] : SSH2Core version 7.0.0.326
[LOCAL] : Connecting to x.x.x.x:xx ...
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_3.5p1'
[LOCAL] : CAP : Remote can re-key
//snip
SecureCRT - Version 7.0.0 (build 326)
//snip
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint: 8e:73:2a:48:d9:3f:dc:01:43:30:5f:19:b0:32:09:b3]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint: 8e:73:2a:48:d9:3f:dc:01:43:30:5f:19:b0:32:09:b3]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password]
Public-key authentication with the server for
user admin failed. Please verify username and
public/private key pair.
Password: [LOCAL] : SENT : USERAUTH_REQUEST [password]

[LOCAL] : RECV : AUTH_SUCCESS
//snip

Last edited by miked; 08-28-2012 at 02:02 PM. Reason: Redacting potentially sensitive information
Reply With Quote
 

Tags
openssl


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 04:08 PM.