ED25519 key files cannot be loaded on Windows

[GaryA50]

Describe the bug
ED25519 key pairs don't work to connect to ubuntu server

To Reproduce

from pssh.clients import SSHClient
import sys
import traceback

class SSHComm():
    def __init__(self):
        try:
            self.client = SSHClient("192.168.0.201", user="ubuntu", 
			pkey="c:\\Users\\Admin\\.ssh\\piubuntu_ed25519", timeout=5, 
			allow_agent=False)
        except: 
            print("Server connection", sys.exc_info())

Expected behavior
The key pair should authenticate to allow communications.

Actual behaviour
The code fails with AuthenticationError.

Additional information
System: parallel-ssh v2.5.4, Win 10 Pro v10.0.19401, Microsoft openssh v7.7.2.1, Python v3.8.6, Ubuntu-server 20.04

The ED25519 key pair was created using ssh-keygen -t ED25519.

The key pair also fails when pkey is deleted and allow_agent=True

However, the same ED25519 key pair is used successfully to make a connection to the server using cli and ssh agent.

The same result occurred with a second ED25519 key pair.

If an rsa key pair is used instead, the code above works as expected after pkey is changed to the name of the rsa key.

[pkittenis]

Hello,

Thanks for the interest and report. Have used ED25519 keys many times myself with no issues.

Can you enable debug logging and post the complete output of the above code?

from pssh.utils import enable_debug_logger

enable_debug_logger()
<code>

[GaryA50]

There are three blocks below. The first shows the output from enable_debug_logger. The second shows the output from the print() in my code. The third shows the successful authentication from the command line without entry of password. Note that Welcome to Ubuntu was shown three times after the first login from the command line, but only once the second time. I'm wondering if that is a result of the three unsuccessful authentications by parallel-ssh.

Connecting to 192.168.0.201:22
Proceeding with private key file authentication
Proceeding with private key file authentication
Proceeding with private key file authentication

Server connection (<class 'pssh.exceptions.AuthenticationError'>, AuthenticationError('Authentication error while connecting to %s:%s - %s', '192.168.0.201', 22, FileError()), <traceback object at 0x0000014BD4943D80>)

PS C:\Windows\System32> ssh [email protected]
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-1029-raspi aarch64)

• Documentation: https://help.ubuntu.com
• Management: https://landscape.canonical.com
• Support: https://ubuntu.com/advantage

System information as of Mon Mar 8 20:58:26 UTC 2021

Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-1029-raspi aarch64)

• Documentation: https://help.ubuntu.com
• Management: https://landscape.canonical.com
• Support: https://ubuntu.com/advantage

System information as of Mon Mar 8 20:58:26 UTC 2021

Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-1029-raspi aarch64)

• Documentation: https://help.ubuntu.com
• Management: https://landscape.canonical.com
• Support: https://ubuntu.com/advantage

System information as of Mon Mar 8 20:58:26 UTC 2021

System load: 1.29 Temperature: 31.2 C
Usage of /: 2.6% of 109.78GB Processes: 146
Memory usage: 8% Users logged in: 0
Swap usage: 0% IPv4 address for eth0: 192.168.0.201

ubuntu@ubuntu:~$ logout
Connection to 192.168.0.201 closed.
PS C:\Windows\System32> ssh [email protected]
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-1029-raspi aarch64)

• Documentation: https://help.ubuntu.com

• Management: https://landscape.canonical.com
  Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-1029-raspi aarch64)

• Documentation: https://help.ubuntu.com

• Management: https://landscape.canonical.com

• Support: https://ubuntu.com/advantage

System information as of Mon Mar 8 21:04:25 UTC 2021

System load: 1.0 Temperature: 37.0 C
Usage of /: 2.6% of 109.78GB Processes: 140
Memory usage: 8% Users logged in: 0
Swap usage: 0% IPv4 address for eth0: 192.168.0.201

Last login: Mon Mar 8 20:58:28 2021 from 192.168.0.113
ubuntu@ubuntu:~$

[pkittenis]

Can you show output of ssh -v [email protected] -i <key file>. FileError means the private key file provided could not be loaded.

[GaryA50]

To get single \ in path to file on first line in Github Preview tab, I had to use \\ on the Github Write tab. Also, all the \\ on the Preview tab were \\\\ on the write tab and were copied directly from powershell.

PS C:\Windows\System32> ssh -v [email protected] -i c:\\Users\\Admin\\.ssh\\piubuntu_ed25519
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Connecting to 192.168.0.201 [192.168.0.201] port 22.
debug1: Connection established.
debug1: identity file c:\\\\Users\\\\Admin\\\\.ssh\\\\piubuntu_ed25519 type 3
debug1: key_load_public: No such file or directory
debug1: identity file c:\\\\Users\\\\Admin\\\\.ssh\\\\piubuntu_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.201:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:7AWqFUm+6tRdfO31h3IeoYlYEba/LBddhUpipUjCT3k
debug1: Host '192.168.0.201' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\Admin/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected]>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: ED25519 SHA256:/dwUGC1CQ11uZRDemY0tszAeUXwoy30E8TWLl7Amod4 c:\\\\Users\\\\Admin\\\\.ssh\\\\piubuntu_ed25519
debug1: Server accepts key: pkalg ssh-ed25519 blen 51
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.0.201 ([192.168.0.201]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: console supports the ansi parsing
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug1: Remote: /home/ubuntu/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/ubuntu/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-1029-raspi aarch64)

[pkittenis]

Best to try generating the key on linux instead of windows - have used such keys on windows clients successfully. It looks like libssh2 might not be able to read windows generated key files.

If you can attach a new key generated on windows here - one you are not using - that would be helpful to debug with.

Also, can surround text blocks with ``` in order to stop github formatting it.

[GaryA50]

I generated a new ED25519 key in Ubuntu 20.04 and tested on Windows SSH client without success. Then, I tested that key as well as a Windows generated key in Ubuntu SSH client and they both worked perfectly. Did you use Microsoft OpenSSH in Windows?

Attached is a key generated on Windows.
Test key.zip

[pkittenis]

new ED25519 key in Ubuntu 20.04 and tested on Windows SSH client without success

Have never used Window's ssh tools. OpenSSH generated keys on linux work on windows clients, by clients meaning this library, not window's openssh tools.

The windows tools are supposed to be openssh so a key generated on linux openssh not working on windows openssh sounds like an openssh issue.

[GaryA50]

I see that my terminology was not correct in our last exchange. I'll rephrase.
It does not matter whether the ED25519 key is created in linux or windows. It works in parallel-ssh in linux, but does not work in parallel-ssh in windows.

Also, if the ED25519 file is replaced by an rsa file, it works in parallel-ssh in both OS. Password works, too.

Here is stripped down code I used to test in both OS.

from pssh.clients import SSHClient
import sys
import traceback
from pssh.utils import enable_debug_logger

class SSHComm():
    def __init__(self):
        enable_debug_logger()
        try:
            # Ubuntu-server, ethernet, passing private key from windows
            self.client = SSHClient("192.168.0.201", user="ubuntu", 
                timeout=5, pkey="c:\\Users\\Admin\\.ssh\\piubuntu2_ed25519",
                allow_agent=False)
            # Ubuntu-server, ethernet, passing private key from ubuntu
            # self.client = SSHClient("192.168.0.201", user="ubuntu", 
            #     pkey="~/.ssh/piubuntu2_ed25519", timeout=5, 
            #     allow_agent=False)
        except: print("Server connection", sys.exc_info())


print("Initializing SSHComm()")
SSHComm()
print("Finished with initialization")

Aside from this issue, which I can work around, parallel-ssh is performing well for me. Thanks for your work.

[pkittenis]

Have used ED25519 and ECDSA keys with parallel-ssh on windows, yes. Let me confirm they work with latest version as well.

The only instance I've seen of them not working on Windows is from self-built ssh2-python that uses WinCNG instead of OpenSSL for a crypto back-end. Those key types are only supported with OpenSSL.

If parallel-ssh was installed via pip, it has installed a binary wheel of ssh2-python with OpenSSL included. If self-building.. my only suggestion is don't.

[GaryA50]

Testing has been done using two configurations, both including parallel-ssh installed with pip. The first configuration started with a minimal conda environment. The second was on a different computer with python installed directly in windows without use of any environment.

[pkittenis]

Have been able to reproduce - ED25519 keys cannot be loaded on windows. Same key can be loaded on linux.

ECDSA keys work on windows.

It could be an issue with windows wheel builds or a bug with libssh2 - yet to confirm.