Unable to connect - Host key not verified/Authentication Failed

Discussion of open issues, suggestions and bugs regarding network security and data protection solution - SecureBridge
Post Reply
stuartclennett
Posts: 7
Joined: Wed 16 Dec 2020 13:10

Unable to connect - Host key not verified/Authentication Failed

Post by stuartclennett » Wed 16 Dec 2020 13:25

Hello everyone,

I have inherited a Delphi project that connected to a webserver via SSH for MySQL access. I now have to move webservers - unfortunately the person who set up the original webserver & wrote the program is not available and I am new to SecureBridge (and not that familiar with SSH either)

My problem is that I cannot get SSH Client access working against the new server - I keep getting "host key not verified". Then when I try the code provided in the STFPClient demo, I get "Authentication Failed: publickey"

(My bigger problem is that the original server gets turned off in Jan 2021 and I am powerless to prevent it)

Here's what I've done.

- I generated a new Key using PuttyGen. (RSA 2048)
- Exported the public key & private key
- Added the public key to my web server through Plesk (see screen shot)
- Imported the key to the TscFileStorage component - and the two fingerprints match.

When I run the program it drops into the "OnServerKeyValidate" method - which runs the sample code I added from the SFTPClient demo, and I find a "emsb2.key" file in my program folder. The next run picks up that file & I get the same "Authentication Failed Publickey"

Interestingly the Fingerprint of the received key does not match any on the server (not sure if this is significant).

I also note that I get an "emsb2.key" file generated in a sub folder that is literally "\$(Platform)\$(Config)\" so I moved that over to the Win32\Debug\ folder -- yet when I do that I get "Host key not verified"

Here's my connect code: https://pastebin.com/JCr1Vryn

Hoping someone can tell me what I'm doing wrong.

I can provide a sample project.

Thanks in advance.

*Edit: I can login via PuTTY on Windows using the Puttygen PPK file*

stuartclennett
Posts: 7
Joined: Wed 16 Dec 2020 13:10

Re: Unable to connect - Host key not verified/Authentication Failed

Post by stuartclennett » Thu 17 Dec 2020 15:11

Solution:

The fingerprint of the key I was getting was that of the server - not my authentication keys.

I just needed to use the code from this thread to store the key : viewtopic.php?f=27&t=40688&p=171590#p171590

Then I needed to import my PPK file using coding from this thread: viewtopic.php?t=36626

This ppk file (from PuTTYgen) is the actual authentication.

Here's my updated connection code if it will help anyone else https://pastebin.com/GPGXVCzi

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: Unable to connect - Host key not verified/Authentication Failed

Post by ViktorV » Mon 21 Dec 2020 12:21

Thank you for the interest to our product.
We are glad to see you have found a solution.
For authentication, SSH uses two different keys: server and client. The server key is used to authenticate the SSH server and is checked on the client. Its name is specified in the TScSSHClient.HostKeyName property.
The client key is used to authenticate the client and is checked on the SSH server. Its name is specified in the TScSSHClient.PrivateKeyName property. Note that the private key contains a public key and this bundle is one key.
If the SFTP server is configured for public key access, to solve your problem you can use the following recommendations:
- import your private key into the TScStorage successor in the designtime or runtime:
- set the TScSSHClient.Authentication property to atPublicKey;
- in the TScSSHClient.PrivateKeyName property, specify the name of the private key from TScStorage.
Note that identical names for the public key on the server and the private key in the client are not allowed. When importing the private key, set the value of TScKey.KeyName different from HostName.

stuartclennett
Posts: 7
Joined: Wed 16 Dec 2020 13:10

Re: Unable to connect - Host key not verified/Authentication Failed

Post by stuartclennett » Mon 21 Dec 2020 12:25

Dear Viktor,

Thanks for your explanation - it was very helpful.

I imported the key using the .ppk file from PuTTYgen which worked. I had been confusing the server key received initially with the authentication key. Once I realised the difference, it all made more sense.

Best regards & seasons greetings,

Stuart

ViktorV
Devart Team
Posts: 3168
Joined: Wed 30 Jul 2014 07:16

Re: Unable to connect - Host key not verified/Authentication Failed

Post by ViktorV » Mon 21 Dec 2020 13:05

It is good to see that the issue has been solved.
If you have any questions during using our products, please don't hesitate to contact us - and we will try to help you solve them.

VarkGripper
Posts: 1
Joined: Fri 13 May 2022 19:28

Re: Unable to connect - Host key not verified/Authentication Failed

Post by VarkGripper » Fri 13 May 2022 19:33

I keep getting the same error and It also seem to ignore the storage path and gives error message:
[Devart][ODBC][MySQL]Cannot open file.
“C:\Windows\SysWOW64\77.72.1.17.ppk”. The system cannot find the file specified
I tried storing the file in this location (not happy as a secure folder) but still same error.
Not able to use any of the options to "Ignore Error" as I am just using ODBC and SSH.
This works fine on Putty and Dev Mysql driver.

Post Reply