LogMeTT.com • Autoconnect
Page 1 of 2

Autoconnect

Posted: Tue May 24, 2005 10:27 am
by Juju
Hi everybody,

First thanks to yutaka for going on devlopping on the TTERM project and to boris for answering for often to everybody's question.

So here a small question:

Iwant to make a TTL script to autologin on a firewall with no login/passwd but only public/private key file.

Is it possible ?
Can i Use putygen ? Wich kind of key to I generate DSA / RSA ?

What is the FULL exact syntax : connect x.x.x.x:22 /ssh2 etc...

Thanks in advance !

Juju :wink:

Posted: Wed May 25, 2005 3:01 pm
by Yutaka Hirata
Hi,

TeraTerm 4.15 can support auto-login with public key authentication.

Example:
ttermpro.exe 192.168.1.3:22 /ssh /auth=publickey /user=yutaka /passwd=foo /keyfile=id_rsa

Posted: Wed Jun 01, 2005 2:13 pm
by juju
thanks but it's not exactly what I want to do.

I want to do this from MACRO file.

And where to you enter your passphrase ? :roll:

Thanks a lot

Which use ?

Posted: Wed Jun 01, 2005 2:45 pm
by juju
In fact the problem come from TeraTERM which refuse to read my private key.

I try ti generate with puttygen or Openssh 3.5 without success.

With OPENSSH i have this error

ASN1_CHECK_TLEN: Wrong TAG

My identity file look like that
-----BEGIN DSA PRIVATE KEY-----
AAAAFQCKR62x2nmhDzDOOnWMA0sx25PEDQ
...
...
...
-----END DSA PRIVATE KEY-----

Posted: Wed Jun 01, 2005 3:19 pm
by Yutaka Hirata
Hi,

I upload your wanted macro in the following site:

http://sleep.mat-yan.jp/~yutaka/windows ... 2login.ttl

Problem ...still

Posted: Wed Jun 01, 2005 3:44 pm
by juju
Thnak Yutaka, your cute :lol:

In fact you can forget my previous question.

I generate key with TeraTERM. It looks like the same than openSSH...

Ok here the problem I get.

I successfully log into my device, but Ihave a blank windows wich closed as soon as I strike one key.

Here the TTSSHLOG:

---------------------------------------------------------------------
Initiating SSH session at Wed Jun 01 17:35:25 2005
Received server prologue string: SSH-2.0-NetScreen
SSH2_MSG_KEXINIT was sent
SSH2_MSG_KEXINIT is receiving
SSH2_MSG_KEXDH_INIT was sent
SSH2_MSG_NEWKEYS is received(DH key generation is completed).
Server reports supported authentication method mask = 44
Entering secure mode
SSH2_MSG_SERVICE_REQUEST was sent.
SSH2_MSG_SERVICE_ACCEPT is received.
SSH2_MSG_USERAUTH_REQUEST was sent(method 2)
User authentication is successful and SSH heartbeat thread is starting.
SSH2_MSG_CHANNEL_OPEN was sent.
SSH2_MSG_CHANNEL_REQUEST was sent at handle_SSH2_open_confirm().
SSH2_MSG_CHANNEL_SUCCESS is received(nego_status 1).
SSH2_MSG_CHANNEL_REQUEST was sent at handle_SSH2_channel_success().
SSH2_MSG_CHANNEL_SUCCESS is received(nego_status 2).
Terminating SSH session...


Here my macro script
connect '10.186.10.146:22 /ssh /auth=publickey /user=admin /passwd=toto /keyfile=id_dsa'


Thanks for your help

Posted: Thu Jun 02, 2005 3:52 pm
by Yutaka Hirata
Hi,

Q1.
Can you successfully login to NetScreen server without TeraTerm macro?

Q2.
If NetScreen server log can be retrieved, please show me the log.

login with rsa_id

Posted: Fri Jun 03, 2005 8:48 am
by juju
Hi Yutaka,

Q1: Yes and no:
YES: I can log successfully with /password type, MAcro or with Teraterm directly
NO: Ican't log successfully with publickey, Macro or with Teraterm directly

Here the log of the server:
With password (success):
10:40:52 Admin user netscreen has logged on via SSH from 10.186.9.176:3616
10:40:52 SSH: Password authentication successful for admin user 'admin' at host 10.186.9.176

With publickey (unsuccess):
SSH: PKA authentication successful for admin user '' at host 10.186.9.176.
....
nothing else
:roll:

Detail log of the ssh server

Posted: Fri Jun 03, 2005 9:08 am
by juju
Sorry I made a mistake, i got much more detail log of the netscreen ssh server.

I lauchn TeraTerm, enter IP/login/passphrase and the private key and I got a blank windows. I wait 10 sec, When I strike a key the windows gone.

Here the log of the ssh server :
## 11:03:20 : SSH: >>> ssh_accept_connection()
## 11:03:20 : SSH: <<< ssh_accept_connection() = 0
## 11:03:20 : SSH: >>> ssh_accept_connection()
## 11:03:20 : SSH: <<< ssh_accept_connection() = 0
## 11:03:23 : SSH: >>> ssh_accept_connection()
## 11:03:23 : SSH: <<< ssh_accept_connection() = 0
## 11:03:25 : SSH: >>> ssh_accept_connection()
## 11:03:25 : SSH: <<< ssh_accept_connection() = 3846
## 11:03:25 : --- send_init_string()
## 11:03:25 : SSH state trans: SSH_STATE_FREE(0) -> SSH_STATE_INIT(1)
## 11:03:25 : SSH netio: recv(s=24, l=64) = 25
## 11:03:25 : SSH: >>> process_init_string()
## 11:03:25 : SSH: --- process_init_string() init_string='SSH-2.0-TTSSH/2.14 Win32
' : bytes=25
## 11:03:25 : SSH: >>> ssh_remove_cr_nl(str=0x0663f0c0)
## 11:03:25 : SSH: --- ssh_remove_cr_nl() : nl=0x0663f0d8 : cr=0x00000000 : nl_len=24 : cr_len=0
## 11:03:25 : SSH: <<< ssh_remove_cr_nl(*bytes_removed=1) = 24
## 11:03:25 : SSH: <<< process_init_string() = 1
## 11:03:25 : SSH state trans: SSH_STATE_INIT(1) -> SSH_STATE_SEND_NEG(2)
## 11:03:25 : SSH message: OUT - SSH_MSG_KEXINIT(20)
## 11:03:25 : SSH netio: send(s=24, l=152) = 152
## 11:03:25 : SSH netio: send(24,,152,) = 152
## 11:03:25 : SSH: >>> ssh_remove_cr_nl(str=0x066082f0)
## 11:03:25 : SSH: --- ssh_remove_cr_nl() : nl=0x06608302 : cr=0x06608301 : nl_len=18 : cr_len=17
## 11:03:25 : SSH: <<< ssh_remove_cr_nl(*bytes_removed=2) = 17
## 11:03:25 : SSH state trans: SSH_STATE_SEND_NEG(2) -> SSH_STATE_RECV_NEG(3)
## 11:03:26 : SSH netio: recv(s=24, l=64) = 64
## 11:03:26 : SSH: >>> process_binary_frame()
## 11:03:26 : SSH: --- process_binary_frame() : buf_len=64 : packet_len=260
## 11:03:26 : SSH: <<< process_binary_frame() = 0
## 11:03:26 : extending recv() buffer
## 11:03:26 : SSH netio: recv(s=24, l=128) = 128
## 11:03:26 : SSH: >>> process_binary_frame()
## 11:03:26 : SSH: --- process_binary_frame() : buf_len=192 : packet_len=260
## 11:03:26 : SSH: <<< process_binary_frame() = 0
## 11:03:26 : extending recv() buffer
## 11:03:26 : SSH netio: recv(s=24, l=128) = 72
## 11:03:26 : SSH: >>> process_binary_frame()
## 11:03:26 : SSH: --- process_binary_frame() : buf_len=264 : packet_len=260
## 11:03:26 : SSH: --- process_binary_frame() : padding_len =11 : message_type=20
## 11:03:26 : SSH message: IN - SSH_MSG_KEXINIT(20)
## 11:03:26 : SSH: <<< process_binary_frame() = 1
## 11:03:26 : --- process_kex_neg()
## 11:03:26 : SSH state trans: SSH_STATE_RECV_NEG(3) -> SSH_STATE_RECV_DH_KEX(5)
## 11:03:26 : SSH netio: recv(s=24, l=320) = 144
## 11:03:26 : SSH: >>> process_binary_frame()
## 11:03:26 : SSH: --- process_binary_frame() : buf_len=144 : packet_len=140
## 11:03:26 : SSH: --- process_binary_frame() : padding_len =6 : message_type=30
## 11:03:26 : SSH message: IN - SSH_MSG_KEXDH_INIT(30)
## 11:03:26 : SSH: <<< process_binary_frame() = 1
## 11:03:26 : SSH message: OUT - SSH_MSG_KEXDH_REPLY(31)
## 11:03:26 : SSH state trans: SSH_STATE_RECV_DH_KEX(5) -> SSH_STATE_SEND_DH_KEX(4)
## 11:03:26 : SSH netio: send(s=24, l=640) = 640
## 11:03:26 : SSH netio: send(24,,640,) = 640
## 11:03:26 : SSH state trans: SSH_STATE_SEND_DH_KEX(4) -> SSH_STATE_SEND_NEW_KEYS(7)
## 11:03:26 : SSH netio: recv(s=24, l=320) = 16
## 11:03:26 : SSH message: OUT - SSH_MSG_NEWKEYS(21)
## 11:03:26 : SSH netio: send(s=24, l=16) = 16
## 11:03:26 : SSH netio: send(24,,16,) = 16
## 11:03:26 : SSH state trans: SSH_STATE_SEND_NEW_KEYS(7) -> SSH_STATE_RECV_NEW_KEYS(6)
## 11:03:26 : SSH: >>> process_binary_frame()
## 11:03:26 : SSH: --- process_binary_frame() : buf_len=16 : packet_len=12
## 11:03:26 : SSH: --- process_binary_frame() : padding_len =10 : message_type=21
## 11:03:26 : SSH message: IN - SSH_MSG_NEWKEYS(21)
## 11:03:26 : SSH: <<< process_binary_frame() = 1
## 11:03:26 : SSH state trans: SSH_STATE_RECV_NEW_KEYS(6) -> SSH_STATE_CONNECTING(8)
## 11:03:26 : SSH: >>> ssh_accept_connection()
## 11:03:26 : SSH: <<< ssh_accept_connection() = 0
## 11:03:29 : SSH: >>> ssh_accept_connection()
## 11:03:29 : SSH: <<< ssh_accept_connection() = 0
## 11:03:32 : SSH: >>> ssh_accept_connection()
## 11:03:32 : SSH: <<< ssh_accept_connection() = 0
## 11:03:34 : SSH netio: recv(s=24, l=320) = 52
## 11:03:34 : SSH message: IN - SSH_MSG_SERVICE_REQUEST(5)
## 11:03:34 : SSH message: OUT - SSH_MSG_SERVICE_ACCEPT(6)
## 11:03:34 : SSH netio: send(s=24, l=52) = 52
## 11:03:34 : SSH netio: send(24,,52,) = 52
## 11:03:34 : SSH netio: recv(s=24, l=320) = 320
## 11:03:34 : extending recv() buffer
## 11:03:34 : SSH netio: recv(s=24, l=128) = 128
## 11:03:34 : extending recv() buffer
## 11:03:34 : SSH netio: recv(s=24, l=128) = 128
## 11:03:34 : extending recv() buffer
## 11:03:34 : SSH netio: recv(s=24, l=128) = 12
## 11:03:34 : SSH message: IN - SSH_MSG_USERAUTH_REQUEST(50)
## 11:03:34 : SSH auth: >>> process_auth_request(ip=10.186.9.176, port=3690)
## 11:03:34 : SSH auth: --- process_auth_request() : admin=netscreen service=ssh-connection method=publickey
## 11:03:34 : SSH auth: --- process_auth_request(): auth_req=1 alg='ssh-dss'
## 11:03:34 : SSH auth: >>> ssh_pka_auth(name=netscreen, auth_req=1)
## 11:03:34 : SSH key: >>> sshv2_pka_query_pka_key(vsys=Root, name=netscreen, type=1, index=1) : sys_up_sec=1954
## 11:03:34 : SSH key: >>> sshv2_pki_req_query_pka_key(vsys=Root, name=netscreen, key_type=1)
## 11:03:34 : SSH key: <<< sshv2_pki_req_query_pka_key() = 1
## 11:03:34 : SSH key: >>> sshv2_pki_recv_query_pka_key(*ssh_key=00000000)
## 11:03:34 : SSH key: --- sshv2_pki_recv_query_pka_key() : vsys=Root : count=1
## 11:03:34 : SSH key: <<< sshv2_pki_recv_query_pka_key(*ssh_key=066077c0) = 1 (found=1)
## 11:03:34 : SSH key: <<< sshv2_pka_query_pka_key() = ssh_key=066077c0{type=1} : sys_up_sec=1954
## 11:03:34 : SSH auth: >>> ssh_key_verify(key_type=1, signaturelen=55, datalen=518)
## 11:03:34 : SSH auth: <<< ssh_key_verify() = 1
## 11:03:34 : SSH auth: <<< ssh_pka_auth() = 1
## 11:03:34 : SSH message: OUT - SSH_MSG_USERAUTH_SUCCESS(52)
## 11:03:34 : SSH netio: send(s=24, l=36) = 36
## 11:03:34 : SSH netio: send(24,,36,) = 36
## 11:03:34 : SSH auth: <<< process_auth_request(aaid=0) = 1
## 11:03:34 : SSH netio: recv(s=24, l=704) = 60
## 11:03:34 : SSH message: IN - SSH_MSG_CHANNEL_OPEN(90)
## 11:03:34 : --- process_channel_open()
## 11:03:34 : SSH message: OUT - SSH_MSG_CHANNEL_OPEN_CONFIRMATION(91)
## 11:03:34 : SSH netio: send(s=24, l=52) = 52
## 11:03:34 : SSH netio: send(24,,52,) = 52
## 11:03:34 : SSH netio: recv(s=24, l=704) = 76
## 11:03:34 : SSH message: IN - SSH_MSG_CHANNEL_REQUEST(98)
## 11:03:34 : SSH conn: >>> process_channel_request()
## 11:03:34 : SSH conn: channel_id=6, request_type_name=pty-req, want_reply=0
## 11:03:34 : SSH conn: <<< process_channel_request() = 0
## 11:03:34 : SSH netio: recv(s=24, l=704) = 44
## 11:03:34 : SSH message: IN - SSH_MSG_CHANNEL_REQUEST(98)
## 11:03:34 : SSH conn: >>> process_channel_request()
## 11:03:34 : SSH conn: channel_id=6, request_type_name=shell, want_reply=0
## 11:03:34 : SSH conn: >>> ssh_create_shell()
## 11:03:34 : SSH conn: <<< ssh_create_shell() = 1
## 11:03:34 : >>> ssh_2nd_console_authentication(un='', vsys='Root')
## 11:03:34 : <<< ssh_2nd_console_authentication(aaid=0) = 0
## 11:03:34 : SSH conn: <<< process_channel_request() = 0
## 11:03:35 : SSH: >>> ssh_accept_connection()
## 11:03:35 : SSH: <<< ssh_accept_connection() = 0
## 11:03:38 : SSH: >>> ssh_accept_connection()
## 11:03:38 : SSH: <<< ssh_accept_connection() = 0
## 11:03:41 : SSH: >>> ssh_accept_connection()
## 11:03:41 : SSH: <<< ssh_accept_connection() = 0
## 11:03:43 : SSH netio: recv(s=24, l=704) = 44
## 11:03:43 : SSH message: IN - SSH_MSG_CHANNEL_DATA(94)
## 11:03:43 : SSH state trans: SSH_STATE_CONNECTING(8) -> SSH_STATE_CLOSE(99)
## 11:03:43 : SSH conn: >>> ssh_free_shell()
## 11:03:43 : SSH conn: <<< ssh_free_shell()
## 11:03:43 : SSH state trans: SSH_STATE_FREE(0) -> SSH_STATE_FREE(0)


regards

Juju

deteil log

Posted: Fri Jun 03, 2005 9:11 am
by juju
As you see, I use user : "netscreen".

In the log the smiley have been inserted instead of 8 and ) =>8 ) without space between eight and )

Posted: Fri Jun 03, 2005 12:06 pm
by boris
Hi Juju,

There is an option 'Disable Smilies in this post' that you can use while posting your messages. Registered users of this forum can also go back and modify their earlier posted messages if needed. Registration if free and actually requires only to choose user name and password you will use.

I updated your last posting and it is free from smilies now.

thanks

Posted: Fri Jun 03, 2005 12:41 pm
by juju
Thanks thousand times boris ! :wink:

Posted: Mon Jun 06, 2005 3:57 pm
by Yutaka Hirata
Hi juju,

## 11:03:43 : SSH netio: recv(s=24, l=704) = 44
## 11:03:43 : SSH message: IN - SSH_MSG_CHANNEL_DATA(94)
## 11:03:43 : SSH state trans: SSH_STATE_CONNECTING(8) -> SSH_STATE_CLOSE(99)
## 11:03:43 : SSH conn: >>> ssh_free_shell()
## 11:03:43 : SSH conn: <<< ssh_free_shell()
## 11:03:43 : SSH state trans: SSH_STATE_FREE(0) -> SSH_STATE_FREE(0)


Did you enter the key between SSH_MSG_CHANNEL_DATA and SSH_STATE_CONNECTING in TeraTerm window?
Also can you login to the server with PuTTY or OpenSSH?

Thanks.

Posted: Mon Jun 06, 2005 4:56 pm
by juju
Hi yutaka,

First question:
I dont understand well the question. In fact I use the teraterm windows. I fill all fields: Username, passphrase and private key and I click OK !
And so I have a blank windows. When I made a mistake on the password for the passphrase i have an error message. That's mean I fill correctly all the fields !

Second question: Yes with Putty it's work and with OpensSH too.

Posted: Mon Jun 06, 2005 9:12 pm
by mekanik
To get started, thanks to Yutaka / Boris for their contributions to the existing Tera Term package.

Now to add my $0.02 to the penny pile. I used to use autoconnect sessions to SSH1 enable nodes using the old TTSSH package using a private-key with no problems. With TTSSH2, I'm not able to accomplish this to the same node running an SSH2 daemon. There appears to be a negotiation failure of the keys during the authentication process. Just my thoughts.

-mekanik

Posted: Tue Jun 07, 2005 12:12 pm
by Guest
I should also add that I've tested this with PuTTY and the SSH client from ssh.com and was able to successfully autoconnect to the SSH2 node using public-key auth.

I've tried with TTSSH2 by pre-configuring my TERATERM.ini file, from the command line and by filling in the fields and it still fails.

**NOTE**: I also did not set a passphrase on my key-pair, so all I have to do, is send a username and my private-key and I should be able to autoconnect like PuTTY and the SSH (ssh.com) client.

-mekanik

Posted: Tue Jun 07, 2005 12:19 pm
by mekanik
Anonymous wrote:I should also add that I've tested this with PuTTY and the SSH client from ssh.com and was able to successfully autoconnect to the SSH2 node using public-key auth.

I've tried with TTSSH2 by pre-configuring my TERATERM.ini file, from the command line and by filling in the fields and it still fails.

**NOTE**: I also did not set a passphrase on my key-pair, so all I have to do, is send a username and my private-key and I should be able to autoconnect like PuTTY and the SSH (ssh.com) client.

-mekanik


I forgot to login prior to posting. Sorry.

Posted: Tue Jun 07, 2005 1:14 pm
by mekanik
Here is the error that I'm receiving when I'm trying to use publickey auth. This is the same whether I fill in the privatekey field or put it in the TERATERM.ini file.
read error SSH2 private key file
error:0906D06C:PEM routines:PEM_read_bio:no start line


I get the error message on keys with the following format:

Code: Select all

---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: <username>
Comment: <comment info>
[-=- key info removed -=-]
---- END SSH2 ENCRYPTED PRIVATE KEY ----


-mekanik

Posted: Tue Jun 07, 2005 3:33 pm
by Yutaka Hirata
Hi,

I think that it is difficult to solve this problem. I will try to think the result of this problem. Please wait a moment.

Posted: Wed Jun 08, 2005 2:21 am
by mekanik
Yutaka Hirata wrote:Hi,

I think that it is difficult to solve this problem. I will try to think the result of this problem. Please wait a moment.


TTSSH1 supported public-key auth with no problems. Can you take a look at the TTSSH1 source under the "ttxssh" directory to see if that can help? Or is it that TTSSH1 and TTSSH2 are totally different implemtations that it won't help? Thanks Yutaka.

-mekanik

Posted: Wed Jun 08, 2005 12:18 pm
by mekanik
Yutaka, I've done some more testing and I've re-formatted my private-key to the format that TeraTerm generates the keys in. I then tried to use publickey auth and it appears that TeraTerm choked on my key length. The following is the error message that I receive:

Code: Select all

read error SSH2 private key file
error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long


I usually generate pretty large keys. I checked and found that the number of lines in the TeraTerm generated key is 16lines (this includes the blank line at the end). My number of lines in my key is 40lines (this includes the blank line at the end).

This may help with the debugging.

-mekanik

hello

Posted: Fri Jun 10, 2005 3:20 pm
by juju
Hi yutaka,

Have you some news to my problem ? :(

Do you need more logs ? :roll:

Thanks for helping me :cry:

Posted: Fri Jun 10, 2005 4:29 pm
by Yutaka Hirata
Hi JuJu,

I am sorry for not replying you.
Now I am investigating TeraTerm source code to solve your problem. I think that the investigation is too long time.

Thanks

Posted: Mon Jun 13, 2005 9:20 am
by juju
Hi yuitaka,

Thanks for trying to solve my problem.

If you need anything, ask me, i would be happy to help you :o

juju :wink:

Posted: Thu Jun 30, 2005 2:19 am
by mekanik
Yutaka,

Have you been able to find out any additional information in regards to using public-key auth and why it fails with the error messages that I've provided? Regards,

-mekanik