MBS SSH using publickey authentication

Does anyone have any experience using the publickey authentication mode of the MBS SSH class?

I’ve been using the MBS SSH username/password mode for a long time and it works great. Now I need to access servers that require a public/private key pair to authenticate and so far I’m not having any luck.

There are some inconsistencies in the documentation and the actual function call parameters so I’m wondering which ones are right and if they’re known to actually work.

eg The docs say: SSH2SessionMBS.UserAuthPublicKeyFromFile(UserName as string, publickey as folderitem, privatekey as folderitem, Passphrase as string)
But the Xojo autocomplete says the publickey and privatekey are strings instead.

I’ve also tried passing the keys directly to this version SSH2SessionMBS.UserAuthPublicKeyFromMemory, but also without luck. I keep getting Error -19…

Has anyone been successful with MBS SSH publickey authentication?

as you see on the documentation page, we have three variants there:
http://www.monkeybreadsoftware.net/class-ssh2sessionmbs.shtml

So you can pass file paths as folderitem or string.
Or with UserAuthPublicKeyFromMemory pass the keys right away as string in memory.

Ah, thanks I only had noticed the one file and one memory variants.

In any case can you confirm that the publickey approach is working in the plugin?

I’d also like to verify exactly the format of the strings passed to the memory version… eg do I send the headers or just the key text itself, with the carriage returns embedded or stripped, etc…

This public key pair does work when I use ssh via the terminal command line, so I may try tcpdump or sniffing to see exactly what the differences are… but any suggestions would be appreciated…

With current plugins it should work.
I remember that I once helped a client to get it to work and it works for them.

Great, that’s good to know.

The ssh that runs in a terminal window has a -v Verbose option that displays what it’s doing as it negotiates with the server side.

Is there any kind of logging or verbose mode that I can enable in your ssh plugin to help see what’s going on during the call to UserAuthPublicKeyFromMemory? Currently the only feedbackI get is a -19 error code when the call returns, but I’d like to see what’s leading up to that point…

Thanks,
Joe

that’s error kErrorPublickeyUnverified.

You can pass empty string for public key as private key is important.
The key must use LF as line ending, not CR.
And it should be in PEM format.

For future reference of others, I can verify that the publickey authentication mode of Christian’s MBS SSH class does work great, and it’s very straightforward to use.

My issue was in accidentally not using the same username in the call to SSH2SessionMBS.UserAuthPublicKeyFromMemory, as I had used when calling SSH2SessionMBS.UserAuthList My code had only been partially updated to work with a publickey and those two calls were physically far enough apart that I updated one and not the other. Once I fixed that it immediately worked perfectly.

Christian, thanks for another invaluable plugin!

Thanks