Permission denied (publickey)

Core Shell Ask for Support
1

Dear Support,

I am a MacOS user. I have just updated to core shell v3.6 and core helper v6.6 today.

After that, I tried to connect to my company remote server that using private and public keys for authentication. Core shell always returned error message below:

17:10:47 Connecting…
17:10:47 Using Core Helper 6.6 (r3386)
17:10:48 Authenticating…
17:10:50 csoon1@js.sicap.com: Permission denied (publickey).
17:10:50 Abnormal Disconnect

Besides that, I also try to use MacOS "Terminal" to manually access my company remote server using the same command from core shell below. I can access it successfully.

Equivalent Command: ssh -4 -i "/Users/soonchaihsiung/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa" -o PubkeyAuthentication=yes -o ExitOnForwardFailure=yes -o ServerAliveInterval=240 -o HostKeyAlgorithms=ssh-dss,ssh-rsa -o ServerAliveCountMax=3 -p 22 csoon1@js.sicap.com

Also, before update the core shell to v3.6, it works pretty fine, no issue connect to my company remote server.

Therefore, I do not know what has been changed in the new version and caused me blocked here.

This is very urgent as I always use core shell and core tunnel for my daily works.

Best regards,
Soon.

Add images

2

Dear Soon, Core Shell/ Tunnel 3.6.1 have been released, please upgrade to version 3.6.1, and don't forget disable Core Helper (if you didn't enable it before version 3.6).

BTW, if you still face this issue, please set Log Level to DEBUG3 and send me a desensitized log:

Kindly Regards,

Yang

3

Dear Yang,

From the Apple Store, I only received Core Shell/tunnel v3.6 updates. There is still no v3.6.1 yet. Kindly check if both has been released to Apple.

Also, I am using Core Helper all the while.

Here are the debug3 logs detail:
core_shell_debug3_25nov.log (7.8 KB)

Kindly investigate. Thanks!

Best regards,
Soon.

4

Dear Soon,

These lines tell the real cause:

03:15:17 debug1: Next authentication method: publickey
03:15:17 debug1: Offering public key: /Users/username/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa RSA SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx explicit
03:15:17 debug1: send_pubkey_test: no mutual signature algorithm
03:15:17 debug2: we did not send a packet, disable method
03:15:17 debug1: No more authentication methods to try.
03:15:17 my-remote-host: Permission denied (publickey).

The RSA SHA-1 hash algorithm is deprecated by recent OpenSSH releases, please check this article for solution:

In order to re-enable ssh-rsa support, please go to Settings > Advanced Options of the profile, set PubkeyAcceptedAlgorithms to +ssh-rsa

:warning: Re-enabling ssh-rsa support is a security risk, and should only be done as a temporary measure/workaround while affected users switch to a key generated using a more secure algorithm.

Kindly Regards,

Yang

5

Dear Yang,

I only managed to find "PubkeyAcceptedAlgorithms" in the profile. So I added "+ssh-rsa" there. So, it works now.

But, I have another ssh issues when I try to use proxy jump function in the connection. Please see the debug log attached.
permission denied (publickey) case2.log (14.5 KB)

Kindly help to check it. Thanks!

Soon.

6

12:28:19 [js.sicap.com] debug1: send_pubkey_test: no mutual signature algorithm

You sent a RSA public key to the bastion host, it's the same cause as above case.

To solve this issue, edit ~/.ssh/config file, add a rule like this:

Host js.sicap.com
    PubkeyAcceptedAlgorithms +ssh-rsa

Anyway, I'd recommend you regenerate your private keys ASAP, since RSA key support will be removed from OpenSSH eventually.

Kindly Regards,

Yang

7

Dear Yang,

Yes, I have reported this issue back to my company IT.

Thank you so much for your response and configurations. Really appreciated.

BEST REGARDS,
Soon.

1 Like