Package: libnet-ssh2-perl Version: 0.58-3 Severity: normal Dear Maintainer,
If multiple KDF rounds were used for the key's passphrase then libnet-ssh2-perl will incorrectly claim the password is wrong (even if there is no password though that last case is probably a bit moot). To reproduce use the attached Perl script and follow these steps: $ ssh-keygen -a 100 Enter file in which to save the key (/home/fgouget/.ssh/id_rsa): id_rsa_a100 Enter passphrase (empty for no passphrase): password Enter same passphrase again: password Your identification has been saved in id_rsa_a100. Your public key has been saved in id_rsa_a100.pub. $ ssh-copy-id -i id_rsa_a100 localhost $ ./pssh localhost id_rsa_a100 password username=[fgouget] hostname=[localhost] port=[22] publickey=[/home/fgouget/.ssh/id_rsa_a100.pub] privatekey=[/home/fgouget/.ssh/id_rsa_a100] password=[password] auth_publickey failed: <-19|LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED|Callback returned error> Net::SSH2::DESTROY object 0x14ce7b0 It's also possible the bug is in fact in the underlying libssh2 library. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libnet-ssh2-perl depends on: ii libc6 2.21-7 ii libgcrypt20 1.6.5-2 ii libssh2-1 1.5.0-2+b1 ii perl 5.22.1-7 ii perl-base [perlapi-5.22.1] 5.22.1-7 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages libnet-ssh2-perl recommends: ii libterm-readkey-perl 2.33-1+b1 libnet-ssh2-perl suggests no packages. -- no debconf information
#!/usr/bin/perl -w use strict; use Net::SSH2; if (!defined $ARGV[0] or $ARGV[0] !~ /(?:([^@]*)@)?([^:]*)(?::([0-9]*))?/) { print "Usage: pssh [username\@]hostname[:port] [keyname] [password]\n"; exit 1; } my ($username, $hostname, $port) = ($1, $2, $3); $username ||= $ENV{USER}; $port ||= 22; my ($publickey, $privatekey); foreach my $key ($ARGV[1], "id_rsa", "id_dsa") { if (defined $key and -f "$ENV{HOME}/.ssh/$key.pub" and -f "$ENV{HOME}/.ssh/$key") { $publickey = "$ENV{HOME}/.ssh/$key.pub"; $privatekey = "$ENV{HOME}/.ssh/$key"; last; } } my $password=$ARGV[2] || ""; print "username=[$username]\n"; print "hostname=[$hostname]\n"; print "port=[$port]\n"; print "publickey=[$publickey]\n"; print "privatekey=[$privatekey]\n"; print "password=[$password]\n"; my $ssh2 = Net::SSH2->new(); $ssh2->connect($hostname, $port) or die "connect failed: <", join("|", $ssh2->error), ">\n"; $ssh2->debug(1); $ssh2->auth_publickey($username, $publickey, $privatekey, $password) or die "auth_publickey failed: <", join("|", $ssh2->error), ">\n"; print "The authentication worked!!!\n"; my $chan1 = $ssh2->channel(); $chan1->blocking(1); $chan1->exec('hostname'); my $buf; $chan1->read($buf, 100); print "Got: $buf\n"; $chan1->close;