Problems w/public key auth

[emai...@gmail.com]

Trying to use public key auth with a password protected RSA (2048) keypair created w/OpenSSH (OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011) using 'ssh-keygen -t rsa' on Mac OS X w/SSHJ 0.15.0 and Oracle JDK 1.8.0_77. Verified keypair and password works using ssh directly. When trying to use SSHJ I get the following exception:

net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
    at net.schmizz.sshj.SSHClient.auth(SSHClient.java:232)
    at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:331)
    at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:350)
    at com.foo.bar.baz.Client2.main(Client2.java:53)
Caused by: net.schmizz.sshj.userauth.UserAuthException: Problem getting private key from PKCS8KeyFile{resource=[PrivateKeyFileResource] /Users/foo/.ssh/bar_id_rsa}
    at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:61)
    at net.schmizz.sshj.userauth.method.AuthPublickey.sendSignedReq(AuthPublickey.java:74)
    at net.schmizz.sshj.userauth.method.AuthPublickey.handle(AuthPublickey.java:45)
    at net.schmizz.sshj.userauth.UserAuthImpl.handle(UserAuthImpl.java:136)
    at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:490)
    at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:107)
    at net.schmizz.sshj.transport.Decoder.received(Decoder.java:175)
    at net.schmizz.sshj.transport.Reader.run(Reader.java:60)
Caused by: org.bouncycastle.openssl.EncryptionException: exception using cipher - please check password and data.
    at org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
    at org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.decrypt(Unknown Source)
    at org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown Source)
    at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.readKeyPair(PKCS8KeyFile.java:143)
    at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.getPrivate(PKCS8KeyFile.java:72)
    at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:59)
    ... 7 more
Caused by: javax.crypto.BadPaddingException: pad block corrupted
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$BufferedGenericBlockCipher.doFinal(Unknown Source)
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source)
    at javax.crypto.Cipher.doFinal(Cipher.java:2165)
    ... 13 more

Code looks like this:

String user = "f...@bar.com";
String host = "target.bar.com";
String privateKey = "/Users/foo/.ssh/bar_id_rsa";
String passPhrase = "supersecret#>12424)sauce";
String knownHosts = "/Users/foo/.ssh/known_hosts";

int port = 12345;

SSHClient sshClient = new SSHClient();
sshClient.loadKnownHosts(new File(knownHosts));
sshClient.connect(host, port);

try{
    OpenSSHKeyFile keyProvider = new OpenSSHKeyFile();
    keyProvider.init(new File(privateKey), new StaticPasswordFinder(passPhrase));
    sshClient.authPublickey(user, keyProvider);

static class StaticPasswordFinder implements PasswordFinder {
    private char[] password;
    public StaticPasswordFinder( String password ) {
        this.password = password.toCharArray();
    }
    public char[] reqPassword(net.schmizz.sshj.userauth.password.Resource<?> resource) {
        return password;
    }
    public boolean shouldRetry(net.schmizz.sshj.userauth.password.Resource<?> resource) {
        return false;
    }
}

[Jeroen van Erp]

Hi,

Could you create an issue in Github with all the information, and preferably a reproduction testcase. I quickly looked at the code, and have no clue why it should break as it does. Did you try different passphrases, or try to generate a new key. Does it always happen, or only with this specific combo?

Regards,

Jeroen

--
You received this message because you are subscribed to the Google Groups "sshj-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sshj-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jeroen van Erp]

Do you have the JCE unlimited cryptography extensions loaded?

Regards,

Jeroen