sshdump fails to connect with private key (ssh-rsa)
Summary
sshdump fails to connect with private key (ssh-rsa)
Steps to reproduce
Try using sshdump
to connect to a server with private key in rsa-ssh
format:
.\sshdump.exe --extcap-interface=sshdump.exe --remote-host <hostname> --remote-port 22 --remote-username root --remote-capture-command 'tcpdump -U -i eth0 -w -' --fifo=capture.pcap --capture --sshkey C:\Users\<username>\.ssh\id_rsa --log-level noisy
What is the current bug behavior?
** (sshdump:13848) 19:08:39.093064 [Capchild INFO] -- Opening ssh connection to root@<hostname>:22
** (sshdump:13848) 19:08:39.648770 [Extcap INFO] C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\extcap\ssh-base.c:112 -- create_ssh_connection(): Connecting using public key in C:\Users\<username>\.ssh\id_rsa...
** (sshdump:13848) 19:08:39.650937 [Extcap INFO] C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\extcap\ssh-base.c:123 -- create_ssh_connection(): failed (The key algorithm 'ssh-rsa' is not allowed to be used by PUBLICKEY_ACCEPTED_TYPES configuration option)
** (sshdump:13848) 19:08:39.652430 [Extcap INFO] C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\extcap\ssh-base.c:144 -- create_ssh_connection(): Connecting using standard public key...
** (sshdump:13848) 19:08:39.654763 [Extcap INFO] C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\extcap\ssh-base.c:149 -- create_ssh_connection(): failed
** (sshdump:13848) 19:08:39.656713 [sshdump WARNING] C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\extcap\sshdump.c:253 -- ssh_open_remote_connection(): Error creating connection.
** (sshdump:13848) 19:08:39.657735 [sshdump WARNING] C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\extcap\sshdump.c:274 -- ssh_open_remote_connection(): Can't find a valid authentication. Disconnecting.
What is the expected correct behavior?
sshdump
connects to the ssh server and starts packet capture
Build information
Wireshark 4.2.0 (v4.2.0-0-g54eedfc63953)
Additional information
According to this post I've found on StackOverFlow, there shoul be a way to explicitly allow the libssh
library to accept ssh-rsa
encoded private keys.