Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 05-14-2020, 01:42 PM
cigoldstein cigoldstein is offline
Registered User
 
Join Date: May 2020
Posts: 3
SSH Agent Keys stop working after 6 are loaded

I use SecureCRT to connect to a production environment where ssh keys are required. I have agent forwarding enabled, and load the keys in the following menu:

Tools --> Manage Agent Keys

On this screen, I can click "Add" to load ssh keys. It lets me load all 8 ssh keys that I'm trying to use, but only the first 6 that are loaded actually work. Every key after the 6th one doesn't work.

I know that the issue is not the keys themselves. I can re-order the same 8 working keys and the result is always the same: the first 6 work, and the last 2 don't.

Any ideas why this might be happening? Thanks in advance.
  #2  
Old 05-14-2020, 03:43 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 1,034
When you have keys loaded in the agent, and you don't specify which key to use in the session options (by pointing to the corresponding correct key file in the Public Key properties window of the SSH2 category), the only thing SecureCRT can possibly do is to try each of the keys one by one until one of the following scenarios occurs:
  • One of the keys works. (YAY!)

    OR

  • The server disconnects you because there have been too many failed authentication attempts.

    OR

  • All of the keys are tried and none of them are recognized by the remote system.

Typically you'll be able to learn more about the "why" if you inspect a Trace Options Debug log.

If after 6 "unsigned" attempts the server disconnects you, then it's likely because you've worn out your authentication welcome on the server.

SecureCRT has no way of knowing which key will work if you don't specify the correct key in session options by pointing to the corresponding key file.
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
  #3  
Old 05-14-2020, 05:45 PM
cigoldstein cigoldstein is offline
Registered User
 
Join Date: May 2020
Posts: 3
Hi Jake,

This makes complete sense, and seems to be exactly what's happening. When I turn on "Trace Options", I can see it trying the first 6 keys, and then failing 6 times before the server returns "Too many authentication failures" and closes the connection.

When I go "Session Options" for a particular session, I don't see any way to specify which keys to use in the "SSH2" section (I have two keys that I need to use per session). How do I tell the session which keys to use?

Thanks!
  #4  
Old 05-15-2020, 08:43 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 1,034
Quote:
Originally Posted by cigoldstein View Post
When I go "Session Options" for a particular session, I don't see any way to specify which keys to use in the "SSH2" section (I have two keys that I need to use per session). How do I tell the session which keys to use?
Here's how to configure a session-specific public key:
  1. Open your Session Options and navigate to the SSH2 category.

  2. Select the PublicKey method in the Authentication list and press the [Properties...] button.

  3. In the Public Key Properties window, choose the Use session public key option

  4. Enable the Use identity or certificate file optoin and specify the path to the key file you desire to use.
    Although you can specify the path to either the .pub file or the private key file, I recommend specifying a path to the private key file.
  5. Press [OK] to save your changes to the Public Key Properties.
  6. Press [OK] again to save your changes to the session configuration.
You can only configure one specific public key file to be used on a session-specific basis.

Can you tell me more about your need to configure two separate keys for a single session?

--Jake
Attached Images
File Type: png SCRT_SessionOptions_ConfigureSessionSpecificPublicKey.png (142.0 KB, 133 views)
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
  #5  
Old 05-15-2020, 09:46 AM
cigoldstein cigoldstein is offline
Registered User
 
Join Date: May 2020
Posts: 3
Quote:
Can you tell me more about your need to configure two separate keys for a single session?
I would be happy to elaborate on my use case further, but I'd prefer to do it privately. Please reach out to me to discuss this in more detail, if you'd like.

Thank you for your assistance. This was extremely helpful.
  #6  
Old 05-15-2020, 09:55 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 1,034
Quote:
Originally Posted by cigoldstein View Post
I would be happy to elaborate on my use case further, but I'd prefer to do it privately. Please reach out to me to discuss this in more detail, if you'd like.
If you'd like to continue to conversation, please send email to support@vandyke.com, and in the subject use: ATTN: Jake - Forum thread #14178.
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Closed Thread

Tags
forwarding , keys , ssh , ssh agent


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 08:11 PM.