0

I am trying to connect to a Avocent ACS6000 with SSH using c# WinForms. The follow code is successful when trying to connect to a Windows SSH Server.

But it does not work on the desired device throws exception

exception : No suitable authentication method found to complete authentication (publickey,keyboard-interactive)

I've found the following solutions but either not match for my problem or I don't know how to use them.

IS IT POSSIBLE to force windows to include the hmac-sha2-512 argument by default. So when I try to connect it will always use this algorithm ? Using Putty it prompts me to accept the key and it works perfect.

(code using using Renci.SshNet)

sshclient = new SshClient(IPadress, port,  username, password);
try
{
    OutputRichTextBox.AppendText("SSH Conecting..." + Environment.NewLine);
    sshclient.Connect();
    if (sshclient.IsConnected == true)
    {
        OutputRichTextBox.AppendText("Connected to Server" + Environment.NewLine);
    }
    else
    {
        OutputRichTextBox.AppendText("Ping failed." + Environment.NewLine);
    }
}
catch
{
    OutputRichTextBox.AppendText("Error : Not Connected" + Environment.NewLine);
}

I first tested it to the Windows Server CommandPrompt using the ssh root@x.x.x.x and it connects successfully. But to the Avocent device it requires to ssh root@x.x.x.x -m hmac-sha2-512 command

When trying to connect without the last argument with CMD:

C:\Users\User>ssh root@x.x.x.x
The authenticity of host 'x.x.x.x (x.x.x.x)' can't be established.
ED25519 key fingerprint is SHA256:(**key**).
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to 10.1.10.47 port 22: message authentication code incorrect
Hex
  • 23
  • 3
  • The equivalent of OpenSSH `-m` in SSH.NET is `ConnectionInfo.HmacAlgorithms`. Though I'm not sure I understand your question. What do you mean by *"force windows"*? How can it be that the device *"requires .... `-m hmac-sha2-512`*? It rather looks like the device is buggy. – Martin Prikryl Apr 22 '23 at 14:39
  • @MartinPrikryl The device is not buggy. I've tested more windows clients ( that prompts the same error ) and a macOS client that does not prompt the same error. So I think its a matter of configuration of the SSH Client. So, I thought if there is a configuration of the openSSH client in windows that can include this argument by default. Thank you for your answer, I will try it – Hex Apr 22 '23 at 19:56
  • @MartinPrikryl I can't figure out how to set HmacAlgorithm – Hex Apr 22 '23 at 20:33
  • 1) That MacOS client works does not show that the device is not buggy. You should not need to explicitly select algorithm to use. The client and the server should pick an algo both support. If they pick algo that does not work, it likely means one side has the algo implemented incorrectly. I find it way more likely it's the device-side, rather then OpenSSH. 2) I assume you need to `.Remove` all algos from `HmacAlgorithm` except for `hmac-sha2-512`. 3) Though were HMAC the actual issue, I do not think your SSH.NET connection would get as far as to failing an authentication. – Martin Prikryl Apr 23 '23 at 05:54

1 Answers1

0

You should add this to your ssh config file (C:\Users\<username>\.ssh):

Host <your_host_ip>
    MACs hmac-sha2-512

p.s. If you do not have config file, create it.

Inqex
  • 1
  • 1