在 SSH.NET 中使用 PPK 密钥进行身份验证 [英] Authentication with PPK key in SSH.NET

问题描述

我正在创建一个用于从 SFTP 服务器下载文件的窗​​口服务.为此，我使用 Renci.SshNet 、 Renci.SshNet.Common 和 Renci.SshNet.Sftp .

I'm creating a window service for downloading files from an SFTP server. For that I'm using Renci.SshNet , Renci.SshNet.Common and Renci.SshNet.Sftp .

我有这个代码:

String Host = "HostName";
int Port = 22;
String RemoteFileDirectory =
    Convert.ToString(ConfigurationManager.AppSettings["SourcePath"]);
String Username = "UserName";
String Password = "*******";

var KeybasedMethod = new KeyboardInteractiveAuthenticationMethod(Username);
KeybasedMethod.AuthenticationPrompt +=
    (sender, e) => { e.Prompts.First().Response = password; };

AuthenticationMethod[] methods = new AuthenticationMethod[] 
{
    new PrivateKeyAuthenticationMethod(Username, new PrivateKeyFile(@"Z:SFTP SETUPCJ22")),
    KeybasedMethod
};
ConnectionInfo connectionInfo = new ConnectionInfo(hostname, username, methods);

using (var sftp = new SftpClient(connectionInfo))
{
    sftp.Connect();
    // ...
}

我得到了例外.

无效的私钥文件.

我无法弄清楚我的代码中缺少什么.

I can't figure it out that what I'm missing in my code.

以下是我使用 FileZilla 从我的客户端机器登录到服务器时得到的日志文件.

Below is the log file I'm getting at the time when I login to server from my client machine using FileZilla.

2017-04-03 16:25:19 8120 3 Status: Connecting to abc.domainname.com... 
2017-04-03 16:25:19 8120 3 Trace: Going to execute "C:Program FilesFileZilla FTP Clientfzsftp.exe" 
2017-04-03 16:25:19 8120 3 Response: fzSftp started 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started) 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::SendNextCommand() 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectSend() 
2017-04-03 16:25:19 8120 3 Command: keyfile "Z:SFTP SETUPCJ21_PVT.ppk" 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectParseResponse() 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::SendNextCommand() 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectSend() 
2017-04-03 16:25:19 8120 3 Command: keyfile "Z:SFTP SETUPCJ22_PVT.ppk" 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectParseResponse() 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::SendNextCommand() 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectSend() 
2017-04-03 16:25:19 8120 3 Command: keyfile "Z:SFTP SETUPCJ24_PVT.ppk" 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectParseResponse() 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::SendNextCommand() 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectSend() 
2017-04-03 16:25:19 8120 3 Command: keyfile "Z:SFTP SETUPCJ90_PVT.ppk" 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectParseResponse() 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::SendNextCommand() 
2017-04-03 16:25:19 8120 3 Trace: CSftpControlSocket::ConnectSend() 
2017-04-03 16:25:19 8120 3 Command: open "CJ22@abc.domainname.com" 22 
2017-04-03 16:25:19 8120 3 Trace: Looking up host "abc.domainname.com" 
2017-04-03 16:25:19 8120 3 Trace: Connecting to xxx.xxx.163.74 port 22 
2017-04-03 16:25:23 8120 3 Trace: Server version: SSH-2.0-1.82_sshlib Globalscape 
2017-04-03 16:25:23 8120 3 Trace: Using SSH protocol version 2 
2017-04-03 16:25:23 8120 3 Trace: We claim version: SSH-2.0-PuTTY_Local:_Mar_28_2014_10:34:48 
2017-04-03 16:25:24 8120 3 Trace: Doing Diffie-Hellman group exchange 
2017-04-03 16:25:24 8120 3 Trace: Doing Diffie-Hellman key exchange with hash SHA-1 
2017-04-03 16:25:25 8120 3 Trace: Host key fingerprint is: 
2017-04-03 16:25:25 8120 3 Trace: ssh-rsa 2048 6b:80:2c:5e:af:3f:2c:c7:f7:ef:4b:dd:85:55:32:fe 
2017-04-03 16:25:25 8120 3 Trace: Initialised AES-256 SDCTR client->server encryption 
2017-04-03 16:25:25 8120 3 Trace: Initialised HMAC-SHA1 client->server MAC algorithm 
2017-04-03 16:25:25 8120 3 Trace: Initialised AES-256 SDCTR server->client encryption 
2017-04-03 16:25:25 8120 3 Trace: Initialised HMAC-SHA1 server->client MAC algorithm 
2017-04-03 16:25:25 8120 3 Trace: Successfully loaded 4 key pairs from file 
2017-04-03 16:25:26 8120 3 Trace: Offered public key from "Z:SFTP SETUPCJ21_PVT.ppk" 
2017-04-03 16:25:26 8120 3 Trace: Server refused public key 
2017-04-03 16:25:26 8120 3 Trace: Offered public key from "Z:SFTP SETUPCJ22_PVT.ppk" 
2017-04-03 16:25:26 8120 3 Trace: Offer of public key accepted, trying to authenticate using it. 
2017-04-03 16:25:29 8120 3 Trace: Further authentication required 
2017-04-03 16:25:30 8120 3 Trace: Using keyboard-interactive authentication. inst_len: 0, num_prompts: 1 
2017-04-03 16:25:30 8120 3 Command: Pass: ********* 
2017-04-03 16:25:30 8120 3 Trace: Access granted 
2017-04-03 16:25:30 8120 3 Trace: Opened channel for session 
2017-04-03 16:25:31 8120 3 Trace: Started a shell/command 
2017-04-03 16:25:31 8120 3 Status: Connected to abc.domainname.com 
2017-04-03 16:25:33 8120 3 Trace: CSftpControlSocket::ConnectParseResponse() 
2017-04-03 16:25:33 8120 3 Trace: CSftpControlSocket::ResetOperation(0) 
2017-04-03 16:25:33 8120 3 Trace: CControlSocket::ResetOperation(0) 
2017-04-03 16:25:33 8120 3 Trace: CFileZillaEnginePrivate::ResetOperation(0) 
2017-04-03 16:25:33 8120 3 Status: Retrieving directory listing... 
2017-04-03 16:25:33 8120 3 Trace: CSftpControlSocket::SendNextCommand() 
2017-04-03 16:25:33 8120 3 Trace: CSftpControlSocket::ChangeDirSend() 
2017-04-03 16:25:33 8120 3 Command: cd "/" 
2017-04-03 16:25:34 8120 3 Response: New directory is: "/" 
2017-04-03 16:25:34 8120 3 Trace: CSftpControlSocket::ResetOperation(0) 
2017-04-03 16:25:34 8120 3 Trace: CControlSocket::ResetOperation(0) 
2017-04-03 16:25:34 8120 3 Trace: CSftpControlSocket::ParseSubcommandResult(0) 
2017-04-03 16:25:34 8120 3 Trace: CSftpControlSocket::ListSubcommandResult() 
2017-04-03 16:25:34 8120 3 Trace: state = 1 
2017-04-03 16:25:34 8120 3 Trace: CSftpControlSocket::SendNextCommand() 
2017-04-03 16:25:34 8120 3 Trace: CSftpControlSocket::ListSend() 
2017-04-03 16:25:34 8120 3 Trace: state = 2 
2017-04-03 16:25:34 8120 3 Command: ls 
2017-04-03 16:25:34 8120 3 Status: Listing directory / 
2017-04-03 16:25:36 8120 3 Listing: drwxrw-rw- 1 user group 0 Mar 24 2015 JKOB1 
2017-04-03 16:25:36 8120 3 Listing: drwxrw-rw- 1 user group 0 Apr 3 10:40 JKOB 
2017-04-03 16:25:36 8120 3 Trace: CSftpControlSocket::ListParseResponse() 
2017-04-03 16:25:36 8120 3 Trace: CSftpControlSocket::SendNextCommand() 
2017-04-03 16:25:36 8120 3 Trace: CSftpControlSocket::ListSend() 
2017-04-03 16:25:36 8120 3 Trace: state = 3 
2017-04-03 16:25:36 8120 3 Status: Calculating timezone offset of server... 
2017-04-03 16:25:36 8120 3 Command: mtime "JKOB" 
2017-04-03 16:25:37 8120 3 Response: 1491216040 
2017-04-03 16:25:37 8120 3 Trace: CSftpControlSocket::ListParseResponse(1491216040) 
2017-04-03 16:25:37 8120 3 Status: Timezone offsets: Server: 0 seconds. Local: 19800 seconds. Difference: 19800 seconds. 
2017-04-03 16:25:37 8120 3 Trace: CSftpControlSocket::ResetOperation(0) 
2017-04-03 16:25:37 8120 3 Trace: CControlSocket::ResetOperation(0) 
2017-04-03 16:25:37 8120 3 Status: Directory listing successful 
2017-04-03 16:25:37 8120 3 Trace: CFileZillaEnginePrivate::ResetOperation(0) 
2017-04-03 16:27:24 8120 3 Status: Disconnected from server 
2017-04-03 16:27:24 8120 3 Trace: CControlSocket::DoClose(64) 
2017-04-03 16:27:24 8120 3 Trace: CSftpControlSocket::ResetOperation(66) 
2017-04-03 16:27:24 8120 3 Trace: CControlSocket::ResetOperation(66) 
2017-04-03 16:27:24 8120 3 Trace: CFileZillaEnginePrivate::ResetOperation(66) 
2017-04-03 16:27:24 8120 3 Trace: CControlSocket::DoClose(64) 
2017-04-03 16:27:24 8120 3 Trace: CControlSocket::DoClose(64) 
2017-04-03 16:27:24 8120 3 Trace: CFileZillaEnginePrivate::ResetOperation(0)

我已经从这里和其他来源一个接一个地尝试了多种解决方案，但都没有奏效.如果您有任何建议，我们非常欢迎.

I've tried multiple solution from here and from other sources one after another but none of them worked. If you've any suggestion then it's more than welcome.

推荐答案

SSH.NET 不支持 .ppk 密钥文件.您必须使用 PuTTYgen 将 .ppk 密钥转换为 OpenSSH 格式.

SSH.NET does not support .ppk key files. You have to use PuTTYgen to convert the .ppk key to OpenSSH format.

请参阅如何将使用 PuTTYgen (Windows) 生成的 SSH 密钥对转换为 ssh-agent 和 Keychain (Linux) 使用的密钥对.

原始答案，在编辑问题之前:

您正在 FileZilla 中使用多因素私钥和键盘交互式身份验证:

You are using multifactor private key and keyboard interactive authentication in FileZilla:

2017-04-03 16:25:26 8120 3 跟踪:从Z:SFTP SETUPCJ22_PVT.ppk"提供公钥
2017-04-03 16:25:26 8120 3 跟踪:接受提供的公钥，尝试使用它进行身份验证.
2017-04-03 16:25:29 8120 3 Trace:需要进一步验证
2017-04-03 16:25:30 8120 3 跟踪:使用键盘交互式身份验证.inst_len: 0, num_prompts: 1
2017-04-03 16:25:30 8120 3 命令:通过:************
2017-04-03 16:25:30 8120 3 跟踪:授予访问权限

2017-04-03 16:25:26 8120 3 Trace: Offered public key from "Z:SFTP SETUPCJ22_PVT.ppk"
2017-04-03 16:25:26 8120 3 Trace: Offer of public key accepted, trying to authenticate using it.
2017-04-03 16:25:29 8120 3 Trace: Further authentication required
2017-04-03 16:25:30 8120 3 Trace: Using keyboard-interactive authentication. inst_len: 0, num_prompts: 1
2017-04-03 16:25:30 8120 3 Command: Pass: *********
2017-04-03 16:25:30 8120 3 Trace: Access granted

虽然您在代码中使用了简单的密码验证:

While, you are using simple password authentication in your code:

using (var sftp = new SftpClient(Host, Port, Username, Password))

你怎么能指望这会奏效?

How can you even expect this to work?

要实现多因素身份验证，您必须使用ConnectionInfo.

To implement multifactor authentication, you have to use ConnectionInfo.

var keybInterMethod = new KeyboardInteractiveAuthenticationMethod(username);
keybInterMethod.AuthenticationPrompt +=
    (sender, e) => { e.Prompts.First().Response = password; };

AuthenticationMethod[] methods = new AuthenticationMethod[] {
    new PrivateKeyAuthenticationMethod(username, new PrivateKeyFile(privateKey)),
    keybInterMethod
};
ConnectionInfo connectionInfo = new ConnectionInfo(hostname, username, methods);

using (var sftp = new SftpClient(connectionInfo))
{
    sftp.Connect();

    // ...
}

这篇关于在 SSH.NET 中使用 PPK 密钥进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！