SSH Key Authentication Fails with macOS Ventura

[mauroa]

When I try to authenticate with an RSA SSH key from Windows into macOS Ventura, I get a Permission denied (publickey). error. However, If I run the same code against macOS Monterrey, it works correctly.
I'm attaching a repro solution so you can give it a try.

Repro Steps:

• Pre-requisites:

  • Copy the content of the testKey.pub file (included in the test project) into /Users/.<userName>/ssh/authorized_keys in the Mac

• Assign the corresponding values to the host and userName variables in the Program.cs file of the attached project

• Build and run the console app

Expected Results: the console should connect to the host with the given username and included private key (testKey)

Current Results: the console doesn't connect and show a Permission denied (publickey). error instead

Notes:

• The attached SSH key pair has been generated using this command: ssh-keygen -b 2048 -t rsa -m PEM -f "<filePath/>" -q -N "<passPhrase/>"

• If I try to SSH connect to macOS Ventura with a Windows command prompt using the same key, it works correctly

SshNetVenturaRepro.zip

[mauroa]

Update: I tried debugging SSH.NET and I'm seeing that the server returns an SSH_MSG_USERAUTH_FAILURE. However, I'm not seeing any log in sshd in the Mac. On the other hand, If I use the same code sample but using password authentication, it works correctly. What is strange is that from a Windows command prompt and doing ssh -i "C:\Users\<user>\Downloads\SshNetVenturaRepro\SshNetVenturaRepro\testKey" user@ipaddress it works correctly, so it looks like the key format is supported but something in the SSH.NET code is conflicting with the server

[mauroa]

Update 2: I tried generating a key pair with another key format (ssh-keygen -t ecdsa -b 521), and it worked. So it looks like the issue is with RSA keys, however using the same RSA keys from a Windows command prompt works, so I don't think the issue is on the server side

[mauroa]

Update 3: Looks like the latest SSH.NET public version doesn't include support for ECDSA :/, but the latest develop does

[vallgrenerik]

@mauroa Do you know if this is related to this:
?
Is this being worked on? 😊

[giccifelipe]

I'm having the same issue as you @vallgrenerik, can't get the pair to work. Everything is with the latest version, both windows vs and mac/xcode.

I can't find the solution anywhere 😞

[vallgrenerik]

@giccifelipe
Found this Temporary fix until VS gets updated:
https://stackoverflow.com/questions/74215881/vs-2022-wont-connect-with-mac-after-ventura-upgrade
Remember to reboot Mac and restart VS on your windows machine 👍

[giccifelipe]

@vallgrenerik
not sure I did it right:

1. add those lines at the bottom of the sshd_config (located at the 'Macintosh HD'/etc/ssh/... folder):
   HostkeyAlgorithms +ssh-rsa
   PubkeyAcceptedAlgorithms +ssh-rsa
   
2. reboot mac
3. reboot vs

still getting the screen:

Any thoughts?

[giccifelipe]

@vallgrenerik I've managed to get working after doing a full reboot, shutting down both OSs. thanks.

[mauroa]

Just to confirm everyone concerns, the Pair To Mac error is directly related to this issue. However, VS is releasing a fix for it sooner than later. Please follow this ticket in order to keep updated: https://developercommunity.visualstudio.com/t/Impossible-to-connect-to-Remote-Mac-Host/10163760

[phu-mai-jemmic]

This solution works for me
0. (Backup ~/.ssh/ folder)

1. If your ssh config and private/public keys are in /etc/ssh/ before upgrading the MacOS

• copy ssh_config to ~/.ssh/config
• copy all private/public keys to ~/.ssh/

2. Adding the following lines at the end of ~/.ssh/config

HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1

[Pratap22]

As the solution mentioned by @phu-mai-jemmic and @giccifelipe works for rsa keys, but do you know how to fix it for ecdsa keys?

[WojciechNagorski]

Fixed by #1177 and #1180

[WojciechNagorski]

Version 2023.0.0 has been published https://www.nuget.org/packages/SSH.NET/2023.0.0