Ask Your Question

SSH remote capture private key can't connect

asked 2017-11-19 08:56:35 +0000

NOYB gravatar image

Getting error using the SSH remote capture interface with key only authentication.

Error by extcap pipe: * (sshdump.exe:2128): WARNING *: Error creating connection: Can't find a valid authentication. Disconnecting

Tuning off key only authentication on the remote system and using password works. The private key works in WinSCP.

edit retag flag offensive close merge delete


Assuming this is done on Windows, with an unknown target. Are there any protections on the private key (eg. passphrase?). Is a key agent being used?

Jaap gravatar imageJaap ( 2017-11-19 10:18:21 +0000 )edit

Yes Wireshark on Windows. Target is FreeBSD 11.1. Have tried with both protected and unprotected private key. No, a key agent is not being used. Note, the same private key (both protected and unprotected) works in WinSCP.

NOYB gravatar imageNOYB ( 2017-11-19 10:34:26 +0000 )edit

Have you tried connecting via putty or another windows client with full logging turned on? My idea is, that the path might not be provided correctly, and therefore the id file either does not get loaded at all, or is the wrong one selected.

rknall gravatar imagerknall ( 2018-07-06 11:13:40 +0000 )edit

strangely enough appears to be no one uses ssh capture from windows machines with key authentication instead of password. I have exactly the same situation as @NOYB. And yes, I can connect using putty from same machine. What's wrong with wireshark sshdump?

daliokas gravatar imagedaliokas ( 2020-07-17 14:12:39 +0000 )edit

Same problem, different circumstance. Can't get it to work even just with username and password.

The credentials are fine, I can SSH from most other applications to the box in question with the same creds, but fails from Wireshark's SSH capture interface:

Error by extcap pipe: * (sshdump.exe:35516): WARNING *: Error creating connection: Can't find a valid authentication. Disconnecting

The only other program that is also having an issue is plink (which is my normal go to for streaming remote captures into wireshark, hence why I was playing with the SSH interface in the first place....)

The following command shows the avaliable auth methods. I would have expected it to work...

ssh -p 22 -o PreferredAuthentications=none Permission denied (publickey,password).

SimpleOne gravatar imageSimpleOne ( 2020-07-24 03:52:34 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2020-07-25 23:21:37 +0000

SimpleOne gravatar image

updated 2020-07-25 23:23:58 +0000

The other obvious thing to check is that your key doesn't have a passphrase on it. Alternatively, if it does, make sure you are providing the passphrase to wireshark each time you attempt to capture from SSH (it doesn't store the passphrase, it must be provided anew each time).

My situation was different, I traced this back to the user account that I was attempting to login with, had an invalid shell setup on the host in /etc/passwd.

Why it was working with most other terminals is a bit of a mystery, but I suspect it's because with those programs you can explicitly set the shell you want to use for that connection (which I had done).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2017-11-19 08:56:35 +0000

Seen: 6,991 times

Last updated: Dec 30 '20