Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SshConnectionException after update to 2023.0.0 with private key file #1233

Closed
kimmoonkim opened this issue Nov 3, 2023 · 24 comments · Fixed by #1283
Closed

SshConnectionException after update to 2023.0.0 with private key file #1233

kimmoonkim opened this issue Nov 3, 2023 · 24 comments · Fixed by #1283
Milestone

Comments

@kimmoonkim
Copy link

I'm getting a Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server. after upgrading to SSH.NET 2023.0.0
my code still works fine with SSH.NET 2020.0.2

I'm using a private key file to connect (connecting with another server where I have just user/pw still works fine with 2023.0.0)

I have tried this with .NET Framework 4.8 and .NET 7.0, neither works

could you please look into this?

@scott-xu
Copy link
Collaborator

scott-xu commented Nov 4, 2023

Could you please share the error details?

@kimmoonkim
Copy link
Author

I can share the stack trace here:

at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout)
at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session)
at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session)
at Renci.SshNet.ClientAuthentication.TryAuthenticate(ISession session, AuthenticationState authenticationState, String[] allowedAuthenticationMethods, SshAuthenticationException& authenticationException)
at Renci.SshNet.ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session)
at Renci.SshNet.ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory)
at Renci.SshNet.Session.Connect()
at Renci.SshNet.BaseClient.CreateAndConnectSession()
at Renci.SshNet.BaseClient.Connect()
at RenciTest.Program.Test() in C:\repos\Test\Test\Program.cs:line 121
at RenciTest.Program.Main(String[] args) in C:\repos\Test\Test\Program.cs:line 15"

Here is my test code:
private static void Test()
{
PrivateKeyFile[] key = new[] { new PrivateKeyFile("C:\repos\keys\encrypted_private.key", "passphrase") };
SftpClient client = new SftpClient("host", 5022, "user", key);
string serverFingerprint = "aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa";
client.HostKeyReceived += (sender, e) =>
{
byte[] expectedFingerPrint = ConvertFingerprintToByteArray(serverFingerprint);
string current = ConvertByteArrayToFingerprint(e.FingerPrint);
System.Console.WriteLine("server fingerprint: " + current);

            if (expectedFingerPrint.Length == e.FingerPrint.Length)
            {
                for (var i = 0; i < expectedFingerPrint.Length; i++)
                {
                    if (expectedFingerPrint[i] != e.FingerPrint[i])
                    {
                        e.CanTrust = false;
                        break;
                    }
                }
            }
            else
            {
                e.CanTrust = false;
            }
        };
        client.Connect();
        System.Console.WriteLine("connected!");
    }

Please explain how to get more useful details if needed

@Rob-Hague
Copy link
Collaborator

Rob-Hague commented Nov 6, 2023

What type of key is it? RSA? If so, could you try the following before client.Connect():

client.ConnectionInfo.HostKeyAlgorithms.Remove("rsa-sha2-512");
client.ConnectionInfo.HostKeyAlgorithms.Remove("rsa-sha2-256");

If you are then able to connect, could you add the following after client.Connect():

Console.WriteLine(client.ConnectionInfo.ServerVersion);

and post the output here?

@Rob-Hague Rob-Hague reopened this Nov 6, 2023
@Rob-Hague
Copy link
Collaborator

Sorry misclicked...

@kimmoonkim
Copy link
Author

Thank you!
I tried to remove the HostKeyAlgorithms rsa-sha2-512 and rsa-sha2-256 as you proposed but no success (same stack trace).

The key starts with
-----BEGIN RSA PRIVATE KEY-----
so I think it is a RSA key

@scott-xu
Copy link
Collaborator

scott-xu commented Nov 6, 2023

It would be helpful if you can share your server side logs.

@kimmoonkim
Copy link
Author

I don't have access to the server, but I'll try to get the logs

I tried the client.ConnectionInfo.ServerVersion with the 2020.0.2 SSH.NET nuget (where the client.Connect() is working) and it is:
SSH-2.0-JSCAPE

@Rob-Hague
Copy link
Collaborator

The surefire way to narrow down what caused it is to run a git bisect. The steps would be:

git clone https://github.com/sshnet/SSH.NET.git

cd SSH.NET/

dotnet build -f netstandard2.0 .\src\Renci.SshNet\Renci.SshNet.csproj

# Have your application reference src\Renci.SshNet\bin\Debug\netstandard2.0\Renci.SshNet.dll
# Test that your application runs (we are expecting to get the error here)

git bisect
git bisect good 2020.0.2
git bisect bad 2023.0.0

# git will then automatically checkout a commit between the two releases.
# Each time it does, run the same dotnet command
dotnet build -f netstandard2.0 .\src\Renci.SshNet\Renci.SshNet.csproj

# and then run your application and see if you get the error.
# If you do get the error, run
git bisect bad
# and if it connects OK, run
git bisect good

# If the "dotnet build" command fails on a particular commit, run
git bisect skip

After around 5 iterations, git should be able to tell you what commit caused the issue. If you could do that it would be most helpful, but I wouldn't blame you if you didn't - it's an arduous process.

@kimmoonkim
Copy link
Author

Hi! Thank you for the instructions!
I tried this but when I reference the locally built Renci.SshNet.dll I get an exception when the new SftpClient object is created because assembly SshNet.Security.Cryptography, Version=1.3.0.0 cannot be found.
Also installing the SshNet.Security.Cryptography nuget doesn't work because manifest infos don't match

Did I miss anything? sorry if it's obvious, I'm stuck

@Rob-Hague
Copy link
Collaborator

Sorry about that, I also get the error with a .NET Framework project and I don't know why. I managed to get it working with the following:

  1. Uninstall the SshNet.Security.Cryptography nuget package from your test project
  2. cd SSH.NET/ and run dotnet build .\test\Renci.SshNet.Benchmarks\
  3. Copy SSH.NET\test\Renci.SshNet.Benchmarks\bin\Debug\net7.0\SshNet.Security.Cryptography.dll into the \bin\Debug folder of your test project

Then it should work (no idea why). You should only have to do that once.

@kimmoonkim
Copy link
Author

kimmoonkim commented Nov 8, 2023

this is what git bisect said:

8732d3d is the first bad commit
commit 8732d3d
Author: Rob Hague
Date: Sat Sep 23 07:09:41 2023 +0200

Add support for RSA SHA-2 public key algorithms (#1177)

* Abstract out the hash algorithm from RsaDigitalSignature

* Add integration tests

* Add DigitalSignature property to KeyHostAlgorithm

* Add IHostAlgorithmsProvider interface

* Verify the host signature

* Fix HostKeyEventArgsTest after merge

* Remove PubkeyAcceptedAlgorithms ssh-rsa

* Add test coverage for RSA keys in PrivateKeyFile

* Obsolete IPrivateKeySource

---------

Co-authored-by: Wojciech Nagórski 

.../Common/RemoteSshdConfigExtensions.cs | 2 -
src/Renci.SshNet.IntegrationTests/Dockerfile | 1 -
.../HostKeyAlgorithmTests.cs | 72 +++----
.../PrivateKeyAuthenticationTests.cs | 65 ++++---
.../Renci.SshNet.IntegrationTests.csproj | 1 +
.../user/sshnet/authorized_keys | 3 +-
src/Renci.SshNet.TestTools.OpenSSH/SshdConfig.cs | 7 +-
.../Classes/Common/HostKeyEventArgsTest.cs | 2 +-
.../Classes/PrivateKeyFileTest.cs | 36 +++-
.../Cryptography/RsaDigitalSignatureTest.cs | 164 +++++++++++++++-
.../Classes/Security/KeyAlgorithmTest.cs | 215 +++++++++++++++++++++
src/Renci.SshNet.Tests/Common/TestBase.cs | 4 +-
src/Renci.SshNet/Common/ObjectIdentifier.cs | 16 ++
src/Renci.SshNet/ConnectionInfo.cs | 4 +
src/Renci.SshNet/IHostAlgorithmsProvider.cs | 21 ++
src/Renci.SshNet/IPrivateKeySource.cs | 17 +-
src/Renci.SshNet/NetConfClient.cs | 4 +-
src/Renci.SshNet/PrivateKeyAuthenticationMethod.cs | 27 +--
src/Renci.SshNet/PrivateKeyConnectionInfo.cs | 18 +-
src/Renci.SshNet/PrivateKeyFile.cs | 66 ++++++-
src/Renci.SshNet/ScpClient.cs | 4 +-
.../Security/Cryptography/Ciphers/RsaCipher.cs | 7 +-
src/Renci.SshNet/Security/Cryptography/DsaKey.cs | 2 +-
.../Security/Cryptography/ED25519Key.cs | 2 +-
src/Renci.SshNet/Security/Cryptography/EcdsaKey.cs | 2 +-
src/Renci.SshNet/Security/Cryptography/Key.cs | 4 +-
.../Security/Cryptography/RsaDigitalSignature.cs | 17 +-
src/Renci.SshNet/Security/Cryptography/RsaKey.cs | 8 +-
src/Renci.SshNet/Security/KeyExchange.cs | 22 +++
.../Security/KeyExchangeDiffieHellman.cs | 16 +-
src/Renci.SshNet/Security/KeyExchangeEC.cs | 20 +-
src/Renci.SshNet/Security/KeyHostAlgorithm.cs | 120 +++++++++---
src/Renci.SshNet/SftpClient.cs | 4 +-
src/Renci.SshNet/SshClient.cs | 4 +-
34 files changed, 767 insertions(+), 210 deletions(-)
create mode 100644 src/Renci.SshNet.Tests/Classes/Security/KeyAlgorithmTest.cs
create mode 100644 src/Renci.SshNet/IHostAlgorithmsProvider.cs

@Rob-Hague
Copy link
Collaborator

Rob-Hague commented Nov 8, 2023

Great, thanks for tracking it down. I will try to think about what could have caused it from that commit.

@kimmoonkim
Copy link
Author

thank you!

@Rob-Hague
Copy link
Collaborator

Please could you try both of the following? I expect at least one of them to work.

PrivateKeyFile key = new PrivateKeyFile(@"C:\repos\keys\encrypted_private.key", "passphrase");

var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;

// Keep ssh-rsa
algs.RemoveAt(0);
algs.RemoveAt(0);

SftpClient client = new SftpClient("host", 5022, "user", key);
// the rest
PrivateKeyFile key = new PrivateKeyFile(@"C:\repos\keys\encrypted_private.key", "passphrase");

var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;

// Keep rsa-sha2-512
algs.RemoveAt(2);
algs.RemoveAt(1);

SftpClient client = new SftpClient("host", 5022, "user", key);
// the rest

@kimmoonkim
Copy link
Author

Thanks!
The first one works, the second one brings the usual exception.

@Rob-Hague
Copy link
Collaborator

I downloaded JSCAPE server and unfortunately I can't reproduce the problem 🙁

@JaCraig
Copy link

JaCraig commented Nov 14, 2023

We just started with this issue since the update also and can confirm that the first solution gets us back up and working. The main one in question comes back with SSH-2.0-Axway.Gateway as the host info.

@Rob-Hague
Copy link
Collaborator

Ok thanks, the plot thickens. If anyone is willing to get some rudimentary diagnostics, that could be helpful (but might not be 😄)

You will need a debug build of the library, ideally containing b4c8291. Download the repo

git clone https://github.com/sshnet/SSH.NET.git

cd SSH.NET

dotnet build

In your project, remove any nuget reference to SSH.NET and add a reference to Renci.SshNet.dll in SSH.NET/src/Renci.SshNet/bin/Debug/

Configure diagnostics per the instructions in https://github.com/sshnet/SSH.NET/blob/54d01621aa54ce16a1523172b12be3bc9add898a/src/Renci.SshNet/Abstractions/DiagnosticAbstraction.cs (sorry). I.e.

using Renci.SshNet.Abstractions;

DiagnosticAbstraction.Source.Switch = new SourceSwitch("sourceSwitch", "Verbose");
DiagnosticAbstraction.Source.Listeners.Remove("Default");
DiagnosticAbstraction.Source.Listeners.Add(new ConsoleTraceListener());
DiagnosticAbstraction.Source.Listeners.Add(new TextWriterTraceListener("trace.log"));

Then run and dump the output of trace.log (in your bin/Debug folder) here.

@jkillingsworth
Copy link
Contributor

jkillingsworth commented Dec 27, 2023

I am running into the same problem after upgrading from 2020.0.2 to 2023.0.0. Here is the stack trace I get:

Unhandled exception. Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
   at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout)
   at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session)
   at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session)
   at Renci.SshNet.ClientAuthentication.TryAuthenticate(ISession session, AuthenticationState authenticationState, String[] allowedAuthenticationMethods, SshAuthenticationException& authenticationException)
   at Renci.SshNet.ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session)
   at Renci.SshNet.ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory)
   at Renci.SshNet.Session.Connect()
   at Renci.SshNet.BaseClient.CreateAndConnectSession()
   at Renci.SshNet.BaseClient.Connect()
   at ConsoleApp1.Program.Main()

❌ The following has no effect:

client.ConnectionInfo.HostKeyAlgorithms.Remove("rsa-sha2-512");
client.ConnectionInfo.HostKeyAlgorithms.Remove("rsa-sha2-256");

client.Connect();

❌ The following still gives me the same error:

var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;

// Keep rsa-sha2-512
algs.RemoveAt(2);
algs.RemoveAt(1);

✔️ I am able to connect successfully if I do this:

var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;

// Keep ssh-rsa
algs.RemoveAt(0);
algs.RemoveAt(0);

✔️ This also works:

var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;

// Keep all but reverse the order
algs.Reverse();

It seems like it works successfully as long as ssh-rsa is the first one in the list.

I have tried connecting to three different servers. Only one of them fails to connect without the above mentioned modifications to the key.HostKeyAlgorithms list. The misbehaving server reports SSH-2.0-Axway.Gateway as the server version. I have not been able to reproduce this problem when connecting to a server that I control.


Diagnostics - Example 1

When I run the diagnostics using a build based on the latest commit in the develop branch (currently b0d01df), this is what it writes to the trace.log file:

SshNet.Logging Verbose: 1 : Initiating connection to '//////////HOSTNAME//////////:22'.
SshNet.Logging Verbose: 1 : Server version 'SSH-2.0-Axway.Gateway'.
SshNet.Logging Verbose: 1 : [] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Performing ecdh-sha2-nistp256 key exchange.
SshNet.Logging Verbose: 6 : [] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
SshNet.Logging Verbose: 6 : [] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr server cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr client cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 server hmac algorithm.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 client hmac algorithm.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST (none)'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE password,publickey (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Shutting down socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposed socket.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting after exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 1015
   at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 985
   at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\PrivateKeyAuthenticationMethod.cs:line 95
   at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session) in C:\Users\Jim Killingswort

The trace.log file seems to be getting truncated. Here is what it prints to the console:

SshNet.Logging Verbose: 1 : Initiating connection to '//////////HOSTNAME//////////:22'.
SshNet.Logging Verbose: 1 : Server version 'SSH-2.0-Axway.Gateway'.
SshNet.Logging Verbose: 1 : [] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Performing ecdh-sha2-nistp256 key exchange.
SshNet.Logging Verbose: 6 : [] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
SshNet.Logging Verbose: 6 : [] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr server cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr client cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 server hmac algorithm.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 client hmac algorithm.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST (none)'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE password,publickey (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Shutting down socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposed socket.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting after exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 1015
   at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 985
   at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\PrivateKeyAuthenticationMethod.cs:line 95
   at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\AuthenticationMethod.cs:line 63
   at Renci.SshNet.ClientAuthentication.TryAuthenticate(ISession session, AuthenticationState authenticationState, String[] allowedAuthenticationMethods, SshAuthenticationException& authenticationException) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ClientAuthentication.cs:line 137
   at Renci.SshNet.ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ClientAuthentication.cs:line 81
   at Renci.SshNet.ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ConnectionInfo.cs:line 463
   at Renci.SshNet.Session.Connect() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 678
   at Renci.SshNet.BaseClient.CreateAndConnectSession() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\BaseClient.cs:line 551

Unhandled Exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 1015
   at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 985
   at Renci.SshNet.PrivateKeyAuthenticationMethod.Authenticate(Session session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\PrivateKeyAuthenticationMethod.cs:line 95
   at Renci.SshNet.AuthenticationMethod.Renci.SshNet.IAuthenticationMethod.Authenticate(ISession session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\AuthenticationMethod.cs:line 63
   at Renci.SshNet.ClientAuthentication.TryAuthenticate(ISession session, AuthenticationState authenticationState, String[] allowedAuthenticationMethods, SshAuthenticationException& authenticationException) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ClientAuthentication.cs:line 137
   at Renci.SshNet.ClientAuthentication.Authenticate(IConnectionInfoInternal connectionInfo, ISession session) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ClientAuthentication.cs:line 81
   at Renci.SshNet.ConnectionInfo.Authenticate(ISession session, IServiceFactory serviceFactory) in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\ConnectionInfo.cs:line 463
   at Renci.SshNet.Session.Connect() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\Session.cs:line 678
   at Renci.SshNet.BaseClient.CreateAndConnectSession() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\BaseClient.cs:line 557
   at Renci.SshNet.BaseClient.Connect() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Renci.SshNet\BaseClient.cs:line 242
   at Run.Program.Main() in C:\Users\Jim Killingsworth\Desktop\SSH.NET\src\Run\Program.cs:line 70
SshNet.Logging Verbose: 1 : Disposing client.
SshNet.Logging Verbose: 1 : Disconnecting client.

These two lines seem to be of particular interest:

SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [...] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.

Diagnostics - Example 2

I am able to connect successfully when ssh-rsa is the first one in the list.

var algs = (List<HostAlgorithm>)key.HostKeyAlgorithms;

// Keep all but reverse the order
algs.Reverse();

In this scenario, here is what it prints to the console:

SshNet.Logging Verbose: 1 : Initiating connection to '//////////HOSTNAME//////////:22'.
SshNet.Logging Verbose: 1 : Server version 'SSH-2.0-Axway.Gateway'.
SshNet.Logging Verbose: 1 : [] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Performing ecdh-sha2-nistp256 key exchange.
SshNet.Logging Verbose: 6 : [] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
SshNet.Logging Verbose: 6 : [] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr server cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr client cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 server hmac algorithm.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 client hmac algorithm.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST (none)'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'PublicKeyMessage' from server: 'SSH_MSG_USERAUTH_PK_OK (ssh-rsa)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa with signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelOpenMessage' to server: 'SSH_MSG_CHANNEL_OPEN'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelOpenConfirmationMessage' from server: 'SSH_MSG_CHANNEL_OPEN_CONFIRMATION : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelRequestMessage' to server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelSuccessMessage' from server: 'SSH_MSG_CHANNEL_SUCCESS : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : Disposing client.
SshNet.Logging Verbose: 1 : Disconnecting client.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelEofMessage' to server: 'SSH_MSG_CHANNEL_EOF : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelCloseMessage' to server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelCloseMessage' from server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'DisconnectMessage' to server: 'SSH_MSG_DISCONNECT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Shutting down socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposed socket.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.

These lines seem to be of particular interest:

SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa without signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'PublicKeyMessage' from server: 'SSH_MSG_USERAUTH_PK_OK (ssh-rsa)'.
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa with signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.

Diagnostics - Example 3

I have tried (unsuccessfully) to reproduce the problem using a local installation of OpenSSH with the following configuration.

PubkeyAcceptedAlgorithms ssh-rsa

I am still able to connect successfully with the above configuration. Here is the output:

SshNet.Logging Verbose: 1 : Initiating connection to 'localhost:22'.
SshNet.Logging Verbose: 1 : Server version 'SSH-2.0-OpenSSH_for_Windows_9.4'.
SshNet.Logging Verbose: 1 : [] Sending message 'KeyExchangeInitMessage' to server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeInitMessage' from server: 'SSH_MSG_KEXINIT'.
SshNet.Logging Verbose: 6 : [] Performing curve25519-sha256 key exchange.
SshNet.Logging Verbose: 6 : [] Sending message 'KeyExchangeEcdhInitMessage' to server: 'SSH_MSG_KEX_ECDH_INIT'.
SshNet.Logging Verbose: 6 : [] Received message 'KeyExchangeEcdhReplyMessage' from server: 'SSH_MSG_KEX_ECDH_REPLY'.
SshNet.Logging Verbose: 6 : [] Sending message 'NewKeysMessage' to server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [] Received message 'NewKeysMessage' from server: 'SSH_MSG_NEWKEYS'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr server cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating aes128-ctr client cipher.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 server hmac algorithm.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Creating hmac-sha2-256 client hmac algorithm.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ServiceRequestMessage' to server: 'SSH_MSG_SERVICE_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ServiceAcceptMessage' from server: 'SSH_MSG_SERVICE_ACCEPT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessageNone' to server: 'SSH_MSG_USERAUTH_REQUEST (none)'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-256 without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa without signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'PublicKeyMessage' from server: 'SSH_MSG_USERAUTH_PK_OK (ssh-rsa)'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa with signature.'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelOpenMessage' to server: 'SSH_MSG_CHANNEL_OPEN'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'GlobalRequestMessage' from server: 'SSH_MSG_GLOBAL_REQUEST'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelOpenConfirmationMessage' from server: 'SSH_MSG_CHANNEL_OPEN_CONFIRMATION : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelRequestMessage' to server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelWindowAdjustMessage' from server: 'SSH_MSG_CHANNEL_WINDOW_ADJUST : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelSuccessMessage' from server: 'SSH_MSG_CHANNEL_SUCCESS : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelDataMessage' to server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelDataMessage' from server: 'SSH_MSG_CHANNEL_DATA : #0'.
SshNet.Logging Verbose: 1 : Disposing client.
SshNet.Logging Verbose: 1 : Disconnecting client.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelEofMessage' to server: 'SSH_MSG_CHANNEL_EOF : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'ChannelCloseMessage' to server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelRequestMessage' from server: 'SSH_MSG_CHANNEL_REQUEST : #0'.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Received message 'ChannelCloseMessage' from server: 'SSH_MSG_CHANNEL_CLOSE : #0'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disconnecting session.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Sending message 'DisconnectMessage' to server: 'SSH_MSG_DISCONNECT'.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Shutting down socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposing socket.
SshNet.Logging Verbose: 1 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Disposed socket.
SshNet.Logging Verbose: 6 : [XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX] Raised exception: Renci.SshNet.Common.SshConnectionException: An established connection was aborted by the server.

These lines seem to be of particular interest:

SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-512 without signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) rsa-sha2-256 without signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'FailureMessage' from server: 'SSH_MSG_USERAUTH_FAILURE publickey,password,keyboard-interactive (PartialSuccess:False)'.
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa without signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'PublicKeyMessage' from server: 'SSH_MSG_USERAUTH_PK_OK (ssh-rsa)'.
SshNet.Logging Verbose: 1 : [...] Sending message 'RequestMessagePublicKey' to server: 'SSH_MSG_USERAUTH_REQUEST (publickey) ssh-rsa with signature.'.
SshNet.Logging Verbose: 6 : [...] Received message 'SuccessMessage' from server: 'SSH_MSG_USERAUTH_SUCCESS'.

In the third example above, it looks like the client negotiates with the server through a trial and error process until one of the key types is accepted by the server. In the first example, however, it looks like the server rudely disconnects if the first key type offered is not one that it accepts.

Looking at the code, I can see in PrivateKeyAuthenticationMethod.cs where it loops through each key type and breaks out of the loop if the authentication attempt comes back with a success code. The main thread sends a message on line 93 and then waits for a signal on line 95.

debug-01

Running through the erroneous scenario in the first example, the main thread never makes it past the wait on line 95 above. While the main thread is waiting, a secondary thread running the message listener in Session.cs breaks out of an infinite loop on line 1892 and then proceeds to signal an error on line 1916. See below.

debug-02

I'm in way over my head here. I'm not sure what the correct behavior should be. Is the server violating protocol by dropping the connection instead of returning a polite denial? Is the client being rude by attempting to use a key type that is not accepted by the server? Is the protocol ambiguous in this case?

@Rob-Hague
Copy link
Collaborator

Thanks very much @jkillingsworth. So we have 1x JSCAPE and 2x Axway.Gateway

Is the server violating protocol by dropping the connection instead of returning a polite denial?

That's my naïve view, based on https://datatracker.ietf.org/doc/html/rfc4252#section-7:

Any public key algorithm may be offered for use in authentication.
In particular, the list is not constrained by what was negotiated
during key exchange. If the server does not support some algorithm,
it MUST simply reject the request.

and https://docs.axway.com/bundle/Gateway_6172_UsersGuide_allOS_en_HTML5/page/Content/Managing_Security/SSH/ssh_authentication.htm#Client_authentication:

Note: At least one of the available private keys must have the same algorithm as the key negotiated.

which seems against protocol.

I have been wondering what other clients do. It seems like WinSCP/PuTTY only use ssh-rsa signatures for client authentication by default unless the sha2 variants have been specified by the server via the server-sig-algs extension as defined in RFC 8308.

SSH.NET does not currently implement extension negotiation, so we should probably always try ssh-rsa first until it supports server-sig-algs, at which point it could use the strongest variant specified.

@jkillingsworth
Copy link
Contributor

@Rob-Hague Thanks for taking a look at this. I appreciate your help.

If my understanding is correct, this is what is happening:

When the client sends a SSH_MSG_USERAUTH_REQUEST message, the server should respond with either a SSH_MSG_USERAUTH_PK_OK response if it accepts the key type or a SSH_MSG_USERAUTH_FAILURE response if it does not. In the case of OpenSSH, the server behaves according to protocol. In the case of Axway.Gateway (and I assume JSCAPE as well), the server just drops the connection instead of sending back a SSH_MSG_USERAUTH_FAILURE response.

@Rob-Hague
Copy link
Collaborator

Yes that's my understanding too

@WojciechNagorski
Copy link
Collaborator

The 2023.0.1 version has been released to Nuget: https://www.nuget.org/packages/SSH.NET/2023.0.1

@kimmoonkim
Copy link
Author

thank you!
sorry I can't retest, because the server I was having the problem with was migrated to SSH-2.0-GoAnywhere7.4.0 which works fine with 2023.0.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants