Comments (5)
Not certain why I never got a notification for this but here we are. It looks like you have some extra data sitting at the top of your certs/key. I'm not an encryption expert, so I don't know if that actually matters. Your private key also appears to have different header/footer text. This may be a byproduct of how they were generated. Anyway, here is how your cert/keys should look:
-----BEGIN CERTIFICATE-----
<redacted>
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
<redacted>
-----END RSA PRIVATE KEY-----
from hostscan-bypass.
Yeah, my first thoughts was just about that header before actual key. I removed it, but nothing changed.
The second thing I tried is convert encrypted RSA key to normal RSA:
openssl rsa -in cert.key -out cert.decrypted.key
Decrypted key looks like:
-----BEGIN RSA PRIVATE KEY-----
<redacted>
-----END RSA PRIVATE KEY-----
Still, when I run hostscan-bypass with this decrypted key, and try to connect my AnyConnect client, it starts complain about "untrustworthy gateway" and close connection immidiately.
from hostscan-bypass.
from hostscan-bypass.
AnyConnect runs inside Ubuntu 20.04 VM, and hostscan-bypass runs on host system (Gentoo Linux).
Of course, I checked out your blog post before creating issue, and that box was unchecked right from the beginning.
Here some screenshots inside Ubuntu VM: https://imgur.com/a/qFgS6qr
from hostscan-bypass.
It sounds like the Linux AnyConnect is not respecting your choice. There was a similar issue described in the OS X troubleshooting thread (#4). Specifically, this comment.
I won't be able to troubleshoot your specific AnyConnect issue but what I can say is that you are on the right track. Your new private key is working correctly. If you can get Linux/AnyConnect to let you connect to untrusted servers you'll be in the clear.
If you run into trouble finding the root cause then the final thing you can do is put the hostscan-bypass on a legitimate domain with a real SSL cert (letsencrypt). Since the SSL cert is real AnyConnect will trust the connection.
from hostscan-bypass.
Related Issues (17)
- unexpected EOF when running hostscan-bypass HOT 1
- Login denied (multiple issues) HOT 3
- Connection is good, but never stops to write the bypass HOT 2
- AnyConnect client doesn't want to connect to Hostscan Bypass script HOT 9
- How to run it on Windows 10 PC? HOT 9
- Unable to connect into my server using AnyConnect HOT 4
- On MacOS EOF is never triggered - Potential fix HOT 2
- How to forward the certificate validation request. HOT 1
- Does this issue have a CVE? HOT 2
- tls: handshake failure issue HOT 1
- Possible protocol change HOT 6
- OS X Troubleshooting HOT 47
- RSA token with hostscan bypass HOT 3
- Doesn't work with TLS_RSA_WITH_AES_256_CBC_SHA256 cipher HOT 16
- Unable to obtain CSD file HOT 5
- Getting the below error HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hostscan-bypass.