Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Sftp Key Authentication Issue

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Sftp Key Authentication Issue
Prev   Next
# 1  
Old 05-15-2009
Sftp Key Authentication Issue
Hello,

We have an issue attempting to login from a Unix Solaris to an NT server using key authentication. I will attempt to provide you with as much of the relevant information regarding the way the system is set up, although I'm workingin solely on the Unix side, so don't have full access to how the NT server is set up.

The version of ssh that we're running is:-

bash-3.00$ ssh2 -V
ssh2: F-Secure-SSH-2.3.1 (build 7) on sparc-sun-solaris2.8

The public/private keys that I created (with no passphrase) are in the following format:-

bash-3.00$ more batchftp_uat.pub
---- BEGIN SSH2 PUBLIC KEY ----
Subject: genevaz
Comment: "2048-bit rsa, genevaz@nsufu351, Wed Apr 29 2009 16:02:21"
AAAAB3NzaC1yc2EAAAABIQAAAQEArY1INXO1O1OYKMftSSqWMu0yCEth4RxZWbLgDfyh9j
...etc...
HyzYkalbK0IxCTwxILud5dmhVDj4C0w9eCiP7DJF9+Fvk7eq6hwTfsCZxrJO9RPPxTGjds
3acg4fKft64II8QpOYVw==
---- END SSH2 PUBLIC KEY ----
bash-3.00$ more batchftp_uat
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: genevaz
Comment: "2048-bit rsa, genevaz@nsufu351, Wed Apr 29 2009 16:02:21"
P2/56wAAA+oAAAA0aWYtbW9kbntzaWdue3JzYS1wa2NzMS1tZDV9LGVuY3J5cHR7cnNhLX
...etc...
eBjpNEZbOg1KIyDyvPLcKqDypisoenOLd1wZSgdB5QptSE0qI7v4GawDJ9jAU5Sz/e3eeI
TWFGjR
---- END SSH2 ENCRYPTED PRIVATE KEY ----

These are both in the .ssh2 directory of the account that I'm connecting from. Also in that directory are the following files:-

bash-3.00$ more identification
IdKey batchftp_uat
bash-3.00$ more authorization
key batchftp_uat.pub

Below is the output of what happens (with maximum debug) when I attempt to login to the remote server:-

bash-3.00$ sftp -D 99 "hnah\svc-us-sftp-hbeuie@mxssh01"
SshEventLoop/sshunixeloop.c:412: Registered signal 1.
SshEventLoop/sshunixeloop.c:412: Registered signal 2.
SshEventLoop/sshunixeloop.c:412: Registered signal 15.
SshEventLoop/sshunixeloop.c:412: Registered signal 6.
SshEventLoop/sshunixeloop.c:412: Registered signal 22.
SshEventLoop/sshunixeloop.c:524: Registered file descriptor 0.
SshEventLoop/sshunixeloop.c:524: Registered file descriptor 1.
SshEventLoop/sshunixeloop.c:412: Registered signal 20.
SshFSM/sshfsm.c:479: Spawning a new thread starting from `finalize_initialization'.
SshFSM/sshfsm.c:243: Added ptr afbcc ('finalize_initialization') to hash table.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:596: Starting the event loop.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshFSM/sshfsm.c:326: Entering the scheduler.
SshFSM/sshfsm.c:381: Thread continuing from state `finalize_initialization' (Finalize initialization).
SshFSM/sshfsm.c:243: Added ptr af28c ('get_command') to hash table.
SshFileCopy/sshfilecopy.c:909: Making local connection.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshFSM/sshfsm.c:462: Reactivating an already active thread (do nothing).
SshFSM/sshfsm.c:381: Thread continuing from state `get_command' (Prepare to read a command from user).
SshFSM/sshfsm.c:243: Added ptr af38c ('command_open') to hash table.
SshFSM/sshfsm.c:381: Thread continuing from state `command_open' (Open a connection to destination host).
SshFSM/sshfsm.c:243: Added ptr af3e8 ('command_finalize_open') to hash table.
SshFileCopy/sshfilecopy.c:928: Connecting to remote host. (host = hnah\svc-us-sftp-hbeuie@mxssh01, user = (null), port = (null))
Sftp2/sftp2.c:2390: argv[0] = ssh2
Sftp2/sftp2.c:2390: argv[1] = -v
Sftp2/sftp2.c:2390: argv[2] = -x
Sftp2/sftp2.c:2390: argv[3] = -a
Sftp2/sftp2.c:2390: argv[4] = -o
Sftp2/sftp2.c:2390: argv[5] = passwordprompt %U@%H's password:
Sftp2/sftp2.c:2390: argv[6] = -o
Sftp2/sftp2.c:2390: argv[7] = nodelay yes
Sftp2/sftp2.c:2390: argv[8] = -o
Sftp2/sftp2.c:2390: argv[9] = authenticationnotify yes
Sftp2/sftp2.c:2390: argv[10] = hnah\svc-us-sftp-hbeuie@mxssh01
Sftp2/sftp2.c:2390: argv[11] = -s
Sftp2/sftp2.c:2390: argv[12] = sftp
SshEventLoop/sshunixeloop.c:412: Registered signal 18.
SshEventLoop/sshunixeloop.c:524: Registered file descriptor 5.
SshEventLoop/sshunixeloop.c:524: Registered file descriptor 4.
Sftp2/sftp2.c:2206: notification: 0
SshFSM/sshfsm.c:397: Thread suspended in state `command_finalize_open'.
SshFSM/sshfsm.c:367: No active threads so return from scheduler.
SshEventLoop/sshunixeloop.c:738: Select timeout: 0 seconds, 0 usec.
SshEventLoop/sshunixeloop.c:797: Select.
Sftp2/sftp2.c:2206: notification: 1
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:738: Select timeout: 0 seconds, 0 usec.
SshEventLoop/sshunixeloop.c:797: Select.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:797: Select.
debug: hostname is 'mxssh01'.
debug: Unable to open /home/users/genevaz/.ssh2/ssh2_config
debug: connecting to mxssh01...
debug: entering event loop
debug: ssh_client_wrap: creating transport protocol
debug: SshAuthMethodClient/sshauthmethodc.c:107: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:107: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1105: creating userauth protocol
debug: Ssh2Common/sshcommon.c:489: local ip = 128.8.73.35, local port = 36290
debug: Ssh2Common/sshcommon.c:491: remote ip = 161.4.55.155, remote port = 22
debug: SshConnection/sshconn.c:1853: Wrapping...
debug: Ssh2Transport/trcommon.c:591: Remote version: SSH-2.0-6.0.1.16 SSH Tectia Server
debug: Ssh2Transport/trcommon.c:1095: c_to_s: cipher 3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1098: s_to_c: cipher 3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Client/sshclient.c:399: Host key found from database.
debug: Ssh2Common/sshcommon.c:297: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:347: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:780: adding keyfile "/home/users/genevaz/.ssh2/batchftp_uat" to candidates
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:331: Constructing and sending signature...
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:425: ssh_client_auth_pubkey_send_signature: reading /home/users/genevaz/.ssh2/batchftp_uat
debug: Ssh2AuthPasswdClient/authc-passwd.c:82: Starting password query...
hnah\svc-us-sftp-hbeuie@mxssh01's password:

As you'll see it prompts for a password - if I enter the password, I can login to the server successfully. So, my main questions are, can you see anything that's not set up correctly on the Unix side? If not, what can I get the admin guy on the NT side to check? Also, when I attempt to login, should there be any logfiles that shows my connection, and why it's not authenticating correctly? If so, where are the located?

Please let me know if there's any other information that would help us to solve this issue.

Thanks in advance,

Steve Burch
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

SSH key authentication problem with 2 servers

hi All, this issue is regarding ssh key authentication, although i have performed this activity on two separate servers, now i have to configure the same again on 2 more servers. i did everything what i did earlier but this time i am getting some error, and i am unable to understand what exactly... (2 Replies)
Discussion started by: lovelysethii
2 Replies

2. UNIX for Advanced & Expert Users

[Solved] SSH key authentication problem

Hi All, this is the very first time i am going to use SSH authentication. first i login to server@ and under this ..ssh directory of servera i used this following command: ssh-keygen -t rsa -b 1024 and i had 2 files(bravo_dbtest and bravo_dbtest.pub) created respectively, further i copied the... (13 Replies)
Discussion started by: lovelysethii
13 Replies

3. Red Hat

ssh private key passwordless authentication

Hello, Need a suggestion to setup private key passwordless authentication. I am not sure this can done or not :wall: here is the sincerio I have two servers, sever1 with a user "user1" and servera with usera here dataflow: usera from servera, will pull/push files to server1 on user1... (2 Replies)
Discussion started by: bobby320
2 Replies

4. UNIX for Advanced & Expert Users

Is SSH Key Authentication Disabled?

I setup passwordless authentication on a Ubuntu vm by ssh'ing into the localhost. I'm trying to do the same thing on another machine but it's not working. I believe I have the permissions setup properly and keygen'd. Is there a way to disable passwordless authentication? I have permission to... (4 Replies)
Discussion started by: MaindotC
4 Replies

5. HP-UX

Error while doing key based authentication

We are trying to do a key exchange from Sun solaris server to HP UNIX server. Errro we are getting is as below:- sshd2: connection from "10.13.240.6" sshd2: auths-pam: PAM subprocess returned packet SSH_PAM_OP_ERROR. (err_num: 32, err_msg: General Commercial Security error) sshd2: User... (4 Replies)
Discussion started by: sandipmandal
4 Replies

6. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

7. Red Hat

SSH Public key Authentication Issue

Hi All; I have an issue with password less authentication via ssh ( v2) I have two servers Server A and Server B, following are the server details Server A OS - HP UX B.11.11 U 9000/800 SSH - OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005 HP-UX Secure Shell-A.04.30.000, HP-UX... (3 Replies)
Discussion started by: maverick_here
3 Replies

8. Shell Programming and Scripting

ssh key based authentication - force

Hi Team, we have problem with sftp. Though SA team has setup the keys between 2 server, sftp still prompts for the password. After many attempt to rectify the problem, SA has asked us force the SSH key based authentication by using following command. sftp2 --indetity="folder/private_key"... (6 Replies)
Discussion started by: ace_friends22
6 Replies

9. Shell Programming and Scripting

Disable SSH key authentication

Hello Guys, I need your help. I am trying to create a script to change password for multipls servers but having problem when it comes to ssh key authentication. Does anyone have a sample script that will disable ssh key authentication for multiple servers?;) (3 Replies)
Discussion started by: youdexter
3 Replies

10. UNIX for Dummies Questions & Answers

SSH key authentication

Hi all, I have got a Solaris machine and I have several user account setup up with the .ssh and authorized_keys file in their home directories. I have check all the permission and ownership and they are all indentical and belongs to the user ID and group respectively. However one of the... (3 Replies)
Discussion started by: stancwong
3 Replies
Login or Register to Ask a Question