SSH AUthentication Problem - SSH

This is a discussion on SSH AUthentication Problem - SSH ; OK Here's my dilemma I have 2 servers each of them running Windows 2003 Enterprise Edition F-Secure Release 5.3 build 25 F-Secure Server Release 5.3 build 15 I'm looking to automate the transfer of files using batch SFTP I've created ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: SSH AUthentication Problem

  1. SSH AUthentication Problem

    OK Here's my dilemma I have 2 servers each of them running
    Windows 2003 Enterprise Edition
    F-Secure Release 5.3 build 25
    F-Secure Server Release 5.3 build 15

    I'm looking to automate the transfer of files using batch SFTP
    I've created the private and public keys and authorization file, yet I
    fail to connect with the error message
    'Ssh2AuthPubKeyClient: Server rejected the signature.'

    I'm a newbie with SSH so here's what I find confusing
    I receive the error 'SshConfig: Unable to open C:/Documents and
    Settings/ftpuser/Application Data/F-S
    ecure SSH/ssh2_config'.
    This is true, the file ssh2_config does not exist anywhere on the
    system.
    Where is it? Should I create it? What should it look like?

    Also when I run the FTP Client GUI it shows the Authorization file as
    having permissions of 600. Searching the web most people suggest
    permissions of 644. I've gone into Windows security and given 'read
    permissions' to Everyone, yet I saw no change in the permissions from
    the FTP GUI. I also tried the same thing with user 'Network_Service'.
    How do I get Windows to emulate 644 unix permissions, or does it even
    matter?

    That's all I can think of. The error messages are below. Any help would
    be GREATLY appreciated!!



    C:\ssh2test>D:\MW\F-Secure\Ssh\sftp2 -vB up.txt
    SshFileCopy: Making local connection.
    SshFileXferClient: ext_name `newline@vandyke.com', data:
    00000000: 0d0a ..
    SshFileCopy: Connection to local, ready to serve requests.
    Sftp2: Connection ready.
    SshReadLine: Initializing ReadLine...
    sftp> open ftpuser@hostip

    Sftp2: Command descriptor 0x200e (0xe)
    Opening connection to ftpuser@hostip
    SshFileCopy: Connecting to remote host. (host = ftpuser@hostip, user =
    N
    ULL, port = NULL)
    Sftp2: Couldn't find ssh2 on path specified (ssh2.exe). Trying default
    PATH...
    SshConfig: Unable to open C:/Documents and Settings/ftpuser/Application
    Data/F-S
    ecure SSH/ssh2_config
    SshReadLine: Initializing ReadLine...
    Ssh2Transport: My version: SSH-1.99-3.2.3 F-Secure SSH Windows Client
    client supports 3 auth methods:
    'keyboard-interactive,publickey,password'
    Ssh2Common: local ip = hostip, local port = 4706
    Ssh2Common: remote ip = hostip, remote port = 22
    SshConnection: Wrapping...
    Remote version: SSH-2.0-3.2.3 F-Secure SSH Windows NT Server
    Major: 3 Minor: 2 Revision: 3
    Ssh2Transport: lang s to c: `', lang c to s: `'
    Ssh2Transport: c_to_s: cipher 3des-cbc, mac hmac-sha1, compression none
    Ssh2Transport: s_to_c: cipher 3des-cbc, mac hmac-sha1, compression none
    Remote host key found from database.
    Ssh2Common: Received SSH_CROSS_STARTUP packet from connection protocol.
    Ssh2Common: Received SSH_CROSS_ALGORITHMS packet from connection
    protocol.
    server offers auth methods 'publickey,password'.
    Ssh2AuthPubKeyClient: Starting pubkey auth...
    Ssh2AuthPubKeyClient: Agent is not running.
    Ssh2AuthPubKeyClient: Got 0 keys from the agent.
    SshUnixUserFiles: Found 2 keys from C:\Documents and
    Settings\ftpuser\Applicatio
    n Data\F-Secure SSH\userkeys
    SshUnixUserFiles: Found 0 certificates from C:\Documents and
    Settings\ftpuser\Ap
    plication Data\F-Secure SSH\UserCertificates
    SshUnixUserFiles: Found 2 keys from C:\Documents and
    Settings\ftpuser\Applicatio
    n Data\F-Secure SSH\userkeys
    SshUnixUserFiles: Found 0 certificates from C:\Documents and
    Settings\ftpuser\Ap
    plication Data\F-Secure SSH\UserCertificates
    Ssh2AuthPubKeyClient: adding keyfile "C:\Documents and
    Settings\ftpuser\Applicat
    ion Data\F-Secure SSH\userkeys\ftw2ftw" to candidates
    Ssh2AuthPubKeyClient: adding keyfile "C:\Documents and
    Settings\ftpuser\Applicat
    ion Data\F-Secure SSH\userkeys\ftw2tpa" to candidates
    Ssh2AuthPubKeyClient: Trying 2 key candidates.
    Constructing and sending signature in publickey authentication.
    Ssh2AuthPubKeyClient: reading private key C:\Documents and
    Settings\ftpuser\Appl
    ication Data\F-Secure SSH\userkeys\ftw2ftw
    server offers auth methods 'publickey,password'.
    Ssh2AuthPubKeyClient: Server rejected the signature.
    server offers auth methods 'publickey,password'.
    Ssh2AuthPubKeyClient: All keys declined by server, disabling method.
    Ssh2AuthClient: Method 'publickey' disabled.
    server offers auth methods 'publickey,password'.
    Ssh2AuthPasswdClient: In Batchmode, so we're not asking the user for
    password.
    Ssh2AuthClient: Method 'password' disabled.
    server offers auth methods 'publickey,password'.
    Ssh2Common: DISCONNECT received: No further authentication methods
    available.
    Authentication failed
    Disconnected; no more authentication methods available (No further
    authenticatio
    n methods available.).
    Ssh2Common: DISCONNECT received: Connection closed.
    Authentication failed
    Disconnected; connection lost (Connection closed.).
    SshReadLine: Uninitializing ReadLine...
    Ssh2Common: Destroying SshCommon object.
    SshConnection: Destroying SshConn object.
    Ssh2Client: Destroying client completed.


  2. Re: SSH AUthentication Problem

    >>>>> "299bowler" == 299bowler <299bowler@gmail.com> writes:

    299bowler> I'm looking to automate the transfer of files using batch
    299bowler> SFTP I've created the private and public keys and
    299bowler> authorization file, yet I fail to connect with the error
    299bowler> message 'Ssh2AuthPubKeyClient: Server rejected the
    299bowler> signature.'

    This looks like you've got mismatched key files -- that is, you've put a
    public key on the server which does not match the private key you're using
    on the client.

    - Richard

  3. Re: SSH AUthentication Problem

    Thanks Richard,
    I was thinking the same thing and verified that the keys are the
    same (identical time stamp). Just to be sure I created a new keypair
    and uploaded it and got the same result. Any other thoughts?

    - Jeff


  4. Re: SSH AUthentication Problem

    >>>>> "299bowler" == 299bowler <299bowler@gmail.com> writes:

    299bowler> Thanks Richard, I was thinking the same thing and verified
    299bowler> that the keys are the same (identical time stamp). Just to
    299bowler> be sure I created a new keypair and uploaded it and got the
    299bowler> same result. Any other thoughts?

    It's peculiar. All I can think is that perhaps, rather than testing the
    key first, the client is simply sending a userauth request with the
    signature, and the server is denying it for some other reason (e.g. wrong
    file permissions or similar problem). However, I checked the behavior of
    the ssh.com software 3.2.3, on which the F-Secure code is based, and it
    does test keys first.

    --
    Richard Silverman
    res@qoxp.net


  5. Re: SSH AUthentication Problem

    Richard E. Silverman wrote:
    > >>>>> "299bowler" == 299bowler <299bowler@gmail.com> writes:

    >
    > 299bowler> Thanks Richard, I was thinking the same thing and verified
    > 299bowler> that the keys are the same (identical time stamp). Just to
    > 299bowler> be sure I created a new keypair and uploaded it and got the
    > 299bowler> same result. Any other thoughts?
    >
    > It's peculiar. All I can think is that perhaps, rather than testing the
    > key first, the client is simply sending a userauth request with the
    > signature, and the server is denying it for some other reason (e.g. wrong
    > file permissions or similar problem). However, I checked the behavior of
    > the ssh.com software 3.2.3, on which the F-Secure code is based, and it
    > does test keys first.
    >
    > --
    > Richard Silverman
    > res@qoxp.net


    Is this a local windows user account or a domain user account? Try
    using a local windows account. No Windows SSH servers could use domain
    accounts with user key authentication, until recently. It only worked
    with local windows accounts.


  6. Re: SSH AUthentication Problem

    Tony7777777 wrote:
    > Is this a local windows user account or a domain user account? Try
    > using a local windows account. No Windows SSH servers could use domain
    > accounts with user key authentication, until recently.


    I'm sorry, did I miss something? What options are available now for
    domain accounts and key auth?

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

+ Reply to Thread