Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-26-2005, 07:49 AM
jimbobmcgee jimbobmcgee is offline
Registered User
 
Join Date: Apr 2005
Posts: 21
Question Unable to authenticate by public key with VShell (cross-post from File Transfer area)

I am trying to set up a new user for SFTP access to our server. We have been successfully using VShell 2.3.0:142 with three users, for some time now, but this fourth user cannot connect.

I have the user set in Active Directory in the same way as the others and have added them to the Access Control list with 'Login' and 'SFTP' rights. The Authentication method is only by Public Key, with Password Attempts set to 3.

The client uses Open SSH and has generated the public key file with ssh-keygen -t dsa. On first login, they have been prompted for a password as expected:

Code:
> sftp <USER>@<IP>
Connecting to <IP>...
<USER>@<IP>'s password:
The authenticity of host '<IP> (<IP>)' can't be established.
DSA key fingerprint is <HEX>.
Warning: Permanently added '<IP>' (DSA) to the list of known hosts.
They then upload the public key file to the correct path and logout.

When they try to log in a second time, with the key file in place, they are prompted for the password again:

Code:
> sftp USER@<IP>
Connecting to <IP>...
<USER>@<IP>'s password:
Authenticated with partial success.
Permission denied (publickey).
Connection closed
The VShell log for this period is as follows:

Code:
13:23:41,conn,00632: Connection accepted from <CLIENTIP:PORT>.
13:23:42,auth,00632: none for user <USER> rejected because it is unavailable.
13:23:46,auth,00632: password for user <USER> accepted.
13:23:46,conn,00632: Session channel open request accepted.
13:23:47,sftp,00632: Sftp subsystem initialized; remote version is 3.
13:23:47,sftp,00632: Sending VERSION packet to remote (3)
13:24:09,sftp,00632: <USER> opened x:\path\PublicKey\id_dsa.pub for write 615 bytes transferred.
13:24:13,sftp,00632: Sftp subsystem terminated.
13:24:13,conn,00632: Session channel has been closed (pid: none).
13:24:13,conn,00632: Connection closed.
13:24:15,conn,00633: Connection accepted from <CLIENTIP:PORT>.
13:24:16,auth,00633: none for user <USER> rejected because it is unavailable.
13:24:21,auth,00633: password for user <USER> accepted, further authentication needed.
13:24:21,conn,00633: Connection closed.
Can anyone tell me what I am doing wrong?

J.
Reply With Quote
  #2  
Old 04-28-2005, 03:44 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 1,099
If I understand correctly, you already have other users connecting to this exact same VShell machine/instance using only public key authentication, correct?

It looks like the VShell server is requiring public key authentication, but the client application is instead attempting to use password authentication.

Often a client SSH application requires some additional instruction to use public key authentication instead of password.

Has the user tried forcing public key authentication on the client side using a command line similar to the following?
sftp -o PasswordAuthentication=no user@host
If such a construct does not resolve the authentication problem, we'll need to gather some additional information to determine exactly where the problem originates. Can you enable debug messages in the VShell control panel (Logging category), apply the changes to the VShell configuration, retry the connection with this particular user and provide the resulting VShell log with debugging information?

Often log files can contain information that is not appropriate for posting to a public forum (ip addresses, username, etc...) and you've done an exceptional job masking these from your post. If you do not feel comfortable posting the VShell debug log as requested, please send an email to support@vandyke.com with a subject of "Attn Jake: VanDyke Forum - Thread 729 - VShell log" and include the log file as an attachment or as the body of the email message.

Thanks.
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 02:08 AM.