|
| | | Forum Newbie
Group: Forum Members
Last Login: 12/13/2007 9:39:00 AM
Posts: 6, Visits: 24 |
| Does anyone have a possible solution to this problem?
I have imported the ppublickey in the server from the key that was created on the client and assigned it to the user.
The client has accepted and trusted the public key that was created and is used on the server.
If I only allow public key authentication I can not log in.
I have both Password and Public Key authentication checked.
WS_FTP Server 6.1
From server Log
- entry
log_time 20071005-14:09:50
- description
- [CDATA[ Public Key Authentication Not Allowed ]]
/description
service SSH /service
sessionid 64828693 /sessionid
type 2 /type
severity 3 /severity
user dlpreston /user
lstnconnaddr 198.204.114.110:22 /lstnconnaddr
cliconnaddr 198.204.114.112:3995 /cliconnaddr
sguid 18EC5282-C0ED-4ED8-1EA2-B917158030CC /sguid
/entry
Client
WS_Ftp professional 2007
Finding Host scacinom01-d.lereta.com ...
[2007.10.08 07:46:14.637] Connecting to 198.204.114.110:22
[2007.10.08 07:46:14.637] Connected to 198.204.114.110:22 in 0.000000 seconds, Waiting for Server Response
[2007.10.08 07:46:14.637] Server Welcome: SSH-2.0-WS_FTP-SSH_1.1
[2007.10.08 07:46:14.637] Client Version: SSH-2.0-WS_FTP-9.01-2006.07.25
[2007.10.08 07:46:14.652] KexInitPacket (Server): no kex guess present
[2007.10.08 07:46:14.652] KexAlgorithms
[2007.10.08 07:46:14.652] diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
[2007.10.08 07:46:14.652] 00: diffie-hellman-group1-sha1
[2007.10.08 07:46:14.652] 01: diffie-hellman-group14-sha1
[2007.10.08 07:46:14.652] ServerHostKeyAlgorithms
[2007.10.08 07:46:14.652] ssh-dss,ssh-rsa
[2007.10.08 07:46:14.652] 00: ssh-dss
[2007.10.08 07:46:14.652] 01: ssh-rsa
[2007.10.08 07:46:14.652] CsEncryptionAlgorithms
[2007.10.08 07:46:14.652] 3des-cbc,blowfish-cbc,aes256-cbc,aes128-cbc,cast128-cbc
[2007.10.08 07:46:14.652] 00: 3des-cbc
[2007.10.08 07:46:14.652] 01: blowfish-cbc
[2007.10.08 07:46:14.652] 02: aes256-cbc
[2007.10.08 07:46:14.652] 03: aes128-cbc
[2007.10.08 07:46:14.652] 04: cast128-cbc
[2007.10.08 07:46:14.652] ScEncryptionAlgorithms
[2007.10.08 07:46:14.652] 3des-cbc,blowfish-cbc,aes256-cbc,aes128-cbc,cast128-cbc
[2007.10.08 07:46:14.652] 00: 3des-cbc
[2007.10.08 07:46:14.652] 01: blowfish-cbc
[2007.10.08 07:46:14.652] 02: aes256-cbc
[2007.10.08 07:46:14.652] 03: aes128-cbc
[2007.10.08 07:46:14.652] 04: cast128-cbc
[2007.10.08 07:46:14.652] CsMACAlgorithms
[2007.10.08 07:46:14.652] hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
[2007.10.08 07:46:14.652] 00: hmac-sha1
[2007.10.08 07:46:14.652] 01: hmac-sha1-96
[2007.10.08 07:46:14.652] 02: hmac-md5
[2007.10.08 07:46:14.652] 03: hmac-md5-96
[2007.10.08 07:46:14.652] ScMACAlgorithms
[2007.10.08 07:46:14.652] hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
[2007.10.08 07:46:14.652] 00: hmac-sha1
[2007.10.08 07:46:14.652] 01: hmac-sha1-96
[2007.10.08 07:46:14.652] 02: hmac-md5
[2007.10.08 07:46:14.652] 03: hmac-md5-96
[2007.10.08 07:46:14.652] CsCompressionAlgorithms
[2007.10.08 07:46:14.652] zlib,none
[2007.10.08 07:46:14.652] 00: zlib
[2007.10.08 07:46:14.652] 01: none
[2007.10.08 07:46:14.652] ScCompressionAlgorithms
[2007.10.08 07:46:14.652] zlib,none
[2007.10.08 07:46:14.652] 00: zlib
[2007.10.08 07:46:14.652] 01: none
[2007.10.08 07:46:14.652] CsLanguages
[2007.10.08 07:46:14.652]
[2007.10.08 07:46:14.652] ScLanguages
[2007.10.08 07:46:14.652]
[2007.10.08 07:46:14.652] KexInitPacket (Client): no kex guess present
[2007.10.08 07:46:14.652] KexAlgorithms
[2007.10.08 07:46:14.652] diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
[2007.10.08 07:46:14.652] 00: diffie-hellman-group-exchange-sha1
[2007.10.08 07:46:14.652] 01: diffie-hellman-group1-sha1
[2007.10.08 07:46:14.652] ServerHostKeyAlgorithms
[2007.10.08 07:46:14.652] ssh-dss,ssh-rsa
[2007.10.08 07:46:14.652] 00: ssh-dss
[2007.10.08 07:46:14.652] 01: ssh-rsa
[2007.10.08 07:46:14.652] CsEncryptionAlgorithms
[2007.10.08 07:46:14.652] 3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-cbc
[2007.10.08 07:46:14.652] 00: 3des-cbc
[2007.10.08 07:46:14.652] 01: blowfish-cbc
[2007.10.08 07:46:14.652] 02: aes192-cbc
[2007.10.08 07:46:14.652] 03: aes256-cbc
[2007.10.08 07:46:14.652] 04: aes128-cbc
[2007.10.08 07:46:14.652] ScEncryptionAlgorithms
[2007.10.08 07:46:14.652] 3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-cbc
[2007.10.08 07:46:14.652] 00: 3des-cbc
[2007.10.08 07:46:14.652] 01: blowfish-cbc
[2007.10.08 07:46:14.652] 02: aes192-cbc
[2007.10.08 07:46:14.652] 03: aes256-cbc
[2007.10.08 07:46:14.652] 04: aes128-cbc
[2007.10.08 07:46:14.652] CsMACAlgorithms
[2007.10.08 07:46:14.652] hmac-md5,hmac-sha1,hmac-ripemd160
[2007.10.08 07:46:14.652] 00: hmac-md5
[2007.10.08 07:46:14.652] 01: hmac-sha1
[2007.10.08 07:46:14.652] 02: hmac-ripemd160
[2007.10.08 07:46:14.652] ScMACAlgorithms
[2007.10.08 07:46:14.652] hmac-md5,hmac-sha1,hmac-ripemd160
[2007.10.08 07:46:14.652] 00: hmac-md5
[2007.10.08 07:46:14.652] 01: hmac-sha1
[2007.10.08 07:46:14.652] 02: hmac-ripemd160
[2007.10.08 07:46:14.652] CsCompressionAlgorithms
[2007.10.08 07:46:14.652] zlib,none
[2007.10.08 07:46:14.652] 00: zlib
[2007.10.08 07:46:14.652] 01: none
[2007.10.08 07:46:14.652] ScCompressionAlgorithms
[2007.10.08 07:46:14.652] zlib,none
[2007.10.08 07:46:14.652] 00: zlib
[2007.10.08 07:46:14.652] 01: none
[2007.10.08 07:46:14.652] CsLanguages
[2007.10.08 07:46:14.652]
[2007.10.08 07:46:14.652] ScLanguages
[2007.10.08 07:46:14.652]
[2007.10.08 07:46:14.652] SSH Transport agreed algorithms
[2007.10.08 07:46:14.652] Purpose: key agreement Algo: diffie-hellman-group1-sha1
[2007.10.08 07:46:14.652] Purpose: server host keyAlgo: ssh-dss
[2007.10.08 07:46:14.652] Purpose: encryption cs Algo: 3des-cbc
[2007.10.08 07:46:14.652] Purpose: encryption sc Algo: 3des-cbc
[2007.10.08 07:46:14.652] Purpose: MAC cs Algo: hmac-md5
[2007.10.08 07:46:14.652] Purpose: MAC sc Algo: hmac-md5
[2007.10.08 07:46:14.652] Purpose: compression cs Algo: zlib
[2007.10.08 07:46:14.652] Purpose: compression sc Algo: zlib
[2007.10.08 07:46:14.699] SSH Server Host Key Size 817 bytes
[2007.10.08 07:46:14.699] SSH Signature Size 40 bytes
[2007.10.08 07:46:14.715] DSS Signature Verified
[2007.10.08 07:46:14.730] Session Keys Created
[2007.10.08 07:46:14.730] Ciphers Created
[2007.10.08 07:46:14.730] New Client->Server ciphers in place.
[2007.10.08 07:46:14.730] New Server->Client ciphers in place.
[2007.10.08 07:46:14.730] Completed SSH Key Exchange. New Keys in place.
[2007.10.08 07:46:15.760] Loaded key Pair "nom01 dlpreston RSA", types(public,private): "RSA","RSA"
[2007.10.08 07:46:15.760] Key pair algorithm type: "ssh-rsa"
[2007.10.08 07:46:15.900] Server rejected public key
[2007.10.08 07:46:15.900] Authentication Method publickey(2) resulted in Failure
[2007.10.08 07:46:15.900] Server Supported Authentication Methods: (* = client also supports)
[2007.10.08 07:46:15.900] publickey *
[2007.10.08 07:46:15.900] password *
[2007.10.08 07:46:15.931] User Authenticated OK!
[2007.10.08 07:46:15.931] Completed SSH User Authentication.
[2007.10.08 07:46:15.931] SSH Channel confirmed open: LocalID 0760a2ce) ServerID(00000030) ServerMaxPacket(30000) ServerWindow(300000)
[2007.10.08 07:46:15.963] Started subsystem "sftp" on channel 0760a2ce
[2007.10.08 07:46:15.963] SFTP Protocol Version 4 OK
[2007.10.08 07:46:16.041] sftp protocol initialized
Auto detecting server clock offset
Server clock offset is 2 minutes
/ loaded from [Directory Listing Cache]DIR4566.tmp
|
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 12/13/2007 9:39:00 AM
Posts: 6, Visits: 24 |
| When public key is the only authentication allowed the server shows no log entry at all. It does increment bad login entry for the user. This is the log from the client for a connect attempt using only public key authentication
Finding Host scacinom01-d.lereta.com ...
[2007.10.08 08:04:22.011] Connecting to 198.204.114.110:22
[2007.10.08 08:04:22.026] Connected to 198.204.114.110:22 in 0.015596 seconds, Waiting for Server Response
[2007.10.08 08:04:22.026] Server Welcome: SSH-2.0-WS_FTP-SSH_1.1
[2007.10.08 08:04:22.026] Client Version: SSH-2.0-WS_FTP-9.01-2006.07.25
[2007.10.08 08:04:22.026] KexInitPacket (Server): no kex guess present
[2007.10.08 08:04:22.026] KexAlgorithms
[2007.10.08 08:04:22.026] diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
[2007.10.08 08:04:22.026] 00: diffie-hellman-group1-sha1
[2007.10.08 08:04:22.026] 01: diffie-hellman-group14-sha1
[2007.10.08 08:04:22.026] ServerHostKeyAlgorithms
[2007.10.08 08:04:22.026] ssh-dss,ssh-rsa
[2007.10.08 08:04:22.026] 00: ssh-dss
[2007.10.08 08:04:22.026] 01: ssh-rsa
[2007.10.08 08:04:22.026] CsEncryptionAlgorithms
[2007.10.08 08:04:22.026] 3des-cbc,blowfish-cbc,aes256-cbc,aes128-cbc,cast128-cbc
[2007.10.08 08:04:22.026] 00: 3des-cbc
[2007.10.08 08:04:22.026] 01: blowfish-cbc
[2007.10.08 08:04:22.026] 02: aes256-cbc
[2007.10.08 08:04:22.026] 03: aes128-cbc
[2007.10.08 08:04:22.026] 04: cast128-cbc
[2007.10.08 08:04:22.026] ScEncryptionAlgorithms
[2007.10.08 08:04:22.026] 3des-cbc,blowfish-cbc,aes256-cbc,aes128-cbc,cast128-cbc
[2007.10.08 08:04:22.026] 00: 3des-cbc
[2007.10.08 08:04:22.026] 01: blowfish-cbc
[2007.10.08 08:04:22.026] 02: aes256-cbc
[2007.10.08 08:04:22.026] 03: aes128-cbc
[2007.10.08 08:04:22.026] 04: cast128-cbc
[2007.10.08 08:04:22.026] CsMACAlgorithms
[2007.10.08 08:04:22.026] hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
[2007.10.08 08:04:22.026] 00: hmac-sha1
[2007.10.08 08:04:22.026] 01: hmac-sha1-96
[2007.10.08 08:04:22.026] 02: hmac-md5
[2007.10.08 08:04:22.026] 03: hmac-md5-96
[2007.10.08 08:04:22.026] ScMACAlgorithms
[2007.10.08 08:04:22.026] hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
[2007.10.08 08:04:22.026] 00: hmac-sha1
[2007.10.08 08:04:22.026] 01: hmac-sha1-96
[2007.10.08 08:04:22.026] 02: hmac-md5
[2007.10.08 08:04:22.026] 03: hmac-md5-96
[2007.10.08 08:04:22.026] CsCompressionAlgorithms
[2007.10.08 08:04:22.026] zlib,none
[2007.10.08 08:04:22.026] 00: zlib
[2007.10.08 08:04:22.026] 01: none
[2007.10.08 08:04:22.026] ScCompressionAlgorithms
[2007.10.08 08:04:22.026] zlib,none
[2007.10.08 08:04:22.026] 00: zlib
[2007.10.08 08:04:22.026] 01: none
[2007.10.08 08:04:22.026] CsLanguages
[2007.10.08 08:04:22.026]
[2007.10.08 08:04:22.026] ScLanguages
[2007.10.08 08:04:22.026]
[2007.10.08 08:04:22.026] KexInitPacket (Client): no kex guess present
[2007.10.08 08:04:22.026] KexAlgorithms
[2007.10.08 08:04:22.026] diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
[2007.10.08 08:04:22.026] 00: diffie-hellman-group-exchange-sha1
[2007.10.08 08:04:22.026] 01: diffie-hellman-group1-sha1
[2007.10.08 08:04:22.026] ServerHostKeyAlgorithms
[2007.10.08 08:04:22.026] ssh-dss,ssh-rsa
[2007.10.08 08:04:22.026] 00: ssh-dss
[2007.10.08 08:04:22.026] 01: ssh-rsa
[2007.10.08 08:04:22.026] CsEncryptionAlgorithms
[2007.10.08 08:04:22.026] 3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-cbc
[2007.10.08 08:04:22.026] 00: 3des-cbc
[2007.10.08 08:04:22.026] 01: blowfish-cbc
[2007.10.08 08:04:22.026] 02: aes192-cbc
[2007.10.08 08:04:22.026] 03: aes256-cbc
[2007.10.08 08:04:22.026] 04: aes128-cbc
[2007.10.08 08:04:22.026] ScEncryptionAlgorithms
[2007.10.08 08:04:22.026] 3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-cbc
[2007.10.08 08:04:22.026] 00: 3des-cbc
[2007.10.08 08:04:22.026] 01: blowfish-cbc
[2007.10.08 08:04:22.026] 02: aes192-cbc
[2007.10.08 08:04:22.026] 03: aes256-cbc
[2007.10.08 08:04:22.026] 04: aes128-cbc
[2007.10.08 08:04:22.026] CsMACAlgorithms
[2007.10.08 08:04:22.026] hmac-md5,hmac-sha1,hmac-ripemd160
[2007.10.08 08:04:22.026] 00: hmac-md5
[2007.10.08 08:04:22.026] 01: hmac-sha1
[2007.10.08 08:04:22.026] 02: hmac-ripemd160
[2007.10.08 08:04:22.026] ScMACAlgorithms
[2007.10.08 08:04:22.026] hmac-md5,hmac-sha1,hmac-ripemd160
[2007.10.08 08:04:22.026] 00: hmac-md5
[2007.10.08 08:04:22.026] 01: hmac-sha1
[2007.10.08 08:04:22.026] 02: hmac-ripemd160
[2007.10.08 08:04:22.026] CsCompressionAlgorithms
[2007.10.08 08:04:22.026] zlib,none
[2007.10.08 08:04:22.026] 00: zlib
[2007.10.08 08:04:22.026] 01: none
[2007.10.08 08:04:22.026] ScCompressionAlgorithms
[2007.10.08 08:04:22.026] zlib,none
[2007.10.08 08:04:22.026] 00: zlib
[2007.10.08 08:04:22.026] 01: none
[2007.10.08 08:04:22.026] CsLanguages
[2007.10.08 08:04:22.026]
[2007.10.08 08:04:22.026] ScLanguages
[2007.10.08 08:04:22.026]
[2007.10.08 08:04:22.026] SSH Transport agreed algorithms
[2007.10.08 08:04:22.026] Purpose: key agreement Algo: diffie-hellman-group1-sha1
[2007.10.08 08:04:22.026] Purpose: server host keyAlgo: ssh-dss
[2007.10.08 08:04:22.026] Purpose: encryption cs Algo: 3des-cbc
[2007.10.08 08:04:22.026] Purpose: encryption sc Algo: 3des-cbc
[2007.10.08 08:04:22.026] Purpose: MAC cs Algo: hmac-md5
[2007.10.08 08:04:22.026] Purpose: MAC sc Algo: hmac-md5
[2007.10.08 08:04:22.026] Purpose: compression cs Algo: zlib
[2007.10.08 08:04:22.026] Purpose: compression sc Algo: zlib
[2007.10.08 08:04:22.073] SSH Server Host Key Size 817 bytes
[2007.10.08 08:04:22.073] SSH Signature Size 40 bytes
[2007.10.08 08:04:22.104] DSS Signature Verified
[2007.10.08 08:04:22.104] Session Keys Created
[2007.10.08 08:04:22.104] Ciphers Created
[2007.10.08 08:04:22.104] New Client->Server ciphers in place.
[2007.10.08 08:04:22.104] New Server->Client ciphers in place.
[2007.10.08 08:04:22.104] Completed SSH Key Exchange. New Keys in place.
[2007.10.08 08:04:23.087] Loaded key Pair "nom01 dlpreston RSA", types(public,private): "RSA","RSA"
[2007.10.08 08:04:23.087] Key pair algorithm type: "ssh-rsa"
[2007.10.08 08:04:23.149] Server rejected public key
[2007.10.08 08:04:23.149] Authentication Method publickey(2) resulted in Failure
[2007.10.08 08:04:23.149] Server Supported Authentication Methods: (* = client also supports)
[2007.10.08 08:04:23.149] publickey *
[2007.10.08 08:04:23.149] Failed SSH User Authentication
[2007.10.08 08:04:23.149] SSH Transport closed.
|
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 11/13/2007 7:33:41 PM
Posts: 7, Visits: 13 |
| | Hi, we'll take a look at this and see if it is a defect. Thanks for posting this Nikos |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 12/13/2007 9:39:00 AM
Posts: 6, Visits: 24 |
| . According to the documentation and help files public key authentication will not work with windows file level security. It doesn’t mention not working using windows local accounts. I have tested further and that is what it appears to be.
I am using windows user accounts on the local machine,
I have not checked the use windows file level security.
I created 2 virtual sites to do further testing.
1 using windows user database and ssh puplic key authentication does not work.
1 using wsftp server database and ssh public key authentication does work.
|
| |
| | | Supreme Being
Group: FTP Preview Program Members
Last Login: 11/16/2007 4:31:15 PM
Posts: 115, Visits: 35 |
| Hi, dlpreston,
In your previous message, you mentioned that you used ws_ftp pro 2007 to create a key pair and then imported the public key into the server and assigned the public key to the user. I believe what you have done is correct. However, on the client side, have you selected this key as the user key on Site|Advanced|SSH tab?
Thanks
Bing |
| |
| | | Supreme Being
Group: FTP Preview Program Members
Last Login: 11/16/2007 4:31:15 PM
Posts: 115, Visits: 35 |
| Hi, dlpreston,
The reason that public key authentication is not allowed for NT user database, AD user database is for the security purpose. Since a user in NT user database could have an invalid/expired account while still have a valid public key.
Thanks.
Bing
|
| |
|
|