I was given the ID_DSA.pub by an MVS user, which I placed in the appropriate user's authorized_keys file. When the user tris to SFTP from their side to the AIX box, the following error is got:
error: debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /u/ssqsftp/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /u/ssqsftp/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host 9.51.164.28
debug3: check_host_in_hostfile: filename /u/ssqsftp/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /u/ssqsftp/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host 9.51.164.28
Host key verification failed.
Connection closed
Can someone help me to fix this issue please? Is there something that I must be doing in addition?
Does the user have a ~/.ssh directory? If so, what are the permissions?
Where did the user place the secret key? What are the permissions?
Do the fingerprints of your server and the clients known_hosts match? You can check this by running ssh-keygen -l /etc/ssh/ssh_host_rsa_key on the host (might have to adapt the path) and ssh-keygen -F 9.51.164.28 -l on the client.
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interacti
Permission denied, please try again.
debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interacti
Permission denied, please try again.
debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interacti
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
Connection closed
do you have the passphrase for their key? Do you get prompted for the key passphrase or remote password? Please verify with ssh running a command remotely like uptime as a test before messing with sftp. Please post the return code - echo $? from ssh. Please post the entire debug output(scrub as necessary)
I recommend using ssh-copy-id. This makes sure the permissions, file names etc.. are all correct. If you don't want to give the user a regular password, you can just assign a password, do the ssh-copy-id yourself and then remove the password. Along those same lines, giving the account a regular password and making sure it actually works would be a good troubleshooting step. Having been through this myself several times, you may want to start an sshd with verbose debugging on a non-standard port and then try connecting to that non-standard port and see what the sshd says. You can make a new set of keys for yourself for testing, you don't need to use the user's keys. Make sure the user has the server's host key in their known hosts file before they try to do anything automated. This can usually be accomplished by doing a regular ssh, accepting the host key and then quitting. Only once you get regular ssh to connect should you try to use sftp. And make sure you can do all this yourself from a box of your own before making the user do it.