Hello,
We have an issue attempting to login from a Unix Solaris to an NT server using key authentication. I will attempt to provide you with as much of the relevant information regarding the way the system is set up, although I'm workingin solely on the Unix side, so don't have full access to how the NT server is set up.
The version of ssh that we're running is:-
bash-3.00$ ssh2 -V
ssh2: F-Secure-SSH-2.3.1 (build 7) on sparc-sun-solaris2.8
The public/private keys that I created (with no passphrase) are in the following format:-
bash-3.00$ more batchftp_uat.pub
---- BEGIN SSH2 PUBLIC KEY ----
Subject: genevaz
Comment: "2048-bit rsa, genevaz@nsufu351, Wed Apr 29 2009 16:02:21"
AAAAB3NzaC1yc2EAAAABIQAAAQEArY1INXO1O1OYKMftSSqWMu0yCEth4RxZWbLgDfyh9j
...etc...
HyzYkalbK0IxCTwxILud5dmhVDj4C0w9eCiP7DJF9+Fvk7eq6hwTfsCZxrJO9RPPxTGjds
3acg4fKft64II8QpOYVw==
---- END SSH2 PUBLIC KEY ----
bash-3.00$ more batchftp_uat
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: genevaz
Comment: "2048-bit rsa, genevaz@nsufu351, Wed Apr 29 2009 16:02:21"
P2/56wAAA+oAAAA0aWYtbW9kbntzaWdue3JzYS1wa2NzMS1tZDV9LGVuY3J5cHR7cnNhLX
...etc...
eBjpNEZbOg1KIyDyvPLcKqDypisoenOLd1wZSgdB5QptSE0qI7v4GawDJ9jAU5Sz/e3eeI
TWFGjR
---- END SSH2 ENCRYPTED PRIVATE KEY ----
These are both in the .ssh2 directory of the account that I'm connecting from. Also in that directory are the following files:-
bash-3.00$ more identification
IdKey batchftp_uat
bash-3.00$ more authorization
key batchftp_uat.pub
Below is the output of what happens (with maximum debug) when I attempt to login to the remote server:-
bash-3.00$ sftp -D 99 "hnah\svc-us-sftp-hbeuie@mxssh01"
SshEventLoop/sshunixeloop.c:412: Registered signal 1.
SshEventLoop/sshunixeloop.c:412: Registered signal 2.
SshEventLoop/sshunixeloop.c:412: Registered signal 15.
SshEventLoop/sshunixeloop.c:412: Registered signal 6.
SshEventLoop/sshunixeloop.c:412: Registered signal 22.
SshEventLoop/sshunixeloop.c:524: Registered file descriptor 0.
SshEventLoop/sshunixeloop.c:524: Registered file descriptor 1.
SshEventLoop/sshunixeloop.c:412: Registered signal 20.
SshFSM/sshfsm.c:479: Spawning a new thread starting from `finalize_initialization'.
SshFSM/sshfsm.c:243: Added ptr afbcc ('finalize_initialization') to hash table.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:596: Starting the event loop.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshFSM/sshfsm.c:326: Entering the scheduler.
SshFSM/sshfsm.c:381: Thread continuing from state `finalize_initialization' (Finalize initialization).
SshFSM/sshfsm.c:243: Added ptr af28c ('get_command') to hash table.
SshFileCopy/sshfilecopy.c:909: Making local connection.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshFSM/sshfsm.c:462: Reactivating an already active thread (do nothing).
SshFSM/sshfsm.c:381: Thread continuing from state `get_command' (Prepare to read a command from user).
SshFSM/sshfsm.c:243: Added ptr af38c ('command_open') to hash table.
SshFSM/sshfsm.c:381: Thread continuing from state `command_open' (Open a connection to destination host).
SshFSM/sshfsm.c:243: Added ptr af3e8 ('command_finalize_open') to hash table.
SshFileCopy/sshfilecopy.c:928: Connecting to remote host. (host = hnah\svc-us-sftp-hbeuie@mxssh01, user = (null), port = (null))
Sftp2/sftp2.c:2390: argv[0] = ssh2
Sftp2/sftp2.c:2390: argv[1] = -v
Sftp2/sftp2.c:2390: argv[2] = -x
Sftp2/sftp2.c:2390: argv[3] = -a
Sftp2/sftp2.c:2390: argv[4] = -o
Sftp2/sftp2.c:2390: argv[5] = passwordprompt %U@%H's password:
Sftp2/sftp2.c:2390: argv[6] = -o
Sftp2/sftp2.c:2390: argv[7] = nodelay yes
Sftp2/sftp2.c:2390: argv[8] = -o
Sftp2/sftp2.c:2390: argv[9] = authenticationnotify yes
Sftp2/sftp2.c:2390: argv[10] = hnah\svc-us-sftp-hbeuie@mxssh01
Sftp2/sftp2.c:2390: argv[11] = -s
Sftp2/sftp2.c:2390: argv[12] = sftp
SshEventLoop/sshunixeloop.c:412: Registered signal 18.
SshEventLoop/sshunixeloop.c:524: Registered file descriptor 5.
SshEventLoop/sshunixeloop.c:524: Registered file descriptor 4.
Sftp2/sftp2.c:2206: notification: 0
SshFSM/sshfsm.c:397: Thread suspended in state `command_finalize_open'.
SshFSM/sshfsm.c:367: No active threads so return from scheduler.
SshEventLoop/sshunixeloop.c:738: Select timeout: 0 seconds, 0 usec.
SshEventLoop/sshunixeloop.c:797: Select.
Sftp2/sftp2.c:2206: notification: 1
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:338: Timeout registered at 1242394577.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:738: Select timeout: 0 seconds, 0 usec.
SshEventLoop/sshunixeloop.c:797: Select.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:684: Calling a timeout callback.
SshEventLoop/sshunixeloop.c:797: Select.
debug: hostname is 'mxssh01'.
debug: Unable to open /home/users/genevaz/.ssh2/ssh2_config
debug: connecting to mxssh01...
debug: entering event loop
debug: ssh_client_wrap: creating transport protocol
debug: SshAuthMethodClient/sshauthmethodc.c:107: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:107: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1105: creating userauth protocol
debug: Ssh2Common/sshcommon.c:489: local ip = 128.8.73.35, local port = 36290
debug: Ssh2Common/sshcommon.c:491: remote ip = 161.4.55.155, remote port = 22
debug: SshConnection/sshconn.c:1853: Wrapping...
debug: Ssh2Transport/trcommon.c:591: Remote version: SSH-2.0-6.0.1.16 SSH Tectia Server
debug: Ssh2Transport/trcommon.c:1095: c_to_s: cipher 3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1098: s_to_c: cipher 3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Client/sshclient.c:399: Host key found from database.
debug: Ssh2Common/sshcommon.c:297: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:347: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:780: adding keyfile "/home/users/genevaz/.ssh2/batchftp_uat" to candidates
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:331: Constructing and sending signature...
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:425: ssh_client_auth_pubkey_send_signature: reading /home/users/genevaz/.ssh2/batchftp_uat
debug: Ssh2AuthPasswdClient/authc-passwd.c:82: Starting password query...
hnah\svc-us-sftp-hbeuie@mxssh01's password:
As you'll see it prompts for a password - if I enter the password, I can login to the server successfully. So, my main questions are, can you see anything that's not set up correctly on the Unix side? If not, what can I get the admin guy on the NT side to check? Also, when I attempt to login, should there be any logfiles that shows my connection, and why it's not authenticating correctly? If so, where are the located?
Please let me know if there's any other information that would help us to solve this issue.
Thanks in advance,
Steve Burch