Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Permission denied (publickey) using sftp
- Drew Myers
July 15, 2003, 12:56 pm
rate this thread
I'm receiving the above error message when attempting to sftp to an
external (outside my local network) host. My system is hpux 11.0
running a precompiled binary version of openssh. The external host is
running windows 2000 and the commercial version of SSH 3.2.0 (I
I have internal hosts that use password authentication that I can sftp
to just fine. I get the following output from "sftp -v <host>":
$ sftp -v ftp.nowcom.com
Connecting to ftp.nowcom.com...
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
2756: debug1: Reading configuration data /opt/ssh/etc/ssh_config
2756: debug1: Rhosts Authentication disabled, originating port will
not be trusted.
2756: debug1: ssh_connect: needpriv 0
2756: debug1: Connecting to foo.foo.bar [foobar] port 22.
2756: debug1: Connection established.
2756: debug1: identity file /usr/local/xfer1/user/.ssh/id_rsa type -1
2756: debug1: identity file /usr/local/xfer1/user/.ssh/id_dsa type -1
2756: debug1: Remote protocol version 2.0, remote software version
3.2.0 SSH Secure Shell Windows NT Server
2756: debug1: no match: 3.2.0 SSH Secure Shell Windows NT Server
2756: debug1: Enabling compatibility mode for protocol 2.0
2756: debug1: Local version string SSH-2.0-OpenSSH_3.5p1
2756: debug1: SSH2_MSG_KEXINIT sent
2756: debug1: SSH2_MSG_KEXINIT received
2756: debug1: kex: server->client aes128-cbc hmac-md5 none
2756: debug1: kex: client->server aes128-cbc hmac-md5 none
2756: debug1: dh_gen_key: priv key bits set: 126/256
2756: debug1: bits set: 491/1024
2756: debug1: sending SSH2_MSG_KEXDH_INIT
2756: debug1: expecting SSH2_MSG_KEXDH_REPLY
2756: debug1: Host 'foobar' is known and matches the DSA host key.
2756: debug1: Found key in /usr/local/xfer1/user/.ssh/known_hosts:2
2756: debug1: bits set: 507/1024
2756: debug1: ssh_dss_verify: signature correct
2756: debug1: kex_derive_keys
2756: debug1: newkeys: mode 1
2756: debug1: SSH2_MSG_NEWKEYS sent
2756: debug1: waiting for SSH2_MSG_NEWKEYS
2756: debug1: newkeys: mode 0
2756: debug1: SSH2_MSG_NEWKEYS received
2756: debug1: done: ssh_kex2.
2756: debug1: send SSH2_MSG_SERVICE_REQUEST
2756: debug1: service_accept: ssh-userauth
2756: debug1: got SSH2_MSG_SERVICE_ACCEPT
2756: debug1: authentications that can continue: publickey
2756: debug1: next auth method to try is publickey
2756: debug1: try privkey: /usr/local/xfer1/user/.ssh/id_rsa
2756: debug1: try privkey: /usr/local/xfer1/user/.ssh/id_dsa
2756: debug1: no more auth methods to try
2756: Permission denied (publickey).
2756: debug1: Calling cleanup 0x400125aa(0x0)
2755: Connection closed
I have enabled Hostbased Authentication in ssh_config, generated and
converted my host DSA public key, and transferred this key to the
remote host, which they state they've put in place. (NOTE: I only
sent the converted copy, my local system does not have a converted
Am I missing something? Any help is appreciated.
Re: Permission denied (publickey) using sftp
These are apples and oranges -- you are presumably trying to use
public-key authentication, so why do you mention turning on hostbased?
They have nothing to do with one another.
Well, the debug trace shows that you're getting a connection, trying
public-key authentication with two keys, and getting rejected. So,
assuming that everything else is right (i.e. you correctly converted and
sent the right key, etc.), it looks like "they" have messed up on their
end, perhaps not placing the key in the right place, or some other
configuration error. Are you using the correct account? The way you show
it, your Unix and Windows usernames must be the same (unless you've
customized in in your ~/.ssh/config file).
Another thing to watch out for is end-of-line conversions. At least with
some earlier versions of the ssh.com software, the server would silently
fail to read keys with the wrong eol conventions for the host platform.
Re: Permission denied (publickey) using sftp
Ok, thanks. I'm still trying to learn the basics as I go along.
I didn't think about that. From my experience, I've only encountered
problems when I bring text from windows to unix, usually not vice
versa, but I'll be sure to have the remote guys check that as well.
Thanks for your time.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum