Topic "Public/Private Key Authentication Error on Windows XP"

Author Message
javacavaj2

Guest


Attempts to login to a SFTP server from my Windows XP machine fail. The log file indicates:

. Offered public key
! Server refused our key
. Server refused public key

Using the same private key I am able to login from Windows 2000 box. Are they any special settings for Windows XP? My session configuration as listed in the log file is below. Anyone encountered the same issue?


. ----------------------------------------------------
. WinSCP Version 3.5.6 (Build 213)
. Login time: Wednesday, March 24, 2004 9:22:40 PM
. ----------------------------------------------------
. Session name: SFTP
. Host name: xxx.xxxx.com(Port: 22)
. User name: xxxxx(Password: No, Key file: Yes)
. Transfer Protocol: SFTP
. SSH protocol version: 2; Compression: No
. Agent forwarding: No; TIS/CryptoCard: No; KI: No
. Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. SSH Bugs:
. Proxy: none
. Return code variable: Autodetect; Lookup user groups: Yes
. Shell: default, EOL: 0
. Local directory: default, Remote directory: home, Update: No, Cache: Yes
. Cache directory changes: Yes, Permanent: Yes
. Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24552
Location: Prague, Czechia
There are no special settings for WinXP. Can you try to login using Putty SSH client using the key?
_________________
Martin Prikryl
javacavaj2

Guest


Martin,

I was successful at logging in with the Putty SSH client. Any thoughts on how to go about debugging my issue in the GUI version? As an aside I also encounter routing errors when trying to establish a SSL-VPN connection. Both issues are probably related to something in XP since I never had this problem on my W2K machine.

Thanks for the asst.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24552
Location: Prague, Czechia
javacavaj2 wrote:
I was successful at logging in with the Putty SSH client. Any thoughts on how to go about debugging my issue in the GUI version? As an aside I also encounter routing errors when trying to establish a SSL-VPN connection. Both issues are probably related to something in XP since I never had this problem on my W2K machine.

I do not think that it has something to do with XP. It is rather some bug that reveal only under some circumstances. Too often, there is bug in Putty code (with WinSCP uses) that reveals only when compiled with Borland compiler (that I use), but does to reveal with Microsoft compiler (that Putty uses). It is hard to track down. Anyway thanks for report, at least I know that there is maybe something wrong.
_________________
Martin Prikryl
Arghhhh

Guest


Hi,
I'm pulling back from is grave this topic Wink
I have exctaly the same problem using the 4.0.4(Build 436)
I can connect with my key using putty but not using WinSCP.
When trying to connect with WinSCP using login and password no problem.
Here is the WinSCP log :

. 2007-09-18 01:46:35.671 --------------------------------------------------------------------------
. 2007-09-18 01:46:35.687 Looking up host "XXX.XXX.XXX.XXX"
. 2007-09-18 01:46:35.687 Connecting to XXX.XXX.XXX.XXX port 443
. 2007-09-18 01:46:37.640 Server version: SSH-2.0-OpenSSH_4.3
. 2007-09-18 01:46:37.640 We claim version: SSH-2.0-WinSCP_release_4.0.4
. 2007-09-18 01:46:37.640 Using SSH protocol version 2
. 2007-09-18 01:46:38.046 Doing Diffie-Hellman group exchange
. 2007-09-18 01:46:38.281 Doing Diffie-Hellman key exchange
. 2007-09-18 01:46:38.687 Host key fingerprint is:
. 2007-09-18 01:46:38.687 ssh-rsa 2048 XX:e9:54:60:82:f3:26:XX:f2:de:XX:af:e2:XX:8e:96
. 2007-09-18 01:46:38.687 Initialised AES-256 client->server encryption
. 2007-09-18 01:46:38.687 Initialised HMAC-SHA1 client->server MAC algorithm
. 2007-09-18 01:46:38.687 Initialised AES-256 server->client encryption
. 2007-09-18 01:46:38.687 Initialised HMAC-SHA1 server->client MAC algorithm
! 2007-09-18 01:46:38.984 Using username "putty".
. 2007-09-18 01:46:38.984 Reading private key file "D:\Putty\home.ppk"
. 2007-09-18 01:46:43.687 Offered public key
! 2007-09-18 01:46:43.781 Server refused our key
. 2007-09-18 01:46:43.781 Server refused public key
. 2007-09-18 01:46:43.796 Keyboard-interactive authentication refused
. 2007-09-18 01:46:43.796 Session password prompt (putty@XXX.XXX.XXX.XXX's password: )
. 2007-09-18 01:48:06.406 Unable to authenticate
. 2007-09-18 01:48:06.406 Attempt to close connection due to fatal exception:
* 2007-09-18 01:48:06.406 Unable to authenticate
. 2007-09-18 01:48:06.406 Closing connection.
* 2007-09-18 01:48:06.406 (ESshFatal) Unable to authenticate
* 2007-09-18 01:48:06.406 Log d'authentification (voir le log de session pour les dtails) :
* 2007-09-18 01:48:06.406 Utilisation du nom d'utilisateur "putty".
* 2007-09-18 01:48:06.406 Le serveur a refus la cl.
* 2007-09-18 01:48:06.406
* 2007-09-18 01:48:06.406 Erreur d'authentification


And here is the Cygwin OPENSSH sshd_config file :

Port 443
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh_host_rsa_key
#HostKey /etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
StrictModes no
#MaxAuthTries 6

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no

AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
ClientAliveInterval 30
ClientAliveCountMax 3
UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#subsystem-sftp sftp-server
# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/sbin/sftp-server
AllowUsers putty

So is that an ongoing bug or is there something that I missed ?
Thanks.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24552
Location: Prague, Czechia
Which version of PuTTY are you using?
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License