Occasionally occuring problem with private/public key

Advertisement

g24ftp
Joined:
Posts:
18

Occasionally occuring problem with private/public key

Hello,
I have set up a scheduled process which connects automatically every hour to a proftpd server via sftp. I am authenticating with public/private key and it works fine like 98% of the time. But sometimes the server is refusing the key with the following error:

echo            on        
option batch abort
batch           abort     
option confirm off
confirm         off       
option reconnecttime off
reconnecttime   off       
option transfer binary
transfer        binary    
open testuser@testserver.de
Searching for host...
Connecting to host...
Authenticating...
Using username "testuser".
Authenticating with public key "rsa-key-20131022".
Server refused public-key signature despite accepting key!
Password: 
Connection has been unexpectedly closed. Server sent command exit status 0.
Authentication log (see session log for details):
Using username "testuser".
Authenticating with public key "rsa-key-20131022".
Server refused public-key signature despite accepting key!

Here are the server logs:
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: received client version 'SSH-2.0-WinSCP_release_5.1.7'
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: handling connection from SSH2 client 'WinSCP_release_5.1.7'
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session key exchange: diffie-hellman-group-exchange-sha1
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server hostkey: ssh-rsa
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session client-to-server encryption: aes256-ctr
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server-to-client encryption: aes256-ctr
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session client-to-server MAC: hmac-sha1
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server-to-client MAC: hmac-sha1
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session client-to-server compression: none
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server-to-client compression: none
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: sending acceptable userauth methods: password,publickey
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: public key MD5 fingerprint: a1:b2:c3:d4:e5:f6:g7:h8:i9:j0:k1:l2:m3:n4:o5:p6
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: sending publickey OK
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: public key MD5 fingerprint: a1:b2:c3:d4:e5:f6:g7:h8:i9:j0:k1:l2:m3:n4:o5:p6
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: error verifying RSA signature: 
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: failed to verify 'ssh-rsa' signature on public key auth request for user 'testuser'

It seems like the problem only occurs with WinSCP Client. Similiar scripts with other clients are working fine
Is there a solution to this problem?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
33,008
Location:
Prague, Czechia

Re: itermittent login issues

SG wrote:

Can you please confirm whether the following bug is fixed in the latest beta versions of WinSCP

I am using version 5.6.2 beta - which still has the Bug 1091.

https://winscp.net/tracker/1091
There's no bug in WinSCP. It's a bug in ProFTPD server. If you are referring to a workaround for the server's bug implemented in WinSCP, it's included since 5.5.3. It predates any 5.6.x release, meaning all 5.6.x releases include the workaround too.

Reply with quote

SG
Guest

itermittent login issues

Thanks Martin.

Is there way to use the workaround, and specify the "Requires Padding on SSH-2 RSA Signatures" in automation (winscp.com)?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
33,008
Location:
Prague, Czechia

Re: itermittent login issues

You have the workaround enabled automatically in 5.6.2 beta. Enabling it explicitly won't change anything.
Anyway, to do that use: open user@host -rawsettings BugRSAPad2=2

Reply with quote

Advertisement

You can post new topics in this forum