Occasionally occuring problem with private/public key

Advertisement

g24ftp
Joined:
Posts:
18

Occasionally occuring problem with private/public key

Hello,
I have set up a scheduled process which connects automatically every hour to a proftpd server via sftp. I am authenticating with public/private key and it works fine like 98% of the time. But sometimes the server is refusing the key with the following error:

echo            on        
option batch abort
batch           abort     
option confirm off
confirm         off       
option reconnecttime off
reconnecttime   off       
option transfer binary
transfer        binary    
open testuser@testserver.de
Searching for host...
Connecting to host...
Authenticating...
Using username "testuser".
Authenticating with public key "rsa-key-20131022".
Server refused public-key signature despite accepting key!
Password: 
Connection has been unexpectedly closed. Server sent command exit status 0.
Authentication log (see session log for details):
Using username "testuser".
Authenticating with public key "rsa-key-20131022".
Server refused public-key signature despite accepting key!

Here are the server logs:
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: received client version 'SSH-2.0-WinSCP_release_5.1.7'
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: handling connection from SSH2 client 'WinSCP_release_5.1.7'
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session key exchange: diffie-hellman-group-exchange-sha1
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server hostkey: ssh-rsa
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session client-to-server encryption: aes256-ctr
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server-to-client encryption: aes256-ctr
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session client-to-server MAC: hmac-sha1
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server-to-client MAC: hmac-sha1
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session client-to-server compression: none
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server-to-client compression: none
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: sending acceptable userauth methods: password,publickey
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: public key MD5 fingerprint: a1:b2:c3:d4:e5:f6:g7:h8:i9:j0:k1:l2:m3:n4:o5:p6
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: sending publickey OK
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: public key MD5 fingerprint: a1:b2:c3:d4:e5:f6:g7:h8:i9:j0:k1:l2:m3:n4:o5:p6
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: error verifying RSA signature: 
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: failed to verify 'ssh-rsa' signature on public key auth request for user 'testuser'

It seems like the problem only occurs with WinSCP Client. Similiar scripts with other clients are working fine
Is there a solution to this problem?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,501
Location:
Prague, Czechia

Re: itermittent login issues

SG wrote:

Can you please confirm whether the following bug is fixed in the latest beta versions of WinSCP

I am using version 5.6.2 beta - which still has the Bug 1091.

https://winscp.net/tracker/1091
There's no bug in WinSCP. It's a bug in ProFTPD server. If you are referring to a workaround for the server's bug implemented in WinSCP, it's included since 5.5.3. It predates any 5.6.x release, meaning all 5.6.x releases include the workaround too.
_________________
Martin Prikryl

Reply with quote

SG
Guest

itermittent login issues

Thanks Martin.

Is there way to use the workaround, and specify the "Requires Padding on SSH-2 RSA Signatures" in automation (winscp.com)?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
29,501
Location:
Prague, Czechia

Re: itermittent login issues

You have the workaround enabled automatically in 5.6.2 beta. Enabling it explicitly won't change anything.
Anyway, to do that use: open user@host -rawsettings BugRSAPad2=2
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum