Topic "Occasionally occuring problem with private/public key"

Author Message
g24ftp
[View user's profile]

Joined: 2010-07-05
Posts: 18
Hello,
I have set up a scheduled process which connects automatically every hour to a proftpd server via sftp. I am authenticating with public/private key and it works fine like 98% of the time. But sometimes the server is refusing the key with the following error:

Code:
echo            on       
option batch abort
batch           abort     
option confirm off
confirm         off       
option reconnecttime off
reconnecttime   off       
option transfer binary
transfer        binary   
open testuser@testserver.de
Searching for host...
Connecting to host...
Authenticating...
Using username "testuser".
Authenticating with public key "rsa-key-20131022".
Server refused public-key signature despite accepting key!
Password:
Connection has been unexpectedly closed. Server sent command exit status 0.
Authentication log (see session log for details):
Using username "testuser".
Authenticating with public key "rsa-key-20131022".
Server refused public-key signature despite accepting key!


Here are the server logs:
Code:
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: received client version 'SSH-2.0-WinSCP_release_5.1.7'
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: handling connection from SSH2 client 'WinSCP_release_5.1.7'
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session key exchange: diffie-hellman-group-exchange-sha1
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server hostkey: ssh-rsa
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session client-to-server encryption: aes256-ctr
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server-to-client encryption: aes256-ctr
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session client-to-server MAC: hmac-sha1
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server-to-client MAC: hmac-sha1
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session client-to-server compression: none
Nov 04 23:04:04 mod_sftp/0.9.8[6620]:  + Session server-to-client compression: none
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: sending acceptable userauth methods: password,publickey
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: public key MD5 fingerprint: a1:b2:c3:d4:e5:f6:g7:h8:i9:j0:k1:l2:m3:n4:o5:p6
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: sending publickey OK
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: public key MD5 fingerprint: a1:b2:c3:d4:e5:f6:g7:h8:i9:j0:k1:l2:m3:n4:o5:p6
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: error verifying RSA signature:
Nov 04 23:04:04 mod_sftp/0.9.8[6620]: failed to verify 'ssh-rsa' signature on public key auth request for user 'testuser'


It seems like the problem only occurs with WinSCP Client. Similiar scripts with other clients are working fine
Is there a solution to this problem?
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24995
Location: Prague, Czechia
Thanks for your report.

This issue has been added to the tracker:
https://winscp.net/tracker/show_bug.cgi?id=1091

I've cc'd you on email to PuTTY team.
SG

Guest


Hi,

Can you please confirm whether the following bug is fixed in the latest beta versions of WinSCP

I am using version 5.6.2 beta - which still has the Bug 1091.

https://winscp.net/tracker/show_bug.cgi?id=1091

Thanks
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24995
Location: Prague, Czechia
SG wrote:
Can you please confirm whether the following bug is fixed in the latest beta versions of WinSCP

I am using version 5.6.2 beta - which still has the Bug 1091.

https://winscp.net/tracker/show_bug.cgi?id=1091

There's no bug in WinSCP. It's a bug in ProFTPD server. If you are referring to a workaround for the server's bug implemented in WinSCP, it's included since 5.5.3. It predates any 5.6.x release, meaning all 5.6.x releases include the workaround too.
_________________
Martin Prikryl
SG

Guest


Thanks Martin.

Is there way to use the workaround, and specify the "Requires Padding on SSH-2 RSA Signatures" in automation (winscp.com)?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24995
Location: Prague, Czechia
You have the workaround enabled automatically in 5.6.2 beta. Enabling it explicitly won't change anything.
Anyway, to do that use: open user@host -rawsettings BugRSAPad2=2
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License