- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- public key authentication failing
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-18-2016 09:21 AM
ā01-18-2016 09:21 AM
public key authentication failing
I have setup these public key authentication 100 times between openVMS and solaris but I am having isuses this time and I cant figure out why. please see the log below can you tell the reason why its saying public key method disabled?
i apply the same method to other solaris nodes and they work fine.
PASY$ sftp -v pas_app@dotstodb211 Sftp2/SFTP2.C:4804: CRTL version (SYS$SHARE:DECC$SHARE ident) is: V7.3-2-04 SshFileCopy/SSHFILECOPY.C:1062: Making local connection. Ssh2SftpServer/SSHFILEXFERS.C:2079: Received SSH_FXP_INIT Ssh2SftpServer/SSHFILEXFERS.C:2124: version is 3 SshFileCopy/SSHFILECOPY.C:1001: Connection to local, ready to serve requests. Sftp2/SFTP2.C:786: Connection ready. SshReadLine/SSHREADLINE.C:3662: Initializing ReadLine... SshFileCopy/SSHFILECOPY.C:1072: Connecting to remote host. (host = pas_app@dotstodb211, user = NULL, port = NULL) argv[0] = /sys$system/tcpip$ssh_ssh2 argv[1] = -v argv[2] = -x argv[3] = -a argv[4] = -o argv[5] = passwordprompt %U@%H's password: argv[6] = -o argv[7] = authenticationnotify yes argv[8] = pas_app@dotstodb211 argv[9] = -s argv[10] = sftp Sftp2/SFTP2.C:4012: notification: 0 Sftp2/SFTP2.C:4012: notification: 1 debug(18-JAN-2016 12:09:08.94): Ssh2/SSH2.C:1894: CRTL version (SYS$SHARE:DECC$SHR.EXE ident) is V7.3-2-04 debug(18-JAN-2016 12:09:08.95): SshAppCommon/SSHAPPCOMMON.C:313: Allocating global SshRegex context. debug(18-JAN-2016 12:09:08.95): SshConfig/SSHCONFIG.C:3338: Metaconfig parsing stopped at line 4. debug(18-JAN-2016 12:09:08.95): SshConfig/SSHCONFIG.C:855: Setting variable 'VerboseMode' to 'FALSE'. debug(18-JAN-2016 12:09:08.95): SshConfig/SSHCONFIG.C:3246: Unable to open ssh2/ssh2_config debug(18-JAN-2016 12:09:08.96): Connecting to dotstodb211, port 22... (SOCKS not used) debug(18-JAN-2016 12:09:08.96): Ssh2/SSH2.C:2860: Entering event loop. debug(18-JAN-2016 12:09:08.96): Ssh2Client/SSHCLIENT.C:1609: Creating transport protocol. debug(18-JAN-2016 12:09:08.96): SshAuthMethodClient/SSHAUTHMETHODC.C:95: Added "publickey" to usable methods. debug(18-JAN-2016 12:09:08.96): SshAuthMethodClient/SSHAUTHMETHODC.C:95: Added "keyboard-interactive" to usable methods. debug(18-JAN-2016 12:09:08.96): SshAuthMethodClient/SSHAUTHMETHODC.C:95: Added "password" to usable methods. debug(18-JAN-2016 12:09:08.97): Ssh2Client/SSHCLIENT.C:1650: Creating userauth protocol. debug(18-JAN-2016 12:09:08.97): client supports 3 auth methods: 'publickey,keyboard-interactive,password' debug(18-JAN-2016 12:09:08.97): SshUnixTcp/SSHUNIXTCP.C:1683: using local hostname pasy.to.dot.state.fl.us debug(18-JAN-2016 12:09:08.97): Ssh2Common/SSHCOMMON.C:541: local ip = 156.75.145.123, local port = 53864 debug(18-JAN-2016 12:09:08.97): Ssh2Common/SSHCOMMON.C:543: remote ip = 10.200.32.16, remote port = 22 debug(18-JAN-2016 12:09:08.97): SshConnection/SSHCONN.C:2311: Wrapping... debug(18-JAN-2016 12:09:08.97): SshReadLine/SSHREADLINE.C:3662: Initializing ReadLine... debug(18-JAN-2016 12:09:08.97): Remote version: SSH-2.0-Sun_SSH_2.2 debug(18-JAN-2016 12:09:08.97): Sun_SSH: Major: 2 Minor: 2 Revision: 0 debug(18-JAN-2016 12:09:08.98): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection debug(18-JAN-2016 12:09:08.98): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 20 to connection debug(18-JAN-2016 12:09:08.98): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection debug(18-JAN-2016 12:09:08.98): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 30 to connection debug(18-JAN-2016 12:09:09.00): Ssh2Transport/TRCOMMON.C:2306: lang s to c: `de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh -TW,i-default', lang c to s: `de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default' debug(18-JAN-2016 12:09:09.00): Ssh2Transport/TRCOMMON.C:2371: c_to_s: cipher arcfour, mac hmac-sha1, compression none debug(18-JAN-2016 12:09:09.00): Ssh2Transport/TRCOMMON.C:2374: s_to_c: cipher arcfour, mac hmac-sha1, compression none debug(18-JAN-2016 12:09:09.01): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection debug(18-JAN-2016 12:09:09.01): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 30 to connection debug(18-JAN-2016 12:09:09.02): Remote host key found from database. debug(18-JAN-2016 12:09:09.03): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection debug(18-JAN-2016 12:09:09.03): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 21 to connection debug(18-JAN-2016 12:09:09.03): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection debug(18-JAN-2016 12:09:09.03): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 5 to connection debug(18-JAN-2016 12:09:09.08): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection debug(18-JAN-2016 12:09:09.08): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection debug(18-JAN-2016 12:09:09.08): Ssh2Common/SSHCOMMON.C:342: Received SSH_CROSS_STARTUP packet from connection protocol. debug(18-JAN-2016 12:09:09.08): Ssh2Common/SSHCOMMON.C:392: Received SSH_CROSS_ALGORITHMS packet from connection protocol. This is a private communications network for authorized use only. If you do not have authorizations discontinue use at once. All information is subject to recording and review without notice. Any unauthorized use of this network is subject to prosecution. Use of this network implies consent to these conditions. debug(18-JAN-2016 12:09:09.08): server offers auth methods 'gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive'. debug(18-JAN-2016 12:09:09.09): Ssh2AuthPubKeyClient/AUTHC-PUBKEY.C:1677: adding keyfile "/PASDISK2/pas_app/ssh2/ID_RSA_2048_B" to ca ndidates debug(18-JAN-2016 12:09:09.09): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection debug(18-JAN-2016 12:09:09.09): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection debug(18-JAN-2016 12:09:09.10): server offers auth methods 'gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive'. debug(18-JAN-2016 12:09:09.10): Ssh2AuthClient/SSHAUTHC.C:366: Method 'publickey' disabled. debug(18-JAN-2016 12:09:09.10): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection debug(18-JAN-2016 12:09:09.10): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection debug(18-JAN-2016 12:09:09.10): server offers auth methods 'gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive'. debug(18-JAN-2016 12:09:09.10): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection debug(18-JAN-2016 12:09:09.10): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection Keyboard-interactive: Password:
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-18-2016 06:58 PM
ā01-18-2016 06:58 PM
Re: public key authentication failing
> I have setup these public key authentication 100 times between openVMS
> and solaris [...]
Your self-confidence is inspiring, but it doesn't provide much
reliable info on key file contents, location, ownership, or permissions.
> [...] can you tell the reason why its saying public key method
> disabled?
I'd guess that "disabled" here means that the public-key
authentication attempt failed. If you want to test that hypothesis, you
could observe a working connection, and then damage some key file, and
re-observe the resulting non-working connection.
Generally, to avoid facilitating a break-in attempt, the server does
not tell the client much about authentication failures. You might find
more useful info in the log files on the server.
> Sftp2/SFTP2.C:4804: CRTL version (SYS$SHARE:DECC$SHARE ident) is: V7.3-2-04
Possibly more informative:
tcpip show version
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-20-2016 10:41 AM
ā01-20-2016 10:41 AM
Re: public key authentication failing
Check the protections on the key files, and check the server logs, and check whether the server is willing to use insecure encryption ā more than a few ssh servers are not. Why? The arcfour encryption is insecure, and will rejected by most newer ssh configurations ā by OpenSSH 6.7 and later, and other ssh seervers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā01-20-2016 03:19 PM
ā01-20-2016 03:19 PM
Re: public key authentication failing
> [...] check whether the server is willing to use insecure encryption
> [...]
I know nothing, but I'd say that if you get so far as a
"Keyboard-interactive:" / "Password:" prompt, then the client and server
have probably negotiated some communication scheme acceptable to both.