login about faq

We are having an issue where we cannot properly authenticate to a remote SFTP server via public key (sftp.AuthenticatePk) on one of our machines, however when we initiate the same connection from either our test bed or another machine, everything connects perfectly.

On the functioning machine and test environments AuthenticatePK returns true and we can interact with the sftp server as normal, however on the unsuccessful machine AuthenticatePK returns false. Both are running identical code and loading the same private key file. On the unsuccessful machine the AuthFailReason returns as 0 after receiving false from Authenticate PK.

Here is the LastErrorText from the failing machine, I've erased the UnlockPrefix, Username and login, but can provide those if needed:

ChilkatLog:
  AuthenticatePk:
    DllDate: Aug 26 2015
    ChilkatVersion: 9.5.0.52
    UnlockPrefix: XXX
    Username: XXX
    Architecture: Little Endian; 32-bit
    Language: .NET 4.0
    VerboseLogging: 0
    SshVersion: SSH-2.0-9.99 sshlib: 8.0.0.2
    SftpVersion: 0
    login: XXX
    sshAuthenticatePk:
      requestUserAuthService:
        sendServiceRequest:
          svcName: ssh-userauth
          SentServiceReq: ssh-userauth
        --sendServiceRequest
        sshReadMessage:
          mType: SERVICE_ACCEPT
        --sshReadMessage
        ssh-userauth service accepted.
      --requestUserAuthService
      Using an RSA key.
      publicKeyBlobSize: 279
      msgPayloadSize: 351
      Sent public-key request.
      sshReadMessage:
        mType: USERAUTH_PK_OK
      --sshReadMessage
      OK to proceed with publickey authentication.
      rsaSigLen: 256
      Sent public-key request with signature.
      sshReadMessage:
        mType: USERAUTH_FAILURE
      --sshReadMessage
      Authentication failed or partial success. (4)
      PartialSuccess4: 0
      AuthList: publickey,password
      Publickey authentication failed..
    --sshAuthenticatePk
    Failed.
  --AuthenticatePk
--ChilkatLog

Here is the LastErrorText from a working machine:

ChilkatLog:
  AuthenticatePk:
    DllDate: Aug 26 2015
    ChilkatVersion: 9.5.0.52
    UnlockPrefix: XXX
    Username: XXX
    Architecture: Little Endian; 32-bit
    Language: .NET 4.0
    VerboseLogging: 0
    SshVersion: SSH-2.0-9.99 sshlib: 8.0.0.2
    SftpVersion: 0
    login: XXX
    sshAuthenticatePk:
      requestUserAuthService:
        sendServiceRequest:
          svcName: ssh-userauth
          SentServiceReq: ssh-userauth
        --sendServiceRequest
        sshReadMessage:
          mType: SERVICE_ACCEPT
        --sshReadMessage
        ssh-userauth service accepted.
      --requestUserAuthService
      Using an RSA key.
      publicKeyBlobSize: 279
      msgPayloadSize: 351
      Sent public-key request.
      sshReadMessage:
        mType: USERAUTH_PK_OK
      --sshReadMessage
      OK to proceed with publickey authentication.
      rsaSigLen: 256
      Sent public-key request with signature.
      sshReadMessage:
        mType: USERAUTH_SUCCESS
      --sshReadMessage
      Public-key authentication succeeded.
    --sshAuthenticatePk
    Success.
  --AuthenticatePk
--ChilkatLog

Is there any way to get more information on what may be causing the server to reject the authentication from one machine but not another?

asked Sep 16 '15 at 15:58

hatterson's gravatar image

hatterson
1


The public key part of your private key should be installed on the SSH server for the given user account. The most likely cause of the problem is that the public key was installed under the wrong user account, or the wrong public key was installed on the SSH server under the correct user account.

link

answered Sep 16 '15 at 21:33

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

Sorry if I wasn't clear, both machines are connecting to the same SFTP server and are using the same user account (and same keypair) Unfortunately I don't control the server and it's buried behind several layers of corporate red tape, so I cannot do any analysis on it directly to see exactly what's reaching it. Nor do I control the firewalls between the machine that's failing and the servers so I can't confirm nothing is being blocked.

(Sep 16 '15 at 21:50) hatterson

I was hoping to be able to collect more specific information to be able to present to either the firewall group or the server group to be able to pinpoint the issue, but don't see anything in the error text. Is there any more detailed information about what the client may be receiving? Or any way to tell if a firewall may be blocking/modifying something in the key exchange.

(Sep 16 '15 at 21:50) hatterson
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×201
×6

Asked: Sep 16 '15 at 15:58

Seen: 979 times

Last updated: Sep 16 '15 at 21:50

powered by OSQA