Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sftp prompts suddenly password after setting authorized_keys from linux to windows which was working for long time #2284

Open
3 tasks done
KNazeerAhamed opened this issue Oct 10, 2024 · 3 comments
Labels
Area-Authentication Waiting on Author Need more information to diagnose

Comments

@KNazeerAhamed
Copy link

Prerequisites

  • Write a descriptive title.
  • Make sure you are able to repro it on the latest version
  • Search the existing issues.

Steps to reproduce

sftp prompts suddenly password after setting authorized_keys from linux to windows which was working for long time

Expected behavior

It should connect without password

Actual behavior

But keep on asking password after setting up the authorized_keys in the remote server which is windows.

Error details

No response

Environment data

PS C:\Users\prv_nazeer> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17763.4644
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.4644
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version

OpenSSH_8.0p1

Visuals

No response

@tgauth
Copy link
Collaborator

tgauth commented Oct 10, 2024

Is it still OpenSSH 8.0 or has it been updated to OpenSSH 9.5? Is it an admin or non-admin user?
If it is an administrator account and using OpenSSH 9.5, the key will need to be in administrators_authorized_keys unless the default sshd_config file has been modified.

If that doesn't work, can you provide the log files? Instructions to retrieve the log files can be found at: https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps

@KNazeerAhamed
Copy link
Author

Below is the debug from Linux server connect to Windows server.

ssh -vvv svcs_sftp_els@edcfcsn1.esh.ae
OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host edcfcsn1.esh.ae originally edcfcsn1.esh.ae
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host edcfcsn1.esh.ae originally edcfcsn1.esh.ae
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug2: resolving "edcfcsn1.esh.ae" port 22
debug2: ssh_connect_direct
debug1: Connecting to edcfcsn1.esh.ae [172.16.51.10] port 22.
debug1: Connection established.
debug1: identity file /home/smcmgr/.ssh/id_rsa type 0
debug1: identity file /home/smcmgr/.ssh/id_rsa-cert type -1
debug1: identity file /home/smcmgr/.ssh/id_dsa type -1
debug1: identity file /home/smcmgr/.ssh/id_dsa-cert type -1
debug1: identity file /home/smcmgr/.ssh/id_ecdsa type -1
debug1: identity file /home/smcmgr/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/smcmgr/.ssh/id_ed25519 type -1
debug1: identity file /home/smcmgr/.ssh/id_ed25519-cert type -1
debug1: identity file /home/smcmgr/.ssh/id_xmss type -1
debug1: identity file /home/smcmgr/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_9.1
debug1: match: OpenSSH_for_Windows_9.1 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to edcfcsn1.esh.ae:22 as 'svcs_sftp_els'
debug3: hostkeys_foreach: reading file "/home/smcmgr/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/smcmgr/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from edcfcsn1.esh.ae
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: compression: none
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Ck+PgMM71Hwmo2x/SJ0vd4uW/mZJlidf8ri2LpKXABw
debug3: hostkeys_foreach: reading file "/home/smcmgr/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/smcmgr/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from edcfcsn1.esh.ae
debug3: hostkeys_foreach: reading file "/home/smcmgr/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/smcmgr/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from 172.16.51.10
debug1: Host 'edcfcsn1.esh.ae' is known and matches the ECDSA host key.
debug1: Found key in /home/smcmgr/.ssh/known_hosts:4
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/smcmgr/.ssh/id_rsa RSA SHA256:TGUd6bMv0sGNMlhwccE09ENb5nOsK5YUgISnz9sm8NM
debug1: Will attempt key: /home/smcmgr/.ssh/id_dsa
debug1: Will attempt key: /home/smcmgr/.ssh/id_ecdsa
debug1: Will attempt key: /home/smcmgr/.ssh/id_ed25519
debug1: Will attempt key: /home/smcmgr/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com (unrecognised)
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/smcmgr/.ssh/id_rsa RSA SHA256:TGUd6bMv0sGNMlhwccE09ENb5nOsK5YUgISnz9sm8NM
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/smcmgr/.ssh/id_dsa
debug3: no such identity: /home/smcmgr/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/smcmgr/.ssh/id_ecdsa
debug3: no such identity: /home/smcmgr/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/smcmgr/.ssh/id_ed25519
debug3: no such identity: /home/smcmgr/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/smcmgr/.ssh/id_xmss
debug3: no such identity: /home/smcmgr/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
svcs_sftp_els@edcfcsn1.esh.ae's password:

@tgauth
Copy link
Collaborator

tgauth commented Oct 10, 2024

Thanks - looks like the SSH server is rejecting the RSA key. Are you able to pull the SSH server logs?

@tgauth tgauth added Waiting on Author Need more information to diagnose Area-Authentication labels Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area-Authentication Waiting on Author Need more information to diagnose
Projects
None yet
Development

No branches or pull requests

2 participants