MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » January 2013

Re: SFTP with key authentication failing after server migration



fixed

Hi Scott,

Sounds like you've set up the permissions on one file (the 'config' file) but haven't set it on anything else? I would make sure the .ssh subdirectory is read/write/execute for the userid, and it might be a good idea to block others access to tat dir. So maybe do:

chmod 700 /home/user/.ssh

I'd say that for most of the files in that directory, I'd want to give the owner read/write authority, and anyone else should have read.

cd /home/user/.ssh
chmod 644 *

Except that private keys should be only read/write by owner:

cd /home/user/.ssh
chmod 600 identity id_rsa id_dsa

(That assumes you have RSA1, RSA2 and DSA private keys... if you don't have them all, or have some different keys, change the filenames appropriately.)

Hope that helps


On 1/3/2013 10:36 AM, Scott Schollenberger wrote:
I have a client who we migrated to a new 8202-E4C a few weeks ago.
They do a daily scheduled file transfer to an outside vendor using SFTP with key authentication.
Since the server migration, the SFTP has been failing.

Initially the SFTP standard error output reported the following messages:

Bad owner or permissions on /home/PERFRM/.ssh/config
Connection closed

I have reset the authority on that file using the following command:

chmod 600 /home/PERFRM/.ssh/config

The SFTP standard error output now shows the following messages:

Permission denied, please try again.
Permission denied, please try again.
Permission denied (password).
Connection closed

So I'm wondering now if the server migration has impacted the key authentication in some way (other than the permissions of the config file).

The destination server still has the user's public key. But could it be seeing the user as NOT the authenticated user now because the connection is coming from a different server.

In other words, does the server in some way become part of the SFTP key authentication?
If so, will generating a new key for the user on the new server and providing it to the outside vendor solve the problem?

Thanks for any input.

Scott
________________________________


Scott Schollenberger
Vice President, Research & Development

P: 610-239-9988 x305
F: 610-239-9995
E: SSchollenberger@xxxxxxxxxxxxxxxxxx
[http://www.harriscomputer.com/images/signatures/HarrisSchools.gif]

[http://www.harriscomputer.com/images/signatures/DivisionofHarris.gif]<http://www.harriscomputer.com/>
100-2011 Renaissance Blvd.
King of Prussia, PA
19406
www.harris-schoolsolutions.com<http://www.harris-schoolsolutions.com>

This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact