I am trying to sftp into an a server hosted by someone else.
To make sure this worked I did the standard sftp [email protected] i was promted with the password and that worked fine.
I am setting up a cron script to send a file once a week so have given them our public key which they claim to have added to their authorized_keys file.
I now try sftp [email protected] again and I am still prompted for a password, but now the password doesn't work...
Connecting to [email protected]...
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied (publickey,password).
Couldn't read packet: Connection reset by peer
I did notice however that if I simply pressed enter (no password) it logged me in fine...
So here are my questions:
- Is there a way to check what privatekey/pulbickey pair my sftp connection is using?
- Is it possible to specify what key pair to use?
- If all is setup correctly (using correct key pair and added to authorized files) why am I being asked to enter a blank password?
Thanks for your help in advance!
UPDATE
I have just run sftp -vvv [email protected]
....
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: SHA1 fp 45:1b:e7:b6:33:41:1c:bb:0f:e3:c1:0f:1b:b0:d5:e4:28:a3:3f:0e
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
It seems to suggest that it tries to use the public key... What am I missing?
Did you create your key pair as the root user? Doesn't look like you did, as /root/.ssh/id_dsa does not appear to exist (or perhaps the permission are wrong: should only be read/writeable by root; no world/group read/write access).
EDIT
Looks like you've generated rsa keys by the look of your
lsbut you're offering dsa keys.Are you saying you can log in with empty root password? I would highly consider reviewing this and ensure the account has not being compromised.
should return
Open a new terminal and run sshd in debug mode ( -d option) on an other port. Debug mode only works if you use full path. So
Watch the stdout of that console and try sftp again
Check the output and if you cannot figure out what is happening, paste it to here.
ssh is VERY STRICT on permissions. Also, how are you specifying the key? Are you letting ssh try the default of ~/.ssh/id_rsa ?
Please try specifying the key at the CLI with this: -oIdentityFile=/root/.ssh/id_rsa
If you have access to the server as root, check auth.log and you can find out why it's rejecting the key... but it's very interesting that the server appears to accept the key at one point.