Password authentication only in SecureCRT
Richard E. Silverman
BanFiz> "Server unexpectedly failed to verify PublicKey authentication
BanFiz> signature. Please verify that identity.pub matches the public
BanFiz> key file you uploaded to the server."
BanFiz> "192.168.1.2" Jun 18 01:56:19 banfiz sshd2[12995]: WARNING:
BanFiz> Public key operation failed for geoff.
This is a very specific error. It means that client supplied a public key
which the server found in the authorized_keys file, but the client then
supplied a signature which the server could not verify using that key.
This suggests that your key files on the client are mixed up -- that the
key in your private key file is not a match for the public one. In other
words, if in SecureCRT you set your key file to be "foo", there is also a
"foo.pub" in the same directory, which contains the key which you put in
the target account's authorized_keys file -- but foo/foo.pub aren't
actually a private/public pair.
I can't think of another way this could happen, and I was able to obtain
the same sshd2 error message by doing it deliberately. However, I also
got a very explicit dialog box from SecureCRT, saying:
The key information contained in h:\.ssh\foo does not match the key
information contained in h:\.ssh\foo.pub and therefore the server has
rejected the login.
But I'm using SecureCRT 3.1b2; perhaps you're using an earlier version
that doesn't say that. Or perhaps something else is going on...
--
Richard Silverman
sl...@shore.net
BanFiz
windows machine using securecrt 3.0.3 with password authentication but as
soon as i select public key authentication from the popup box in securecrt,
I get the following message...
"Server unexpectedly failed to verify PublicKey authentication signature.
Please verify that identity.pub matches the public key file you uploaded to
the server."
and syslog on the server reveals.....
Jun 18 01:56:16 banfiz sshd2[12681]: connection from "192.168.1.2"
Jun 18 01:56:19 banfiz sshd2[12995]: WARNING: Public key operation failed
for geoff.
Jun 18 01:57:32 banfiz sshd2[12995]: Remote host disconnected: Unable to
authenticate using any of the configured authentication methods
Jun 18 01:57:32 banfiz sshd2[12995]: disconnected by application in remote:
'Unable to authenticate using any of the configured authentication methods'
I can use ssh and connect to the server via localhost, and the Reverselookup
option for dns in the sshd2_config file is set to no. I have also tried
setting the allow hosts option as well.
My authorization file is set correctly and also the correct public key is
defind in my ~/.ssh2 dir also.
Any ideas?
BanFiz
drop back and try the current stable release. I have noticed that the
public hostkey in securecrt doesn't match any of the keys on the server at
all.
Is this key generated automatically or should it be the same one as the
public key in my ~/.ssh2 dir?
I've also tried regenerating my public/private kes several times but each
time I copy the new public key to the server and then try and logon, I get
the same message.
PS: I'm using sshd2 not ssh so there is no authorized_keys file.
"Richard E. Silverman" <sl...@shore.net> wrote in message
news:m1litv8...@syrinx.oankali.net...
BanFiz
with publickey authentication after generating a set of keys for F-Secure.
Must be something weird going on in securecrt ???
Tim
wrote:
>I have just setup sshd2 and I can connect to it fine on port 22 from a
>windows machine using securecrt 3.0.3 with password authentication but as
>soon as i select public key authentication from the popup box in securecrt,
>I get the following message...
>
>"Server unexpectedly failed to verify PublicKey authentication signature.
>Please verify that identity.pub matches the public key file you uploaded to
>the server."
>
>and syslog on the server reveals.....
>
>Jun 18 01:56:16 banfiz sshd2[12681]: connection from "192.168.1.2"
>Jun 18 01:56:19 banfiz sshd2[12995]: WARNING: Public key operation failed
>for geoff.
>Jun 18 01:57:32 banfiz sshd2[12995]: Remote host disconnected: Unable to
>authenticate using any of the configured authentication methods
>Jun 18 01:57:32 banfiz sshd2[12995]: disconnected by application in remote:
>'Unable to authenticate using any of the configured authentication methods'
>
>I can use ssh and connect to the server via localhost, and the Reverselookup
>option for dns in the sshd2_config file is set to no. I have also tried
>setting the allow hosts option as well.
>
>My authorization file is set correctly and also the correct public key is
>defind in my ~/.ssh2 dir also.
>
>Any ideas?
Make sure when you copy the public-key authentication files to the
server from SecureCRT and visa-versa, that you xfer it via Windows
"cut-n-paste" (explained in HELP section 5.4) or ASCII mode via FTP.
Sending the files across SAMBA or NFS will NOT cut the mustard.
SecureCRT is "brain dead" in this aspect, and refuses to recognize the
files correctly (has to do with UNiX to Windows EOL convention),
unlike other Windows-based SSH2 clients (e.g., DataFellow's F-Secure
SSH2 client) that do.
BanFiz
"Tim" <bod...@f.pobox.com> wrote in message
news:bkdoks07s08kh1k961eigbulbfkqp4pkt0@news...
Richard E. Silverman
Well, I'm not sure what's going on. It works for me, with SecureCRT 3.1b2
and SSH 2.1.0. I generated a new DSA keypair with SecureCRT, copied the
public key to ~/.ssh2/foo.pub, and added "Key foo.pub" to
~/.ssh2/authorization. You're sure you created a DSA key and not an RSA
one? That is, the selected protocol was SSH2 when you clicked on
"Advanced" to generate the key?
BanFiz> I got the same error when I used the latest beta which is why
BanFiz> I decided to drop back and try the current stable release.
This is curious to me, since I can't make the SecureCRT 3.03 work with
SSH2; it fails with:
SecureCRT is disconnecting from the SSH server for the following reason:
reason code 2
VanDyke says this is a server draft incompatibility problem, and they have
a workaround in the beta version 3.1b2 available from www.vandyke.com (you
can select SSH2 as a server in the connection properties dialog). I've
verified that this works. So I'm puzzled that you were able to get
anywhere at all with 3.03.
--
Richard Silverman
sl...@shore.net
BanFiz
>
> Well, I'm not sure what's going on. It works for me, with SecureCRT 3.1b2
> and SSH 2.1.0. I generated a new DSA keypair with SecureCRT, copied the
> public key to ~/.ssh2/foo.pub, and added "Key foo.pub" to
> ~/.ssh2/authorization. You're sure you created a DSA key and not an RSA
> one? That is, the selected protocol was SSH2 when you clicked on
> "Advanced" to generate the key?
SecureCRT doesn't even give me an option of creating DSA or RSA keys.
> SecureCRT is disconnecting from the SSH server for the following reason:
> reason code 2
>
I have to choose standard from the popup menu for SSH Server or else I get
that code 2 error as well.
When I choose public key authentication, it is still asking me for my
passphrase but after I give it it comes back with the error message about my
public key failed to verify.