I experienced a problem similar to this.  The symptoms I saw were where the 
process worked fine from my local windows development machine but failed due to 
an unexplained "auth fail" when I moved it to a unix server.  Password and 
public key authentication worked fine from windows, also the Password based 
authentication worked from the server, but public key authentication failed no 
matter what I tried.  After a fair amount of deugging, I finally tracked the 
problem down to the security provider configuration being used on a particular 
host.  So far the default security provider configuration has worked for 
Windows and HP/UX, but I have experienced problems with a couple of different 
Sun machines.  

 

On Sun in particular, there is a security provider (SunPKCS11-Solaris) which 
provides the hash calculations needed by jsch, but it was apparently 
incompatible with the SSH protocol.  I was able to prove it by simulating the 
hash calculations being performed by the public key authentication process.  I 
didn't have enough time to research the exact cause, but I think it had 
something to do with the padding being used for the hash algorithm.

 

In my particular situation I was unable to modify the default security provider 
configuration so I resorted to a hack which resolved the problem for me.

I simply added a line of code which removed the provider if it was present.

 

java.security.Security.removeProvider("SunPKCS11-Solaris");

 

So if all else fails, take the time to confirm which security provider is being 
used by your jsch process.  It could be the cause of an otherwise unexplained 
public key "auth fail" error.

 

-

Don

 


 
> From: dave.alvar...@remanresource.com
> To: jsch-users@lists.sourceforge.net
> Date: Tue, 20 Oct 2009 10:13:58 -0600
> Subject: Re: [JSch-users] Getting "Auth fail" when trying to SFTP to localhost
> 
> Thanks for that.  That was definitely a problem.  I have put in the private 
> key you suggested but I'm still getting authentication failure, although the 
> log is a little different.  It is below.  Do you have other suggestions?  I 
> have verified that the private key is good as I'm able to do this ...
> 
> slogin -i /opt/keys/id_rsa test-u...@localhost
> 
> from a terminal without being asked for a password.
> 
> Thanks, - Dave
> 
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,072]: Connecting to 
> 127.0.0.1 port 22
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,073]: Connection established
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,087]: Remote version 
> string: SSH-2.0-OpenSSH_5.1
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,087]: Local version string: 
> SSH-2.0-JSCH-0.1.42
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,087]: CheckCiphers: 
> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,093]: SSH_MSG_KEXINIT sent
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,093]: SSH_MSG_KEXINIT 
> received
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,094]: kex: server->client 
> aes128-ctr hmac-md5 none
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,094]: kex: client->server 
> aes128-ctr hmac-md5 none
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,134]: SSH_MSG_KEXDH_INIT 
> sent
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,134]: expecting 
> SSH_MSG_KEXDH_REPLY
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,228]: ssh_rsa_verify: 
> signature true
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,229]: Host '127.0.0.1' is 
> known and mathces the RSA host key
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,229]: SSH_MSG_NEWKEYS sent
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,229]: SSH_MSG_NEWKEYS 
> received
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,231]: 
> SSH_MSG_SERVICE_REQUEST sent
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,231]: 
> SSH_MSG_SERVICE_ACCEPT received
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,243]: Authentications that 
> can continue: publickey,keyboard-interactive,password
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,243]: Next authentication 
> method: publickey
> INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,244]: Disconnecting from 
> 127.0.0.1 port 22
> ERROR [colorado.dor.dmv.driver.youthful.AddressFileProcessor, 2009-10-20 
> 10:04:35,244]: Error syncing files from remote to local.
> com.jcraft.jsch.JSchException: Auth fail
>         at com.jcraft.jsch.Session.connect(Session.java:452)
>         at com.jcraft.jsch.Session.connect(Session.java:150)
>         at 
> colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:82)
>         at 
> colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:73)
>         at 
> colorado.dor.dmv.driver.youthful.AddressFileProcessor.execute(AddressFileProcessor.java:106)
>         at 
> colorado.dor.dmv.driver.youthful.AddressFileProcessor.main(AddressFileProcessor.java:85)
> 
> 
> 
> 
> 
> 
> >  -------Original Message-------
> >  From: Keith Alan Richardson <keith.a...@gmail.com>
> >  Subject: Re: [JSch-users] Getting "Auth fail" when trying to SFTP to 
> > localhost
> >  Sent: Oct 20 '09 09:30
> >  
> >  Hi ,
> >  �
> >  Looking at the JSch log, it is trying publickey authentication.�  Most
> >  likely, problem is with your external setup
> >  �
> >  sftpIdPath should be referring to a private key file in OpenSSH format
> >  whose corresponding public key is listed in
> >  ~test-user/.ssh/authorized_keys.�  If you are not familiar with this, look
> >  at the second option described in [LINK:
> >  http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html]
> >  http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html
> >  �
> >  If this still doesn't work, take a look at the logs from� sshd
> >  (SSH� daemon process you are connecting to)� .
> >  �
> >  -Keith Alan Richardson
> >  �
> >  On Tue, Oct 20, 2009 at 4:46 PM, <[LINK:
> >  mailto:dave.alvar...@remanresource.com] dave.alvar...@remanresource.com>
> >  wrote:
> >  Hi,
> >  
> >  I am inexperienced in the field of security and encryption, but I have a
> >  Java console app and I want to SFTP to my localhost as the user
> >  "test-user". � I am running the app as user "dalvarado". � Here is my code
> >  ...
> >  
> >  �  � JSch jsch = new JSch();
> >  �  � jsch.setLogger(new SftpUtilityLogger());
> >  �  � jsch.addIdentity(sftpIdPath);
> >  �
> >  � 
> > jsch.setKnownHosts(ClassLoader.getSystemResourceAsStream(KNOWN_HOSTS_FILE));
> >  �  � return jsch.getSession(sftpUserName, sftpHost, 22); �  �  �  //
> >  sftpUsername is set to "test-user" and host is "127.0.0.1"
> >  
> >  and here's the error and jsch log. � What do I need to do to make this
> >  work so that I don't have to enter a password? � - Dave
> >  
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,044]: Connecting to
> >  127.0.0.1 port 22
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,044]: Connection
> >  established
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,058]: Remote version
> >  string: SSH-2.0-OpenSSH_5.1
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,058]: Local version
> >  string: SSH-2.0-JSCH-0.1.42
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,058]: CheckCiphers:
> >  
> > aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,065]: SSH_MSG_KEXINIT
> >  sent
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,065]: SSH_MSG_KEXINIT
> >  received
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,068]: kex:
> >  server->client aes128-ctr hmac-md5 none
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,068]: kex:
> >  client->server aes128-ctr hmac-md5 none
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,109]:
> >  SSH_MSG_KEXDH_INIT sent
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,109]: expecting
> >  SSH_MSG_KEXDH_REPLY
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]: ssh_rsa_verify:
> >  signature true
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]: Host
> >  '127.0.0.1' is known and mathces the RSA host key
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]: SSH_MSG_NEWKEYS
> >  sent
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]: SSH_MSG_NEWKEYS
> >  received
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,205]:
> >  SSH_MSG_SERVICE_REQUEST sent
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,205]:
> >  SSH_MSG_SERVICE_ACCEPT received
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,214]: Authentications
> >  that can continue: publickey,keyboard-interactive,password
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,214]: Next
> >  authentication method: publickey
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,518]: Authentications
> >  that can continue: keyboard-interactive,password
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,518]: Next
> >  authentication method: keyboard-interactive
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,536]: Authentications
> >  that can continue: password
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,536]: Next
> >  authentication method: password
> >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,538]: Disconnecting
> >  from 127.0.0.1 port 22
> >  ERROR [colorado.dor.dmv.driver.youthful.AddressFileProcessor, 2009-10-20
> >  08:31:25,538]: Error syncing files from remote to local.
> >  com.jcraft.jsch.JSchException: Auth fail
> >  �  �  �  � at com.jcraft.jsch.Session.connect(Session.java:452)
> >  �  �  �  � at com.jcraft.jsch.Session.connect(Session.java:150)
> >  �  �  �  � at
> >  
> > colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:81)
> >  �  �  �  � at
> >  
> > colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:72)
> >  �  �  �  � at
> >  
> > colorado.dor.dmv.driver.youthful.AddressFileProcessor.execute(AddressFileProcessor.java:106)
> >  �  �  �  � at
> >  
> > colorado.dor.dmv.driver.youthful.AddressFileProcessor.main(AddressFileProcessor.java:85)
> >  
> >  
> >  
> > ------------------------------------------------------------------------------
> >  Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> >  is the only developer event you need to attend this year. Jumpstart your
> >  developing skills, take BlackBerry mobile applications to market and stay
> >  ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> >  [LINK: http://p.sf.net/sfu/devconference]
> >  http://p.sf.net/sfu/devconference
> >  _______________________________________________
> >  JSch-users mailing list
> >  [LINK: mailto:jsch-us...@lists.sourceforge.net]
> >  JSch-users@lists.sourceforge.net
> >  [LINK: https://lists.sourceforge.net/lists/listinfo/jsch-users]
> >  https://lists.sourceforge.net/lists/listinfo/jsch-users
> 
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> JSch-users mailing list
> JSch-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jsch-users
                                          
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141664/direct/01/
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Reply via email to