Server refused public-key signature despite accepting key! #39

Closed
JeanGionet opened this Issue Nov 18, 2015 · 11 comments

Comments

Projects
None yet
6 participants
@JeanGionet

I followed the instructions to install OpenSSH on my 64bit Windows Server 2012 R2 server.
The server appears to be running properly.
I can SSH to it remotely using an ssh client such as Putty to gain access using USER@DOMAIN and my network password! Yay!
I followed your instruction on how to create a key. Now I'm trying to configure public-key access and I'm getting the error "Server refused public-key signature despite accepting key!"
I made sure that these settings are NOT commented out in my sshd_config file:
RSAAuthentication yes
PubkeyAuthentication yes

I tried on the local server itself to see if it made a diff. Same results.

C:\Users\GIONETJE.ssh>ssh.exe -i id_rsa -l gionetje@MYDOMAIN localhost -v
OpenSSH_7.1p1 Microsoft Win32 port, OpenSSL 1.0.2d 9 Jul 2015
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: allocating new sfd, sfd [3] fd [3] handle [496] type [2]
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: allocating new sfd, sfd [4] fd [4] handle [504] type [1]
debug1: identity file id_rsa type 1
debug1: _open() returned error, errno [2]
debug1: key_load_public: No such file or directory
debug1: identity file id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1p1 Microsoft Win32 port Nov 9 2
015
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'gionetje@MYDOMAIN'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com none
debug1: kex: client->server chacha20-poly1305@openssh.com none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:AtcTexTZXuc2egtmU7s9lShjLwYD
lKgQ68wiVNXL4UA
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in C:\Users\GIONETJE.ssh\known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Offering RSA public key: id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: allocating new sfd, sfd [4] fd [4] handle [504] type [1]
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: password
gionetje@ontario@localhost's password:

Any ideas? Am I missing something?
Thanks

@manojampalam

This comment has been minimized.

Show comment
Hide comment
Collaborator

manojampalam commented Nov 18, 2015

@JeanGionet

This comment has been minimized.

Show comment
Hide comment
@JeanGionet

JeanGionet Nov 19, 2015

Yes I did.

I just ran it again to make sure and I'm still experiencing the same results. (I did reboot after I ran the script again)
I'm assuming I got an error on the DLL copy as it was already done prior to starting the SSHD process.

D:\OpenSSH>setup-ssh-lsa.cmd
D:\OpenSSH>if AMD64 == x86 (set lsadll=D:\OpenSSH\x86\ssh-lsa.dll )
D:\OpenSSH>if AMD64 == AMD64 (set lsadll=D:\OpenSSH\x64\ssh-lsa.dll )
D:\OpenSSH>copy D:\OpenSSH\x64\ssh-lsa.dll C:\Windows\system32
The process cannot access the file because it is being used by another process.
0 file(s) copied.
D:\OpenSSH>reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication
Packages" /t REG_MULTI_SZ /d msv1_0\0ssh-lsa.dll -f
The operation completed successfully.
D:\OpenSSH>

Yes I did.

I just ran it again to make sure and I'm still experiencing the same results. (I did reboot after I ran the script again)
I'm assuming I got an error on the DLL copy as it was already done prior to starting the SSHD process.

D:\OpenSSH>setup-ssh-lsa.cmd
D:\OpenSSH>if AMD64 == x86 (set lsadll=D:\OpenSSH\x86\ssh-lsa.dll )
D:\OpenSSH>if AMD64 == AMD64 (set lsadll=D:\OpenSSH\x64\ssh-lsa.dll )
D:\OpenSSH>copy D:\OpenSSH\x64\ssh-lsa.dll C:\Windows\system32
The process cannot access the file because it is being used by another process.
0 file(s) copied.
D:\OpenSSH>reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication
Packages" /t REG_MULTI_SZ /d msv1_0\0ssh-lsa.dll -f
The operation completed successfully.
D:\OpenSSH>

@manojampalam

This comment has been minimized.

Show comment
Hide comment
@manojampalam

manojampalam Nov 19, 2015

Collaborator

Ah, I see that you are using a domain account. I'll have to double check but I believe the current implementation does not support domain accounts for key auth. I think this is a due to restrictions in getting domain account tokens without a password.

Collaborator

manojampalam commented Nov 19, 2015

Ah, I see that you are using a domain account. I'll have to double check but I believe the current implementation does not support domain accounts for key auth. I think this is a due to restrictions in getting domain account tokens without a password.

@JeanGionet

This comment has been minimized.

Show comment
Hide comment
@JeanGionet

JeanGionet Nov 20, 2015

Thanks for looking into this issue!
I realize it's still in development, however it seems to be working pretty well despite the keys not working for domain accounts.

Thanks for looking into this issue!
I realize it's still in development, however it seems to be working pretty well despite the keys not working for domain accounts.

@quamrulmina

This comment has been minimized.

Show comment
Hide comment
@quamrulmina

quamrulmina Nov 20, 2015

Contributor

It will be fixed in a future release - Domain account with keys can be authenticated. It is a current implementation limit but will be fixed considering keys authentication is widely used instead of password.

Contributor

quamrulmina commented Nov 20, 2015

It will be fixed in a future release - Domain account with keys can be authenticated. It is a current implementation limit but will be fixed considering keys authentication is widely used instead of password.

@JeanGionet

This comment has been minimized.

Show comment
Hide comment
@JeanGionet

JeanGionet Nov 23, 2015

That's great! I'll anxiously await for that release so I can give it a try!
thanks

That's great! I'll anxiously await for that release so I can give it a try!
thanks

@scottbeech

This comment has been minimized.

Show comment
Hide comment
@scottbeech

scottbeech Dec 3, 2015

Solution works perfectly, excepting for the lack of domain account support for key auth.
I've spent a bunch of time trying to get this working until I found this thread.
Would be great to get this working as soon as you can.
Thanks!

Solution works perfectly, excepting for the lack of domain account support for key auth.
I've spent a bunch of time trying to get this working until I found this thread.
Would be great to get this working as soon as you can.
Thanks!

@manojampalam

This comment has been minimized.

Show comment
Hide comment
@manojampalam

manojampalam Feb 1, 2016

Collaborator

ETA end of Feb

Collaborator

manojampalam commented Feb 1, 2016

ETA end of Feb

@manojampalam

This comment has been minimized.

Show comment
Hide comment
@manojampalam

manojampalam Feb 27, 2016

Collaborator

dup #17

Collaborator

manojampalam commented Feb 27, 2016

dup #17

@mjnip

This comment has been minimized.

Show comment
Hide comment
@mjnip

mjnip Sep 20, 2016

manojampalam - I am using a local user and have completed all steps as stated above. I am still receiving error Server refused public-key signature despite accepting key!

I have also uncommented:
RSAAuthentication yes
PubkeyAuthentication yes

and have the keys in the .ssh/authorized_keys folder within the local user folder.

I grabbed the latest build from September 16, 2016.

mjnip commented Sep 20, 2016

manojampalam - I am using a local user and have completed all steps as stated above. I am still receiving error Server refused public-key signature despite accepting key!

I have also uncommented:
RSAAuthentication yes
PubkeyAuthentication yes

and have the keys in the .ssh/authorized_keys folder within the local user folder.

I grabbed the latest build from September 16, 2016.

@Aigeec

This comment has been minimized.

Show comment
Hide comment
@Aigeec

Aigeec Feb 21, 2017

@mjnip I was getting something similar with the 64 bit binaries

try ssh.exe -i id_rsa -l gionetje localhost -v (without the domain)

A

Aigeec commented Feb 21, 2017

@mjnip I was getting something similar with the 64 bit binaries

try ssh.exe -i id_rsa -l gionetje localhost -v (without the domain)

A

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment