Blog dedicated to Oracle Applications (E-Business Suite) Technology; covers Apps Architecture, Administration and third party bolt-ons to Apps

Monday, June 22, 2015

Server refused public-key signature despite accepting key!

A new SFTP connection was not working, even though everything looked fine:

1. Permissions were correct on directories:
chmod go-w $HOME/
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys
chmod 600 $HOME/.ssh/id_rsa
chmod 644 $HOME/.ssh/id_rsa.pub
chmod 644 $HOME/.ssh/known_hosts

2. Keys were correctly placed

However, it still asked for password, whenever SFTP connection was done:

Using username "sftpuser".
Authenticating with public key "rsa-key-20150214"
Server refused public-key signature despite accepting key!
Using keyboard-interactive authentication.
Password:

I tried various things, none worked and I eventually went back to my notes for SFTP troubleshooting:

1. Correct Permissions
chmod go-w $HOME/
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys
chmod 600 $HOME/.ssh/id_rsa
chmod 644 $HOME/.ssh/id_rsa.pub
chmod 644 $HOME/.ssh/known_hosts

2. Make sure the owner:group on the directories and files is correct:

ls -ld  $HOME/
ls -ld  $HOME/.ssh
ls -ltr $HOME/.ssh

3. Login as root

chown user:group $HOME 
chown user:group $HOME/.ssh
chown user:group $HOME/.ssh/authorized_keys
chown user:group $HOME/.ssh/id_rsa
chown user:group $HOME/.ssh/id_rsa.pub
chown user:group $HOME/.ssh/known_hosts

4. Check for user entries in /etc/passwd and /etc/shadow

5. grep user /etc/shadow

When I did the 5th step, I found that /etc/shadow entry for the user didn't exist.  So I did these steps:

chmod 600 /etc/shadow
vi /etc/shadow
Insert this new line at the end
sftpuser:UP:::::::
Save File
chmod 400 /etc/shadow

It started working after that.

No comments: