hope everything is ok with you guys!
I am trying via bash script reach a sftp server in order to download some files and then load them into a table. Simple as that!
I followed every step described on setting-up-sftp-public-key-authentication and I think I did all ok.
- I did created the public/private rsa files (without passphrase)
- I did the copy of id_rsa.pub on server side as authorized_keys
- I setup the permissions (700) according to the steps mentioned in the link above
At the first moment, everything worked fine and when I tried run, for example, the command sftp /usr/ls.command user@host.xxx.com and I got the expected result, that is, the ls command ran without asking me the password.
but now, when I am trying to run the same command, I get the following result:
Permission denied (publickey,password). Couldn't read packet:
Connection reset by peer
I already recreated the public/private, copy the public key to the server side and set up the permission, but it is not working.
here the ls on local side
root@server:~/.ssh> ls -lrt /root/.ssh/
total 12
-r-------- 1 root root 3538 Feb 7 09:54 known_hosts
-rw------- 1 root root 397 Jun 28 08:59 id_rsa.pub
-rw------- 1 root root 1679 Jun 28 08:59 id_rsa
here it is the ls on server side:
sftp> ls -rlt
-rwx------ 1 meli sftpserver 397 Jun 28 10:01 authorized_keys
sftp>
and here the output of sftp -vvv user@host.xxx.com command:
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to host.xxx.com [0.0.0.0] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
This line called my attention:
debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key
The rest of the output:
debug1: identity file /root/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "host.xxx.com" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: xxx
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 7c:23:46:da:52:31:6e:75:d2:a3:7a:13:03:b6:7d:21
debug3: load_hostkeys: loading entries for host "host.xxx.com" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "0.0.0.0" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'host.xxx.com' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:8
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x7f8bf66ed8e0)
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
password:
Any idea? Thanks!!!!!
Best Answer
it seems that sftp -b can only be used in conjunction with non-interactive authentication. This is why you are not prompted for a password when you use sftp in batch mode.