Permissions needed to write to authorized_keys2 file

Pragma Systems Technical Forum

Back

Home
»
Community
»
FortressSSH
»
Permissions needed to write to authorized_keys2 file

Permissions needed to write to authorized_keys2 file

Author	Message
rmassart	rmassart posted 11 Years Ago Post Details
Group: Forum Members Posts: 21, Visits: 112	Is there any feedback from the developer?
	Reply Like 6
Beth Redd	Beth Redd posted 11 Years Ago Post Details
Group: Administrators Posts: 81, Visits: 180	I've forwarded all of this information to the developer. He is looking into the issue now. I will get back to you as soon as I hear something from him. Beth Redd
	Reply Like 5
rmassart	rmassart posted 11 Years Ago Post Details
Group: Forum Members Posts: 21, Visits: 112	What I have been able to deduce so far is that when there is an entry in the PAD folder in the registry, the user can logon with their public key and it will be stored correctly in their authorized_keys2 file. When there is no such entry, the error below occurs. Help! Attached is a log file as requested. There seems to be a problem loading the user profile? The error message in the event viewer i: Faulting application name: sshd64.exe, version: 5.0.9.2696, time stamp: 0x539a6b15 Faulting module name: PragmaAuth.dll, version: 5.0.9.2696, time stamp: 0x539a6937 Exception code: 0xc0000417 Fault offset: 0x000000000000579c Faulting process id: 0x13f4 Faulting application start time: 0x01cf96cf54ea95bc Faulting application path: C:\Program Files\Pragma\Fortress\sshd64.exe Faulting module path: C:\Program Files\Pragma\Fortress\PragmaAuth.dll Report Id: 936fbdbc-02c2-11e4-bbb5-00237dd06bb8 Attachments ssh_6812_1651_ops.zip (1 view, 3.00 KB)
	Reply Like 6
Beth Redd	Beth Redd posted 11 Years Ago Post Details
Group: Administrators Posts: 81, Visits: 180	Hello, I'm sorry that you are having such issues. Please make sure that you have Auto store keys in the registry and Authenticate from the registry off. There is no need to have either of these on to use authentication from file. Also make sure you have Always or "Only when autoloading keys" selected on the Password Options page. Lastly, you will need to reboot if you have not already. The passwordless authentication library requires a reboot. If you continue to have issues, please turn on Server Operation Logging. Go to the Logging page on the Local Server Configuration program. Turn on Server Operation Logging and set the level to 6. Configure a directory for the log files. Make sure that the ssh users have write access to the configured directory. Run a test where the user fails to logon, then send me the file. Beth Redd
	Reply Like 5
rmassart	rmassart posted 11 Years Ago Post Details
Group: Forum Members Posts: 21, Visits: 112	I am still struggling with this. I have these two errors in the event log: ========================= Faulting application name: sshd64.exe, version: 5.0.9.2696, time stamp: 0x539a6b15 Faulting module name: ntdll.dll, version: 6.1.7601.22436, time stamp: 0x521eb03f Exception code: 0xc0000374 Fault offset: 0x00000000000c4322 Faulting process id: 0x1c7c Faulting application start time: 0x01cf947349aad1b6 Faulting application path: C:\Program Files\Pragma\Fortress\sshd64.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 8da2df76-0066-11e4-b191-00237dd06bb8 ========================== Faulting application name: sshd64.exe, version: 5.0.9.2696, time stamp: 0x539a6b15 Faulting module name: PragmaAuth.dll, version: 5.0.9.2696, time stamp: 0x539a6937 Exception code: 0xc0000417 Fault offset: 0x000000000000579c Faulting process id: 0x1a54 Faulting application start time: 0x01cf9504aa240e7e Faulting application path: C:\Program Files\Pragma\Fortress\sshd64.exe Faulting module path: C:\Program Files\Pragma\Fortress\PragmaAuth.dll Report Id: e9901c9b-00f7-11e4-b191-00237dd06bb8 ========================= The first mentions ntdll.dll and the second is PragmaAuth.dll. What I can't get to work is the initial registration of a user without using the registry to store keys. I cannot get the system to update the authorized_keys2 file. If I have the registry enabled, it works sometimes. ie eventually I see the new public key in the authorized_keys2 file, but I do not know how it got updated. You mentioned above that the user who is loging on is the account that needs access to the file, but I don't see that. Login only seems to work if I give "Everyone" read access. Am I missing another account that needs read access? Once the public key is stored in this file, I can connect from both our load balanced servers and read the key stored on our fileserver. I have also manually removed the Keys from the PAD folder in the registry. I know this is bad practice, but I want to make sure the system is not authenticating from there. This however has caused problems and might be the cause of the errors about. I am not sure. Is there a documented way of removing the keys stored in the registry? At the moment I can't help feeling there is some dependency between storing keys in registry and in the authorized_keys2 file. Thanks for your help... Robin
	Reply Like 8
Beth Redd	Beth Redd posted 11 Years Ago Post Details
Group: Administrators Posts: 81, Visits: 180	Hello, You will need to update to the latest build for a fix fore this issue. Please go to http://www.pragmasys.com/ssh-server/download to get the latest version. You will be able to install directly over your existing installation. Please make sure that all sessions are closed and all configuration programs are closed. You should reboot after the update. Beth Redd
	Reply Like 8
rmassart	rmassart posted 11 Years Ago Post Details
Group: Forum Members Posts: 21, Visits: 112	I can no longer authenticate using my public key either. I get these messages in the application event logs and I am seeing these error messages: Faulting application name: sshd64.exe, version: 5.0.9.2031, time stamp: 0x50b66b5c Faulting module name: PragmaAuth.dll, version: 5.0.9.2031, time stamp: 0x50b6696c Exception code: 0xc0000417 Fault offset: 0x000000000000578c Faulting process id: 0x6b8 Faulting application start time: 0x01cf8a003d383c9c Faulting application path: C:\Program Files\Pragma\Fortress\sshd64.exe Faulting module path: C:\Program Files\Pragma\Fortress\PragmaAuth.dll Report Id: 7cf9fc5d-f5f3-11e3-8327-00237dd085be Can you help? Thanks, Robin
	Reply Like 8
Beth Redd	Beth Redd posted 11 Years Ago Post Details
Group: Administrators Posts: 81, Visits: 180	Hello, The authorized_keys2 file is modified under the user context of the user trying to store the key. The user should have read/write access to the authorized_keys2 file as well as the configured directory location for authorized_keys. The socket error is not related to the authorization. This error could be from the client disconnecting while trying to authorize. You can try a verbose connection on the client side to see if it is closing after the authentication fails. Beth Redd
	Reply Like 8
rmassart	rmassart posted 11 Years Ago HOT Topic Details
Group: Forum Members Posts: 21, Visits: 112	I don't seem to be able to get fortress to update or createe the authorized_keys2 file. If the file already contains the user's public key, authentication works. But if a new user supplies their public key for the first time and file does not exist and authenticates using their domain password I get errors like this in the fortress log: Server Fatal error: recv from socket failed: No such file or directory And like this in the event log: Unable to stat() authorized keys file [path to file] It also does not work if the file exists and is empty. I suspect I am missing a permission, but it's not clear which. Or is there something else wrong? The fortress version is: Version: 5.0 Build 9 Revision 2031 Thanks. Tags authorized_keys2 fortress
	Reply Like 8