Permissions needed to write to authorized_keys2 file


Author
Message
rmassart
rmassart
Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)
Group: Forum Members
Posts: 21, Visits: 112
I don't seem to be able to get fortress to update or createe the authorized_keys2 file. If the file already contains the user's public key, authentication works.  But if a new user supplies their public key for the first time and file does not exist and authenticates using their domain password I get errors like this in the fortress log:

Server Fatal error: recv from socket failed: No such file or directory

And like this in the event log:

Unable to stat() authorized keys file  [path to file]

It also does not work if the file exists and is empty.

I suspect I am missing a permission, but it's not clear which. Or is there something else wrong?

The fortress version is: Version:  5.0 Build 9 Revision 2031

Thanks.


Beth Redd
Beth Redd
Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)
Group: Administrators
Posts: 81, Visits: 180
Hello,

The authorized_keys2 file is modified under the user context of the user trying to store the key. The user should have read/write access to the authorized_keys2 file as well as the configured directory location for authorized_keys.

The socket error is not related to the authorization. This error could be from the client disconnecting while trying to authorize. You can try a verbose connection on the client side to see if it is closing after the authentication fails.

Beth Redd
rmassart
rmassart
Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)
Group: Forum Members
Posts: 21, Visits: 112
I can no longer authenticate using my public key either. I get these messages in the application event logs and I am seeing these error messages:

Faulting application name: sshd64.exe, version: 5.0.9.2031, time stamp: 0x50b66b5c

Faulting module name: PragmaAuth.dll, version: 5.0.9.2031, time stamp: 0x50b6696c

Exception code: 0xc0000417

Fault offset: 0x000000000000578c

Faulting process id: 0x6b8

Faulting application start time: 0x01cf8a003d383c9c

Faulting application path: C:\Program Files\Pragma\Fortress\sshd64.exe

Faulting module path: C:\Program Files\Pragma\Fortress\PragmaAuth.dll

Report Id: 7cf9fc5d-f5f3-11e3-8327-00237dd085be

Can you help?

Thanks,

Robin

Beth Redd
Beth Redd
Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)
Group: Administrators
Posts: 81, Visits: 180
Hello,

You will need to update to the latest build for a fix fore this issue. Please go to http://www.pragmasys.com/ssh-server/download to get the latest version. You will be able to install directly over your existing installation. 

Please make sure that all sessions are closed and all configuration programs are closed. You should reboot after the update.

Beth Redd
rmassart
rmassart
Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)
Group: Forum Members
Posts: 21, Visits: 112
I am still struggling with this. 

I have these two errors in the event log:

=========================

Faulting application name: sshd64.exe, version: 5.0.9.2696, time stamp: 0x539a6b15

Faulting module name: ntdll.dll, version: 6.1.7601.22436, time stamp: 0x521eb03f

Exception code: 0xc0000374

Fault offset: 0x00000000000c4322

Faulting process id: 0x1c7c

Faulting application start time: 0x01cf947349aad1b6

Faulting application path: C:\Program Files\Pragma\Fortress\sshd64.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 8da2df76-0066-11e4-b191-00237dd06bb8

==========================

Faulting application name: sshd64.exe, version: 5.0.9.2696, time stamp: 0x539a6b15

Faulting module name: PragmaAuth.dll, version: 5.0.9.2696, time stamp: 0x539a6937

Exception code: 0xc0000417

Fault offset: 0x000000000000579c

Faulting process id: 0x1a54

Faulting application start time: 0x01cf9504aa240e7e

Faulting application path: C:\Program Files\Pragma\Fortress\sshd64.exe

Faulting module path: C:\Program Files\Pragma\Fortress\PragmaAuth.dll

Report Id: e9901c9b-00f7-11e4-b191-00237dd06bb8

=========================

The first mentions ntdll.dll and the second is PragmaAuth.dll.

What I can't get to work is the initial registration of a user without using the registry to store keys. I cannot get the system to update the authorized_keys2 file. If I have the registry enabled, it works *sometimes*. ie eventually I see the new public key in the authorized_keys2 file, but I do not know how it got updated. You mentioned above that the user who is loging on is the account that needs access to the file, but I don't see that. Login only seems to work if I give "Everyone" read access. Am I missing another account that needs read access?

Once the public key is stored in this file, I can connect from both our load balanced servers and read the key stored on our fileserver. 

I have also manually removed the Keys from the PAD folder in the registry. I know this is bad practice, but I want to make sure the system is not authenticating from there. This however has caused problems and might be the cause of the errors about. I am not sure. Is there a documented way of removing the keys stored in the registry?

At the moment I can't help feeling there is some dependency between storing keys in registry and in the authorized_keys2 file.

Thanks for your help...

Robin

 
Beth Redd
Beth Redd
Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)
Group: Administrators
Posts: 81, Visits: 180
Hello,

I'm sorry that you are having such issues.

Please make sure that you have Auto store keys in the registry and Authenticate from the registry off. There is no need to have either of these on to use authentication from file.

Also make sure you have Always or "Only when autoloading keys" selected on the Password Options page.

Lastly, you will need to reboot if you have not already. The passwordless authentication library requires a reboot.

If you continue to have issues, please turn on Server Operation Logging. Go to the Logging page on the Local Server Configuration program. Turn on Server Operation Logging and set the level to 6. Configure a directory for the log files. Make sure that the ssh users have write access to the configured directory. 

Run a test where the user fails to logon, then send me the file.
 

Beth Redd
rmassart
rmassart
Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)
Group: Forum Members
Posts: 21, Visits: 112
What I have been able to deduce so far is that when there is an entry in the PAD folder in the registry, the user can logon with their public key and it will be stored correctly in their authorized_keys2 file. When there is no such entry, the error below occurs.

Help!

Attached is a log file as requested. There seems to be a problem loading the user profile?

The error message in the event viewer i:

Faulting application name: sshd64.exe, version: 5.0.9.2696, time stamp: 0x539a6b15
Faulting module name: PragmaAuth.dll, version: 5.0.9.2696, time stamp: 0x539a6937
Exception code: 0xc0000417
Fault offset: 0x000000000000579c
Faulting process id: 0x13f4
Faulting application start time: 0x01cf96cf54ea95bc
Faulting application path: C:\Program Files\Pragma\Fortress\sshd64.exe
Faulting module path: C:\Program Files\Pragma\Fortress\PragmaAuth.dll
Report Id: 936fbdbc-02c2-11e4-bbb5-00237dd06bb8
Attachments
ssh_6812_1651_ops.zip (1 view, 3.00 KB)
Beth Redd
Beth Redd
Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)
Group: Administrators
Posts: 81, Visits: 180
I've forwarded all of this information to the developer. He is looking into the issue now. 

I will get back to you as soon as I hear something from him.

Beth Redd
rmassart
rmassart
Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)Supreme Being (215 reputation)
Group: Forum Members
Posts: 21, Visits: 112
Is there any feedback from the developer?
Beth Redd
Beth Redd
Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)Pragmateer (789 reputation)
Group: Administrators
Posts: 81, Visits: 180
I'm sorry for the not getting back to you. The developer has been unable to duplicate the issue. A workaround is to provide you with debug versions of the sshd binary and the pragmaauth.dll. This has worked for another cusotmer having a similar issue.

Would you be willing to test with the debug versions? I can provide you a download link if you are interested.

Beth Redd
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search