SSH key authentication issues

[davefrag]

I am running Vshell on a Linux platform.

I have a client that has provided me with their single public key file named "id_dsa.pub" that appears to contain 3 keys. I'll call those keys USR1@host1, USR2@host1 and USR3@host1. I've placed that file in that clients /.vshell/publickey directory.

When the client attempts to make an SFTP connection while logged into the "USR3@host1" account on their remote system, the connection works. When the client attempts to make an SFTP connection while logged into either "USR1@host1" or "USR2@host1" accounts on their system, key authentication fails.

The remote user attempting to establish the connection is receiving the following messages when the connection attempy fails:

debug1: Next authentication method: publickey
debug1: Trying private key: /client/u/usr1//.ssh/id_rsa
debug3: no such identity: /client/u/usr1//.ssh/id_rsa
debug1: Trying private key: /client/u/usr1//.ssh/id_dsa
debug3: no such identity: /client/u/usr1//.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password

Since this issue is becoming very frustrating to say the least, any and all assistance is appreciated.

[davefrag]

Thanks for the quick reply rtb.

All three users (USR1, USR2 and USR3) on the remote systems are connecting to my Vshell SFTP server using the same account "clientacct1".

What appears to be three ssh keys within one file is located in "\clientacct1\.vshell\publickey\id_dsa.pub".

Although within the key it identifies "USR1@host1", "USR2@host1" and "USR3@host1" only "USR3" on host1 can successfully make a connection. When "USR2" on host1 tries it fails and when "USR1" on host2 tries, it fails too.

[davefrag]

Hi rtb -

Still can't get this to work. I've removed the authroized_keys file from the ~/.vshell/publickey/ directory and renamed the existing .pub file to authorized_keys. Our client is still not able to authenticate using anyother account than "USR3@host1" which is the last ssh key listed within the authorized_keys file. I've attached a copy of the authorized_keys file to this posting for your review.

Appreciate any help you can provide to resolve this issue. Thanks.

- Dave

[davefrag]

Todd -

There is both a .pub file containing three ssh keys and an authroized_keys file. Both are in the ~/.vshell/publickey/ directory. I believe that our client provided both, but I can't be sure about that.

As part of the steps in trying to resolve this issue, I removed all files from the ~/.vshell/publickey/ directory and placed a new .pub file in that directory which contained only one ssh key that the client sent me this past Friday. The client tested access and it still didn't work.

Although I'm not an admin of the Linux server the software is installed on, I should be able to find out what the vshell version info is. Can you suggest a command for me to use or where to look for it?

- Dave

[rtb]

*************************************
This was originally posted on 12-12-2011, 2:51pm
*************************************

Thanks for the information.

You can get the version of VShell using the following command:vshelld -version
I doubt that you will be able to run the command if you are not the UNIX administrator.

*************************************
This was originally posted on 12-12-2011, 2:12pm
*************************************

Hi Dave,

Thanks for the update. I don't see an attached file. Would you send this file to support@vandyke.com with a subject of Attn: Todd - Forum thread #9580?

Additionally, it seems like you have provided additional information. Initially, you mentioned that you had a single .pub file. Now you have mentioned in your most recent post that you had an authorized_keys file, and a .pub file.

If you did have an authorized_keys file in the home directory for the user account, where did it come from?

Did the end user actually provide you with a .pub file with three keys in the file?

What version of VShell are you using?

*************************************
This was originally posted on 12-07-2011, 2:00pm
*************************************

Hi davefrag,

Thanks for the additional information. A little background may be helpful.

VShell has the ability to use a different .pub file for each public-key file that a user may potentially need or want to use during publickey authentication. For example, the home folder for a single user account can have multiple keys:

~/.vshell/publickey/usr1.pub
~/.vshell/publickey/usr2.pub
~/.vshell/publickey/usr3.pub

All three users in this scenario (usr1, usr2, usr3) can use their own public-key for authentication using the same user account.

This is in contrast to OpenSSH which uses a single authorized_keys file for all public-keys that might be used for publickey authentication. For users wanting to transition from OpenSSH to VShell, VShell does have a mechanism to use an existing OpenSSH authorized_keys file. If a file called authorized_keys is placed in the following location, then VShell will treat the file as a multiple key file like OpenSSH:

~/.vshell/publickey/authorized_keys

Without knowing the history of the file, it seems like what you have received is a renamed authorized_keys file.

If you rename the .pub file to be authorized_keys, are the different users able to use the same user account with their own public-keys for successful authentication?

*************************************
This was originally posted on 12-07-2011,10:08am
*************************************

Hi davefrag,

Thanks for the question. If I understand correctly, you have a client with three user accounts trying to connect to VShell using each account.

Did you place the file in each ~/.vshell/publickey directory for each user account that the client is using, or did you only place the .pub file in the directory for USR3?

If you only placed the file in the USR3 account directory, is the problem resolved by placing the file in the other user account directories (USR1 and USR2)?