Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

Unable to authenticate a user into Reflection for Secure IT Server via public key

This document (7023041) is provided subject to the disclaimer at the end of this document.

Environment

Reflection for Secure IT Server for Windows

Situation

An ssh/sftp client may fail to connect to Reflection for Secure IT (RSIT) Windows server via key pair.  Tracing the connection, the server debug log reports:
"the public key could not be found among the public keys configured for this user or group in RSSHD settings...; public key refused."

Something similar to the following:

000000000135 2018-05-30 16:39:27.411 2628 W2K8RSITTSTSE\LOCAL2:[Trace][40252] 
WindowsServerAuthenticator.cpp:WindowsServerAuthenticator::IsSshKeyTrusted(1940) Reading authorization file:
"C:\Users\local2\.ssh2\authorization". Found public keys from user's settings: Key ' "2048-bit RSA, exported by
Administrator@user-laptop"' from C:\Users\local2\.ssh2usertest.pub.

000000000136 2018-05-30 16:39:27.411 2628 W2K8RSITTSTSE\LOCAL2:[Info][30304]
WindowsServerAuthenticator.cpp:WindowsServerAuthenticator::IsSshKeyTrusted(1969) Logon attempt 1 for user
name 'local2' with logon method 'publickey' (algorithm: 'ssh-rsa', public key fingerprint:
dc:b3:d1:45:31:08:17:f4:79:09:bd:f4:a7:c9:16:2a, test only): the public key could not be found among the public
keys configured for this user or group in RSSHD settings (%D\.ssh2\authorization); public key refused.




Resolution

Request a new copy of client's public key file. Add/replace the one currently on the server.  Be sure that the authorization file includes an entry that point to the new public key file.

Example entry inside of an "authorization" file:
key new_public_key.pub

Cause

The problem may be related to mismatched key pair.  The server may not have a copy of the public key file the client is using to connect. To check, use ssh-keygen -l switch to extract the fingerprint(s) from the server file and compare it to the one the client is presenting.

In the above example, the client presents the following fingerprint to the server:
    dc:b3:d1:45:31:08:17:f4:79:09:bd:f4:a7:c9:16:2a

On the server, the account's public key folder is set to:
    "C:\Users\local2\.ssh2"

From a Windows Command prompt, use the following syntax to extract the fingerprint from each of the public key files if there are more than one in the folder:
    ssh-keygen -l -f <public key name>

Example:
    C:\Program Files\Micro Focus\RSecureServer>ssh-keygen -l -f "C:\users\local2\.ssh2\usertest.pub"
    2048 c3:d7:0f:7b:fc:9c:ff:79:e2:cc:45:c6:e4:9a:47:f9 Comment: "2048-bit RSA, exported by Administrator@user-laptop"

Note that the two fingerprints in this example do not match.
From Client:           dc:b3:d1:45:31:08:17:f4:79:09:bd:f4:a7:c9:16:2a
Found on Server:    c3:d7:0f:7b:fc:9c:ff:79:e2:cc:45:c6:e4:9a:47:f9

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7023041
  • Creation Date:01-JUN-18
  • Modified Date:01-JUN-18
    • NovellReflection for Secure IT Server for Windows

Did this document solve your problem? Provide Feedback