Unable To Perform SSH Key Authentication Without Client Needing To Specify Password For Sftp User (Doc ID 2262094.1)

Last updated on MAY 09, 2017

Applies to:

Oracle Managed File Transfer - Version 12.2.1.2.0 and later
Information in this document applies to any platform.

Symptoms

Unable to perform SSH key authentication without client needing to specify password for sftp user


When trying to login:

sftp -vvv -F ~/.ssh/config.sftp example.com

debug1: Remote protocol version 2.0, remote software version SSHD-CORE-0.14.0
debug1: no match: SSHD-CORE-0.14.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,aes128-ctr,arcfour128
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,aes128-ctr,arcfour128
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512
debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 525/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 1149
debug3: put_host_port: [xxxx]:7522
debug3: put_host_port: [xxx]:7522
debug3: check_host_in_hostfile: host [xxx]:7522 filename /refresh/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host [xxx]:7522 filename /refresh/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: host [xxxxx]:7522 filename /refresh/home/.ssh/known_hosts
debug3: check_host_in_hostfile: host [xxxx]:7522 filename /refresh/home/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host '[celvpvm03611.us.oracle.com]:7522' is known and matches the RSA host key.
debug1: Found key in /refresh/home/.ssh/known_hosts:2
debug2: bits set: 510/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1165
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1213
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /refresh/home/mftest ((nil))
debug3: Wrote 64 bytes for a total of 1277
debug1: Authentications that can continue: password,keyboard-interactive,publickey
debug3: start over, passed a different list password,keyboard-interactive,publickey
debug3: preferred publickey,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /refresh/home/mftest
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/refresh/home/mftest':
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA a8:d3:19:1e:ed:8e:ca:a9:f7:fa:01:60:a0:d0:86:57:ab:4e:67:e0
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 640 bytes for a total of 1917
debug1: Authentications that can continue: password,keyboard-interactive,publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred:
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 2013
debug2: input_userauth_info_req
Password authentication
debug2: input_userauth_info_req: num_prompts 1
Password:

 

On MFT logs:

[2017-05-02T21:35:09.964+00:00] [mft_server1] [NOTIFICATION] [] [oracle.mft.SECURITY] [tid: sshd-SshServer[3b636baf]-nio2-thread-3] [userId: ] [ecid: 1e9ffb7b-fd54-4325-8385-540a1c7b9d77-0000000a,0:1839:105:3] [APP: mft-app] [partition-name: DOMAIN] [tenant-name: GLOBAL] oracle.mft.SECURITY.: Public Key not found. Please check if public key exists at keystore location





Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms