Coreftp server build 222, key authentication suddenly fails.
Posted: Fri Feb 29, 2008 10:12 am
Hi,
We are running coreftpserver build 222 as a service and using key authentification.
After some time our users were no longer able to get files.
Copy of logfile:
[20080229 09:17:21] [157.193.XXX.XXX] prdadm, download of '/200802/801001110709.pdf'
[20080229 09:17:21] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:31:52] [157.193.XXX.XXX] connecting
[20080229 09:31:52] [157.193.XXX.XXX] connected
[20080229 09:31:53] [157.193.XXX.XXX] prdadm, download of '/200801/801001849222.pdf'
[20080229 09:31:53] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:32:28] [157.193.XXX.XXX] connecting
[20080229 09:32:28] [157.193.XXX.XXX] connected
[20080229 09:32:29] [157.193.XXX.XXX] prdadm, download of '/200802/801001849222.pdf'
[20080229 09:32:29] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:56:20] [157.193.XXX.XXX] connecting
[20080229 09:56:20] [157.193.XXX.XXX] connected
[20080229 09:56:20] [157.193.XXX.XXX] connecting
[20080229 09:56:20] [157.193.XXX.XXX] connected
[20080229 09:56:21] [157.193.XXX.XXX] prdadm, download of '/200802/802000156448.pdf'
[20080229 09:56:21] [157.193.XXX.XXX] prdadm, download of '/200802/801001662494.pdf'
[20080229 09:56:21] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:56:21] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:57:25] [157.193.XXX.XXX] connecting
[20080229 09:57:25] [157.193.XXX.XXX] connected
[20080229 09:57:26] [157.193.XXX.XXX] disconnected ((null))
[20080229 09:57:38] [157.193.XXX.XXX] connecting
[20080229 09:57:38] [157.193.XXX.XXX] connected
[20080229 09:57:38] [157.193.XXX.XXX] disconnected ((null))
As you can see, from 9h57 on, it was no longer possible to get files.
Error message in client:
Connecting to XXXXXX01...
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to ranjan01 [157.193.YYY.YYY] port 22.
debug1: Connection established.
debug1: identity file /home/prdadm/.ssh/id_rsa type 1
debug1: identity file /home/prdadm/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version CoreFTP-0.1.1
debug1: no match: CoreFTP-0.1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: Failed to acquire GSS-API credentials for any mechanisms (No
credentials were supplied, or the credentials were unavailable or
inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: dh_gen_key: priv key bits set: 125/256
debug1: bits set: 525/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'ranjan01' is known and matches the RSA host key.
debug1: Found key in /home/prdadm/.ssh/known_hosts:5
debug1: bits set: 519/1024
RSA_public_decrypt failed: error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01
debug1: ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key
debug1: Calling cleanup 0x34214(0x0)
Connection closed
Stopping and restarting the service solved the problem.
Is this a problem that has been fixed in the newer versions of your program?
If we install a new version, do we have to reconfigure everything or is the config.dat-file compatible for all versions?
Regards,
Günther
We are running coreftpserver build 222 as a service and using key authentification.
After some time our users were no longer able to get files.
Copy of logfile:
[20080229 09:17:21] [157.193.XXX.XXX] prdadm, download of '/200802/801001110709.pdf'
[20080229 09:17:21] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:31:52] [157.193.XXX.XXX] connecting
[20080229 09:31:52] [157.193.XXX.XXX] connected
[20080229 09:31:53] [157.193.XXX.XXX] prdadm, download of '/200801/801001849222.pdf'
[20080229 09:31:53] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:32:28] [157.193.XXX.XXX] connecting
[20080229 09:32:28] [157.193.XXX.XXX] connected
[20080229 09:32:29] [157.193.XXX.XXX] prdadm, download of '/200802/801001849222.pdf'
[20080229 09:32:29] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:56:20] [157.193.XXX.XXX] connecting
[20080229 09:56:20] [157.193.XXX.XXX] connected
[20080229 09:56:20] [157.193.XXX.XXX] connecting
[20080229 09:56:20] [157.193.XXX.XXX] connected
[20080229 09:56:21] [157.193.XXX.XXX] prdadm, download of '/200802/802000156448.pdf'
[20080229 09:56:21] [157.193.XXX.XXX] prdadm, download of '/200802/801001662494.pdf'
[20080229 09:56:21] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:56:21] [157.193.XXX.XXX] disconnected (prdadm)
[20080229 09:57:25] [157.193.XXX.XXX] connecting
[20080229 09:57:25] [157.193.XXX.XXX] connected
[20080229 09:57:26] [157.193.XXX.XXX] disconnected ((null))
[20080229 09:57:38] [157.193.XXX.XXX] connecting
[20080229 09:57:38] [157.193.XXX.XXX] connected
[20080229 09:57:38] [157.193.XXX.XXX] disconnected ((null))
As you can see, from 9h57 on, it was no longer possible to get files.
Error message in client:
Connecting to XXXXXX01...
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to ranjan01 [157.193.YYY.YYY] port 22.
debug1: Connection established.
debug1: identity file /home/prdadm/.ssh/id_rsa type 1
debug1: identity file /home/prdadm/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version CoreFTP-0.1.1
debug1: no match: CoreFTP-0.1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: Failed to acquire GSS-API credentials for any mechanisms (No
credentials were supplied, or the credentials were unavailable or
inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: dh_gen_key: priv key bits set: 125/256
debug1: bits set: 525/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'ranjan01' is known and matches the RSA host key.
debug1: Found key in /home/prdadm/.ssh/known_hosts:5
debug1: bits set: 519/1024
RSA_public_decrypt failed: error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01
debug1: ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key
debug1: Calling cleanup 0x34214(0x0)
Connection closed
Stopping and restarting the service solved the problem.
Is this a problem that has been fixed in the newer versions of your program?
If we install a new version, do we have to reconfigure everything or is the config.dat-file compatible for all versions?
Regards,
Günther