fyrfyter
asked on
SCP authentication problem
Experts,
Perplexing problem here. when I try to use scp (winscp, pscp, etc) from a windows xp box connect to a linux box I get an authentication error. When I ssh to the same linux box with the same username/password, I have no problems authenticating. Not sure what to look for???
Any help would be greatly appreciated.
Perplexing problem here. when I try to use scp (winscp, pscp, etc) from a windows xp box connect to a linux box I get an authentication error. When I ssh to the same linux box with the same username/password, I have no problems authenticating. Not sure what to look for???
Any help would be greatly appreciated.
have you tried connecting to the box by using the IP and port numbers instead of the DNS names? This might help you diagnose the problem.
Nei file di log c'è qualche messaggio di errore particolare ??
Se provi ad effettuare un collegamento SFPT funziona ?! Anche se quest'ultimo effettua una connessione attraverso la porta 22, ma giusto per avere qualche info in più ...
My2Cent
Se provi ad effettuare un collegamento SFPT funziona ?! Anche se quest'ultimo effettua una connessione attraverso la porta 22, ma giusto per avere qualche info in più ...
My2Cent
ASKER
tlovie,
I did try that. same result. It is not a connection issue, but an authentication issue. I can connect just fine using the dns name. It just doesn't accept my password.
myfox,
Sorry, I dont speak that language.
Thanks,
I did try that. same result. It is not a connection issue, but an authentication issue. I can connect just fine using the dns name. It just doesn't accept my password.
myfox,
Sorry, I dont speak that language.
Thanks,
Oops here's the translation ...
In the log file is there any particular error message?
If you try to make a connection SFPT working?! Even if he makes a connection through port 22, but just to get some more info ...
My2Cent
In the log file is there any particular error message?
If you try to make a connection SFPT working?! Even if he makes a connection through port 22, but just to get some more info ...
My2Cent
Do you have access to the logs of the ssh server? perhaps the default crypto methods inside of putty/pscp are not supported on the server side. are you able to authenticate to any other linux servers using putty? I'm assuming that you're using a recent version of putty 0.60.
ASKER
Heres the pscp log:
P:\>pscp -r -v username@host.com:"/home/u
M" P:\
Looking up host "host.com"
Connecting to 11.11.11.11 port 22
Server version: SSH-1.5-Cisco-1.25
We believe remote version has SSH-1 ignore bug
We believe remote version needs a plain SSH-1 password
We believe remote version can't handle SSH-1 RSA authentication
We claim version: SSH-1.5-PuTTY_Release_0.60
Using SSH protocol version 1
Received public keys
Host key fingerprint is:
1024 "omitted"
Encrypted session key
AES not supported in SSH-1, skipping
Using 3DES encryption
Trying to enable encryption...
Initialised triple-DES inner-CBC encryption
Installing CRC compensation attack detector
Successfully started encryption
Sent username "username"
username@host.com's password:
Sending unpadded password
Sent password
Access denied
Authentication refused
P:\>pscp -r -v username@host.com:"/home/u
M" P:\
Looking up host "host.com"
Connecting to 11.11.11.11 port 22
Server version: SSH-1.5-Cisco-1.25
We believe remote version has SSH-1 ignore bug
We believe remote version needs a plain SSH-1 password
We believe remote version can't handle SSH-1 RSA authentication
We claim version: SSH-1.5-PuTTY_Release_0.60
Using SSH protocol version 1
Received public keys
Host key fingerprint is:
1024 "omitted"
Encrypted session key
AES not supported in SSH-1, skipping
Using 3DES encryption
Trying to enable encryption...
Initialised triple-DES inner-CBC encryption
Installing CRC compensation attack detector
Successfully started encryption
Sent username "username"
username@host.com's password:
Sending unpadded password
Sent password
Access denied
Authentication refused
Add the following line in /etc/ssh/sshd_config
Protocol 2
and restart sshd service by giving the following command.
service sshd restart, client also use ssh2
Regards
- Krishna
Protocol 2
and restart sshd service by giving the following command.
service sshd restart, client also use ssh2
Regards
- Krishna
1) Cisco SSH server can't handle 'SCP' sessions
2) Cisco server uses SSH version 1, that doesn't support SFTP
So you can't 'SCP' there by any means. What you can do is to login via SSH, put your files to some external FTP/HTTP server, then use this IOS command to copy these files to the Cisco:
>enable
Password: *****
# copy ftp://remotehost.com/ flash:
You may copy in another direction too.
Hope this helps.
Regards,
Arty
2) Cisco server uses SSH version 1, that doesn't support SFTP
So you can't 'SCP' there by any means. What you can do is to login via SSH, put your files to some external FTP/HTTP server, then use this IOS command to copy these files to the Cisco:
>enable
Password: *****
# copy ftp://remotehost.com/ flash:
You may copy in another direction too.
Hope this helps.
Regards,
Arty
Cisco do handle scp (server and client) in IOS since about 12.2-12.3. I think you need to upgrade.
ASKER
Thanks for your comments.
Krishna,
Protocol 2 is already in the sshd_config file.
Arty,
This is not a cisco issue. If you look at my original post, I am trying to connect via an scp client from a windows box to a linux box. IOS is not involved.
The thing that is odd is that if I tail the /var/log/auth.log file, there are no entries for the failed authentication attempt from the scp client. But the scp client returns an authentication failed error...
Krishna,
Protocol 2 is already in the sshd_config file.
Arty,
This is not a cisco issue. If you look at my original post, I am trying to connect via an scp client from a windows box to a linux box. IOS is not involved.
The thing that is odd is that if I tail the /var/log/auth.log file, there are no entries for the failed authentication attempt from the scp client. But the scp client returns an authentication failed error...
You could try to install cygwin and from there try to scp to see if works. I think that it doesn't use any native dll. Experts may correct me here. If it's like that there seems to be some trouble with your native windows binaries.
http://www.cygwin.com/
Download the setup.exe and start it.
Install standard + the openssh (input ssh in the search window and check the checkbox for openssh binary)
proceed to finalize. It will take a little time to install.
Start the the Cygwin Bash shell from start-button->cygwin->Cygw
Run scp and ssh to see if it works.
http://www.cygwin.com/
Download the setup.exe and start it.
Install standard + the openssh (input ssh in the search window and check the checkbox for openssh binary)
proceed to finalize. It will take a little time to install.
Start the the Cygwin Bash shell from start-button->cygwin->Cygw
Run scp and ssh to see if it works.
Winscp offers a number of data transfer protocols. These include SFTP (the default), SCP, and FTP. The defaultis not SCP! Unfortunately if you just click on the stored session, you don't get to view this. I'd suggest create the session again from scratch, and ensure that either SCP is selected or click the box which says 'Allow SCP fallback'. That way there will an attempt to connect via port 22 which will appear in your auth.log file.
I suspect that you've used the default winscp configuration which is SFTP, which will fail!
HTH:)
( (()
(`-' _\
'' ''
I suspect that you've used the default winscp configuration which is SFTP, which will fail!
HTH:)
( (()
(`-' _\
'' ''
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.