1

A newbie about sFtp and and authentication via key files. Here is my problem;

1- I have an .p12 certificate(provided by the host owner); which I used openssl to extract my private key(.pem) file out of it.

2-Using this file; I tried to login via WinSCP client; and since WinSCP does not support .pem files; I converted the file into .ppk format.

3-When I try to login with my .ppk file; seems like host does not refuse my key file; but still prompts be a password(which I dont have, because authentication is via key files only). So I am not sure where did I do wrong and why server still prompts me a password;so I am stuck with a "Further authentication required" message.

Here are my WinSCP client logs when I try to login :

. Looking up host "xxxxx.yyyy" for SSH connection
. Connecting to xx.xxx.xxx.xxx port 22
. We claim version: SSH-2.0-WinSCP_release_5.11
. Server version: SSH-2.0-SSHD
. Using SSH protocol version 2
. Have a known host key of type rsa2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange with hash SHA-256
. Host key fingerprint is:
. ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
. Verifying host key rsa2 0x....
. Host key matches cached key
. Initialised AES-256 SDCTR client->server encryption
. Initialised HMAC-SHA1 client->server MAC algorithm
. Initialised AES-256 SDCTR server->client encryption
. Initialised HMAC-SHA1 server->client MAC algorithm
. Reading key file "C:\OpenSSL-Win64\bin\private.ppk"
! Using username "myusername".
. Server offered these authentication methods: password,publickey,keyboard-interactive
. Offered public key
. Offer of public key accepted
! Authenticating with public key "imported-openssh-key"
. Sent public key signature
! Further authentication required
Improve this question
3
  • Is the .p12 really a certificate? Or just a simple private key? - Can you login with PuTTY? Or any other SSH/SFTP client? - How did you convert the .pem to .ppk? Also you mention first .p12 and them .pem, those are different formats - Did you get any information with that .p12 file from the host owner?
    – Martin Prikryl
    Commented Sep 18, 2017 at 10:32
  • .p12 is really a certificate. I cant login with putty or any other ftp client(CoreFTP,Filezilla etc..).I used openssl to get. pem file from certificate and I used Putty Gen for coverting .pem file into .ppk. My host owner mentioned something getting "passphrase"; I also created my keys using passphrase as well; but this time WinSCP asks passphrase; and then asks password again. I am just trying to be sure that, the issue is client or server related.
    – Jean
    Commented Sep 18, 2017 at 10:44
  • Did the owner include more information?
    – grawity_u1686
    Commented Sep 18, 2017 at 11:02

1 Answer 1

Reset to default
0

Standard SSH/SFTP protocol does not use certificates. Only a simple key pair.

There's a proprietary implementation in OpenSSH that allows it using certificates:
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD

But that's implemented by OpenSSH toolset only (both client and server).

WinSCP, FileZilla or PuTTY (and others) do not support this proprietary authentication method.

But your server does not seem to be OpenSSH. So the information that you have a certificate can actually be wrong.

Improve this answer
1
  • actually , I am just using certificate(.p12) to extract my private/public key; as you see in the logs; I am sending my public key to server(which I believe it is a valid key; because I also tried to modify key and saw an "key is rejected" message from the server)
    – Jean
    Commented Sep 18, 2017 at 11:15

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .