Question : Problem: public key sftp / ssh prompts for password

Hi,

We generated a private/public key pair using F-secure Version 2 and send
the public key to a Solaris 10 server and name it as
a) /home/user1/.ssh/authorized_keys
b) /home/user1/.ssh/authorized_keys2
c) /home/user1/.ssh/id_rsa.pub

Yes, I created 3 separate files (all same content) but different names just
be sure as I've read different versions on the Net.

I then created user1 with home dir /home/user1 and make all the above 3
key files owned by this user1 with permission 644.

When the Wintel sftp / ssh client tried to connect to this Solaris server, it
always prompt for password.  I then cleared the password for user1
but it still prompts for password (but with empty password, hitting ENTER
would login to the Solaris 10 server).

What did I miss?  Thought with public key created on the Solaris 10 server,
I should be able to sftp or ssh into the Solaris server even if user1 has a
password, right?

Let me know any other info you need?  I can attach the public keyfile if
needed, perhaps amend a few characters for security sake.

I ever heard public keyfile can be of openSSH or one other format
(reply from ftp.com> ) but we're not using crossftp
but Fsecure sftp (which we don't have support anymore) :

Hi,
         We use the Linux/Unix standard openssh key format for the SFTP protocol in our client. SFTP client uses only the private key and its key passphrase if available (in your case, your passphrase is empty, which means your private key is in clear text. You can ask your system admin to add the passprase on the key file to get better security). Public key is used by the SFTP server for varification.
         What you need to do is a simple key conversion, which converts your SSH2 key format to the openssh key format. The following is the guide on how to do this conversion:
  http://alexandria.wiki.sourceforge.net/SSH+Key+Generation#key_conversion

         We have converted your sent key to the openssh format, and attached in this email. Due to the security considerations, normally you should not send the key to us, but you need to convert it by yourself.

         To connect to the SFTP server, open the site manager, fill in the General -> Site Host, and put the openssh formated private key file in Security -> Private Key File, put the passphrase if needed. Then click connect to connect to the server.

Answer : Problem: public key sftp / ssh prompts for password

Q1 -

As far as one can tell, the keys look good. The comment in the public key looks a bit strange, as it says '... Host Key...'. But this should make no difference, as long as the private part fits to it.

It is correct to generate the key pair on the client side and to send the public part to the server.

On the server side the public key must be appended to the appropriate 'authorized_keys' file of the target user.

You as the client initiate the connection with your private key being in the right place and readable only by you (Unix mode  600).

Q2 - the client sends the key to the server, that's OK.

The server's hostkey must be in your known_hosts file. It depends on the setting of your ssh client whether you let the key be automatically appended (with or without confirmation), or whether you have the key sent to you by the server people and integrate it by yourself. (In Unix - ssh_config / StrictHostKeyChecking).

Unfortunately I can't tell you much about the Windows part of it all, but basically it's the same in Windows and Unix. Paths may differ in Windows, however.

The Solaris paths you mentioned in your Q are correct.

wmp