-
-
Notifications
You must be signed in to change notification settings - Fork 757
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fail to auth with public_keys when using sftp client after adding a user with rest v2 API #723
Comments
Hi, your request looks correct, can you please post the command you use client side for public key authenticatication? Are you sure you are sending the matching private key? |
Please let me list the detailed steps, the test is based on drakkan/sftpgo:v2.2.2-alpine docker image start the serverinit provider# sftpgo initprovider set environment variablechange the "create_default_admin" field in create_default_admin to true set both SFTPGO_DEFAULT_ADMIN_USERNAME and SFTPGO_DEFAULT_ADMIN_PASSWORD environment variable export SFTPGO_DEFAULT_ADMIN_USERNAME=admin
export SFTPGO_DEFAULT_ADMIN_PASSWORD=admin start the sftpgosftpgo serve -v create user with rest APIinstall packagesBefore creating user, I installed necessary packages. get Bearer TOKENget the TOKEN and export the TOKEN to environment variable TOKEN: curl http://localhost:8080/api/v2/token -u admin:admin -s
export TOKEN=<token from curl result> create private key and public key for sftp serverssh-keygen -f /tmp/test_key create add-user.json file with following content: {
"id": 0,
"status": 1,
"username": "test",
"email": "[email protected]",
"expiration_date": 0,
"home_dir": "/tmp/test-sftp",
"uid": 0,
"gid": 0,
"quota_size": 0,
"max_sessions": 0,
"quota_files": 0,
"upload_bandwidth": 0,
"download_bandwidth": 0,
"additional_info": "",
"permissions": {
"/": [
"*"
]
},
"filesystem": {
"provider": 0
},
"password": "123",
"public_keys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBP2XkFWl0gh9z8/UFJTiAz3Zg6ybluP6DJo/YIIhKGurgldUpQneUJoVEHbEeQW7JXQtTw8zIlIVlHVJyUSYn4lWqZYHnTLzwSGvsxqnfchuAVd2em40IhchkSiPbsfjJB4eYMs3wpZ2Op93f+AeTGmoMSgym8lcah0jX3eR9hWQwSPVhGK31AHVzhZ9cTEqnOStqOtCeNqIEKqd54h5JNgoZekuNXxyk2C33eaj+XCDvzYINQKwbw5eqkPH2IVSPt8bXMvNB4FL5dmfFe0l3DQyw/angtzVNZ4AptbVjOvAgg3zek34gsZJivqDnJ7pXWr4g2qu7YQ2O0H7T4AKyKIDyXWzvp0FTL2H9NubuEu/cOPWdG3H7iFVbOB+/Sy1LABo5Vgn4Pze0DZGY3DROso0o+yPVyXNirdsdfz3HrjXTP31jHCXn5sVDmp8dedc9OaIGGcZVSP7tk0UVGnw1rF2goRqROlA/8APJNnzO/lh+iQNPOTTmwgj7UE9N+Jk= root@2f4e0e68d9a6"
]
} the public_keys is from /tmp/test_key.pub send rest API command to sftpgo with curlcurl http://127.0.0.1:8080/api/v2/users [email protected] -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -v
* Trying 127.0.0.1:8080...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> POST /api/v2/users HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.80.0
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiQVBJIl0sImV4cCI6MTY0NTUyNDA0MSwianRpIjoiYzhhYXY2ZGE5djhzZ2U2bnM0dGciLCJuYmYiOjE2NDU1MjI4MTEsInBlcm1pc3Npb25zIjpbIioiXSwic3ViIjoiYmU2aitGZkZWdnVNbFlvUU5IVTg0dFN1azBaODJ3RjBKV2Mvbjc4WnRrQT0iLCJ1c2VybmFtZSI6ImFkbWluIn0.CJ5KF_wrVmnSn_LPLd6rW1vdRP5Sl8wf22ZCygx3yo8
> Content-Length: 1049
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 201 Created
< Content-Type: application/json; charset=utf-8
< Date: Tue, 22 Feb 2022 09:43:32 GMT
< Content-Length: 1094
<
{"id":1,"status":1,"username":"test","email":"[email protected]","expiration_date":0,"public_keys":["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBP2XkFWl0gh9z8/UFJTiAz3Zg6ybluP6DJo/YIIhKGurgldUpQneUJoVEHbEeQW7JXQtTw8zIlIVlHVJyUSYn4lWqZYHnTLzwSGvsxqnfchuAVd2em40IhchkSiPbsfjJB4eYMs3wpZ2Op93f+AeTGmoMSgym8lcah0jX3eR9hWQwSPVhGK31AHVzhZ9cTEqnOStqOtCeNqIEKqd54h5JNgoZekuNXxyk2C33eaj+XCDvzYINQKwbw5eqkPH2IVSPt8bXMvNB4FL5dmfFe0l3DQyw/angtzVNZ4AptbVjOvAgg3zek34gsZJivqDnJ7pXWr4g2qu7YQ2O0H7T4AKyKIDyXWzvp0FTL2H9NubuEu/cOPWdG3H7iFVbOB+/Sy1LABo5Vgn4Pze0DZGY3DROso0o+yPVyXNirdsdfz3HrjXTP31jHCXn5sVDmp8dedc9OaIGGcZVSP7tk0UVGnw1rF2goRqROlA/8APJNnzO/lh+iQNPOTTmwgj7UE9N+Jk= root@2f4e0e68d9a6"],"home_dir":"/tmp/test-sftp","uid":0,"gid":0,"max_sessions":0,"quota_size":0,"quota_files":0,"permissions":{"/":["*"]},"created_at":1645523012171,"updated_at":1645523012171,"filters":{"hooks":{"external_auth_disabled":false,"pre_login_disabled":false,"check_password_disabled":false},"totp_config":{"secret":{}}},"filesystem":{"provider":0,"s3config":{},"gcsconfig":{},"azblobconfig":{},"cryptconfig":{},"sftpconfig":{}}}
* Connection #0 to host 127.0.0.1 left intact connect sftp server with private keysftp -P 2022 -i /tmp/test_key [email protected]
The authenticity of host '[127.0.0.1]:2022 ([127.0.0.1]:2022)' can't be established.
ED25519 key fingerprint is SHA256:R/yb/YZwkEbZ3DMnviCqVq3gZX4tcXaCkU8RCQo5ZTA.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[127.0.0.1]:2022' (ED25519) to the list of known hosts.
[email protected]'s password: it requires password even if private key is provided. Can you check if there is any wrong for my steps? |
Hi, please try: sftp -P 2022 -i /tmp/test_key -o 'PubkeyAcceptedKeyTypes +ssh-rsa' [email protected] it this works means that you have a recent sftp cli that try to use server-sig-algs extension (RFC8308). This extension is not yet supported. You can also generate keys with a different algorithm, for example |
@drakkan thanks for your quick and kindly support. I have tried your two methods, they work. Is there a plan to support server-sig-algs extension (RFC8308) in this excellent project? |
This support must be added upstream golang/go#49269 I hope this will be fixed after Go 1.18 release. If not I'll try the available patch and if it works as expected I'll use it for SFTPGo builds. I'm monitoring the upstream issues and I'll add this support as soon as possible |
This is now supported, please test the development version, thanks |
When I try to add a new user with curl, the sftpgo returns status code 201 to indicate the user is created successfully.
the content of add-user.json is:
I can login to the sftp server with user/password(test/123).But when I try to use private key to login to the sftp server, it prompts me to input the password.
Can you help me to find what's wrong with above json body?
Thanks in advance!
The text was updated successfully, but these errors were encountered: