We're trying to migrate a user authentication with certificates setup from SSH Tectia Server 4.0.1 (Solaris 9) to 6.0.2 (Solaris 10). cert-validation:
authentication-methods:
SSH server starts, loads the CA certificate test.crt OK, but authentication doesn't work: 703 Auth_methods_available, Username: testuser1, Auth methods: publickey 708 Publickey_auth_error, Username: testuser1, Algorithm: publickey, "Could not find the received public key in user's public key authorization file or directory"Why is the server looking for a public key if it should use the CA certificate to validate the client certificate? the client certificate is definitely OK and I'm running out of ideas. |
There isn't enough details to be sure what the issue is. The server still uses the public with in the cert for part of the authentication, so the messages don't indicate that its necessarily NOT doing cert auth. You must configure a public key authentication with a nested authentication with the appropriate certificate selectors. Please update your ssh-server-config.xml following the example below, restart the server then try again.
For more information on Cert Authentication please see the link below. http://www.tectia.com/manuals/server-admin/60/userauth-cert.html |