I can configure the Tectia Server (Windows 2008) for SFTP to authentication the user by the use of their AD account and password. This setup allows the SFTP user to have their own Virtual Folder that is a remote file share being authenticated via Windows AD. This works fine. When adding to the configuration to allow the SFTP user authentication to be done via user Authorised-Keys instead of Account Password, then the Virtual Folder that is setup for the SFTP user, is no longer available. Is there a way to configure the server to maintain / authenticate for the SFTP User so that the Windows Virtual Folder is maintained when Key authentication is used for the SFTP session?
asked Jun 19 '12 at 09:57
it seems you are experiencing well known issue. Try to read the following articles:
The steps described in those articles should solve the issue for the key authentication. However, if your virtual folders are located on DFS share, you may be experiencing further troubles.
It is all related to fact that some features of Windows OS are not available to you, unless you explicitly provide Windows (domain) account password (Those include: EFS, DFS, certificate store and possibly some others). It is deliberate decision of Microsoft's engineers to bind certain features to user's Windows account's credentials.
For this reason SSH is bringing new feature into its Windows SSH server: Configurable Caching of User Account's Password in SSH Server to be used after non-interactive authentication method (like key authentication is). It is there solely for the purpose to enable those Windows OS features even with authentication methods that do not use explicit user account credentials. This way SSH server will create a new access token for user that has been already authenticated by other means than password (like key, certificate, gssapi, ...). The new token is created by calling LogonUser() with the password from cache.
It will be present in version 6.3.0 which is due to be released just about any time now: at the end of June 2012.
So if your issue does not get resolved with the advice in the links above, ask our support for version 6.3.0 and give try to the Password Cache.