"Server refused our key" Only from MobaXterm bookmark setup

S

stiw47

Guest
stiw47 Asks: "Server refused our key" Only from MobaXterm bookmark setup
Have a very strange problem, cannot figure it out on my own.

Archlinux server with openssh 8.8p1-1 I'm not using password for authentication, only SSH-RSA keys. Public key is stored on server inside /home/stiw47/.ssh/authorized_keys .ssh directory permissions are 700 and authorized_keys file permissions are 600 Everything was worked flawlessly for years until few days ago when openssh on server was updated from 8.7p1-2 to 8.8p1-1 Everything is still working in all ssh/sftp clients except from MobaXterm.

Let me try to explain little better:

  • If I try to connect from FileZilla (sftp) or from JuiceSSH on Android (ssh), everything is ok with same private key as always, as for all these years.
  • If I try to connect manually from terminal on other Linux machine or from MobaXterm terminal, with manually I mean with command: ssh -i 'C:\Users\stiw4\Documents\keys\id_rsa' stiw47@192.168.0.21 - everything is ok again
  • If I try to use bookmark in MobaXterm (I like bookmark), then I get "Server refused our key" message

MobaXterm Bookmarks area screenshot

I have to mention that same that bookmark, with same private key, worked normally before openssh package upgrade on server and also working now if I downgrade openssh on server back to 8.7p1-2 I already deleted MobaXterm known_hosts file on Windows machine, but nothing changed.

I tried to debug it with running following on server:

Code: 
sudo `which sshd` -p 2020 -Dd

And connecting from bookmark on port 2020, this is the log, I'm not understanding it good:

Code: 
[sudo] password for stiw47:
debug1: sshd version OpenSSH_8.8, OpenSSL 1.1.1l  24 Aug 2021
debug1: private host key #0: ssh-rsa SHA256:uMBMgYez8RvbToK8ZpuVIOT6Kt9DtjwvEEmObduXSaw
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:s/mpg8gbKeFRefGxYjuHYgXFkL8KrklpgivPk9veSXI
debug1: private host key #2: ssh-ed25519 SHA256:MopYaB4XAi8QBkE+RumfZl6IT3y17c3Mu85X+11+wRY
debug1: rexec_argv[0]='/usr/bin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='2020'
debug1: rexec_argv[3]='-Dd'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2020 on 0.0.0.0.
Server listening on 0.0.0.0 port 2020.
debug1: Bind to port 2020 on ::.
Server listening on :: port 2020.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.8, OpenSSL 1.1.1l  24 Aug 2021
debug1: private host key #0: ssh-rsa SHA256:uMBMgYez8RvbToK8ZpuVIOT6Kt9DtjwvEEmObduXSaw
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:s/mpg8gbKeFRefGxYjuHYgXFkL8KrklpgivPk9veSXI
debug1: private host key #2: ssh-ed25519 SHA256:MopYaB4XAi8QBkE+RumfZl6IT3y17c3Mu85X+11+wRY
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.0.53 port 50385 on 192.168.0.21 port 2020 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version MoTTY_Release_0.73
debug1: compat_banner: no match: MoTTY_Release_0.73
debug1: permanently_set_uid: 65534/65534 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_INIT received [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user stiw47 service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "stiw47"
debug1: PAM: setting PAM_RHOST to "192.168.0.53"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user stiw47 service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Received disconnect from 192.168.0.53 port 50385:14: No supported authentication methods available [preauth]
Disconnected from authenticating user stiw47 192.168.0.53 port 50385 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 64262

Very strange situation for me, do you have some ideas?

Thanks.

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your response here to help other visitors like you. Thank you, solveforum.
Click to expand...
 
You must log in or register to reply here.

Recent Threads

Why is it okay for my .bashrc or .zshrc to be writable by my normal user?

Zach Huxford Asks: Why is it okay for my .bashrc or .zshrc to be writable by my normal user?
My user ~/.zshrc file has the following default privileges

Code: 
-rw-r--r--

My understanding of user permissions is that any process spawned by my user will then have read/write permissions to this file.

In malicious hands this could probably be used to edit aliases or append a directory of the attackers choosing to the beginning of the $PATH. I'm concerned that a malicious program that I install on the user level could then trick me into somehow giving up my sudo password through this method.

Obviously I do trust most of the programs that I install to not be malicious, however, I do use npm as a package manager for my own projects which is commonly accepted to be a vector for malware due to the sheer number of dependencies each module and it's dependencies can have.

I know that running sudo npm install -g is really bad practice but is using npm as a user which has write access to your main shell configuration file almost as bad just with a few extra steps in between, or am I lacking an understanding of how user permissions/shell configuration/npm works?

If this is insecure, then have I somehow missed security good practice for handling node js projects?

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

SFTP user login details real-time filtering

  • Amal P Ramesh
  • Main forum
  • Replies: 0
Amal P Ramesh Asks: SFTP user login details real-time filtering
I have enabled the SFTP login log into the default logfile /var/log/syslog and tried to filter the login time of each user and insert it into the database.

But the filtering is not worked as I expected.

Sample log file:

Code: 
Jun 23 15:47:03 ip-172-16-0-62 systemd[24938]: Reached target Shutdown.
Jun 23 15:47:03 ip-172-16-0-62 systemd[24938]: Starting Exit the Session..c.
Jun 23 15:47:03 ip-172-16-0-62 systemd[24938]: Received SIGRTMIN+24 from PID 24980 (kill).
Jun 23 15:47:03 ip-172-16-0-62 systemd[1]: Stopped User Manager for UID 1051.
Jun 23 15:47:03 ip-172-16-0-62 systemd[1]: Removed slice User Slice of nidasu.
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Created slice User Slice of ftpuser1.
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Starting User Manager for UID 1069...
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Started Session 11907571 of user ftpuser1.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Listening on REST API socket for snapd user session agent.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Paths.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Timers.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Sockets.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Basic System.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Reached target Default.
Jun 23 15:47:13 ip-172-16-0-62 systemd[24987]: Startup finished in 15ms.

Needs to filter user login messages, like:

Code: 
Jun 23 15:47:13 ip-172-16-0-62 systemd[1]: Started Session 11907571 of user ftpuser1.

I need to grep it out by matching the string "Started Session 11907571 of user ftpuser1"

The session number 11907571 is a random number and usernames also differ so grepping can ignore the numbers and usernames, only need to check the string like: **"Started Session *** of user ***"

And need to parse the line and grep the date + time, and username then insert it into the MySQL database.

If there is any option to create a daemon process to run and insert the details into DB, it will help me to do the task.

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

get nat port forwarding IP address

gyandoo Asks: get nat port forwarding IP address
I am using an android phone that is connected to an openwrt router via usb tether

The android phone has a dynamic wan gateway on each reboot

To make things easy for me to connect to the webui of some of the apps on the android phone via the openwrt router, I created a port forwarding rule in openwrt and entered the wan ip of the android phone manually. port forwarding rule

On each reboot of the android phone, i will have to check the routes in openwrt, get the new wan ip and update the port forwarding rule, which is fine

to make things easier on my linux machine, id like to be able to use CLI to get that wan ip that i set in port forwarding i.e 192.168.1.1:32399

not that it matters, but curlftpfs ftp mounting isn't playing well with nat, all other android app webui's are working fine with the port redirect, curlftpfs requires the wan ip, it finds the wan ip in debug but skips it

thanks

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

Using docker does not give error with sudo but using ctr does on starting a container

Mithilesh Asks: Using docker does not give error with sudo but using ctr does on starting a container
I am starting a container using the docker run command, it works fine. However when I try to start the same container using ctr command (irrespective of whatever snapshotter I use) I get this error:

Code: 
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

The error is coming from one of the lines in the dockerfile which is prepended by sudo . Please note that I tried removing sudo but then it gives permission denied error. As per my understanding docker engine uses ctr under the hood. Then why does not working for ctr? How shall I proceed to de

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

What are some of the latest Nike soccer shoes that have gained popularity among players and enthusiasts in recent years?

Bryan Fury Asks: What are some of the latest Nike soccer shoes that have gained popularity among players and enthusiasts in recent years?
In recent years, the Nike Mercurial Vapor XI NJR soccer shoes have gained significant popularity among players and enthusiasts. These cleats, also known as the “Neymar edition”, are renowned for their explosive speed and agility on the field. With a lightweight and streamlined design, the Nike Mercurial Vapor allows players to move swiftly and effortlessly. Equipped with innovative technology and high-quality materials, these cleats offer exceptional traction and responsiveness, making them a top choice for players seeking optimal performance. The sleek aesthetic of the Nike Mercurial Vapor XI NJR, inspired by Neymar Jr., one of the world's top soccer players, has contributed to their widespread acclaim among soccer enthusiasts.

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

Can't change TCP/IPv4 settings on windows 10

AbdelKh Asks: Can't change TCP/IPv4 settings on windows 10
As I am trying to change my wireless IPv4 or DNS IP address, everything goes well until I click OK.

The adapter window pops up this error: "An unexpected condition occurred. Not all of your requested changes in settings could be made"

Picture of the error message


Even when I restored Windows, disabled and re enabled the adapter, the problem was not solved.

Any help would be appreciated.

Edit: I fixed that by resetting Windows 10. No other solution worked for me.

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

Customer service access 2007 template

tintincutes Asks: Customer service access 2007 template
anybody is familiar with this? can you please help me understand where can I find the other tables, Cases_1 and Employees_1? If I click on the relationship I can see these tables but I can't see that on the Main Page? are they some kind of being hidden?

SolveForum.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your thoughts here to help others.
Click to expand...

Latest posts

Newest Members

Top