Hallo Robinson
Thanks a lot for the information.
I will post my question there.
OpenSSH Key based auth doesn't work as expected
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
I was testing sftp using openssh for a while now. I tested password based authentication with key based, which means the user who wants to login should provide his private key when trying to connect with the sftp server(openssh). If he had a valid private key then key will be prompted to enter his password. Only if those two authentications were successfully done, the user will get the permission to access the server.
The problem i witnessed is the following(open the sshd_config file):
- My Standard Authentication method is passwrod based
- #PubkeyAuthentication no
- PasswordAuthentication yes
- I activated for two users password based authentication with key based
- Match User userA,userB
- AuthenticationMethods publickey,password
- Match all
- It works perfectly.
- sftp -i C:\User\userA\keys\id_ras ******@sftp.parallel.ch
- Then i decided to deactivate this (by putting # in front of the command) and set for those users only password based authentication which is set as standard for sftp connections to the server.
- #Match User userA,userB
- #AuthenticationMethods publickey,password
- #Match all
- From now on i expect that the users "userA" & "userB" can only access the server by using their password. Even if they give their private key while trying to connect, the private key should not be relevant.
- But unfortunately the users can connect to the server either using only the private key or only the password. The reason is that with "#" key based won't be deactivated but it's like the server saying that "i don't know if public key is allowed or not but if a user comes up with his private key and his public key is linked in his user folder on this server then he can use either ways".
- If i really don't want this to happen then i have to either set pubkeyauthetication to no without #
- PubkeyAuthentication no
- Or i have to leave this #PubkeyAuthentication no but therefore remove the public key link in the users folder on the server.
Now i would love to know, if there is any possibilities to do this only in the configuration file without having to remove the link in the users folder on the sftp server?
Windows for home | Windows 10 | Internet and connectivity
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
2 answers
Sort by: Most helpful
-
Anonymous
2022-04-06T14:48:30+00:00 -
Anonymous
2022-04-06T13:19:53+00:00 Hi, I'm Robinson, and I’m happy to help you today.
I know how frustrating this may be for you but I'll do my very best to help you.
I want to apologize that this is just a forum for common consumers with domestic issues, because the scope of your question is more focused on a server or advanced environment, I believe that your question will be better resolved if it is posted in a more suitable location, you may get better help at our sister forums for IT Professionals, Q&A forums, the Community is for common consumers with domestic issues. Go here: https://docs.microsoft.com/en-us/answers/index....