AnsweredAssumed Answered

Can't get key based auth to work for sftp

Question asked by David Frey on Sep 20, 2017
Latest reply on Sep 20, 2017 by Josh Cheshire

Hi,

 

I am new to akamai in general.  I am trying to upload a file that will be linked to from my company's website.  My understanding is that I have to upload the file to something that Akamai calls "NetStorage".  I am trying to setup ssh keys so that I can connect via sftp to upload the file.

 

I ran this command to generate my public/private key pair:

ssh-keygen -v -t rsa -b 2048 -C "myuser@mycompany.com" -f id_rsa_akamai

 

Then I added this snippet to my ~/.ssh/config file:

Host mycompany.upload.akamai.com
    IdentityFile /home/myuser/.ssh/id_rsa_akamai
   HostKeyAlgorithms=+ssh-dss
    #User myuser@mycompany.com
    User myuser

 

I added my new id_rsa_akamai.pub key into the ssh keys section of my account in NetStore and waited for the key to propogate.

 

Then I ran this command:

$ sftp -v mycompany.upload.akamai.comOpenSSH_7.4p1, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /home/myuser/.ssh/config
debug1: /home/myuser/.ssh/config line 6: Applying options for mycompany.upload.akamai.com
debug1: Connecting to mycompany.upload.akamai.com [104.86.109.83] port 22.
debug1: Connection established.debug1: identity file /home/myuser/.ssh/id_rsa_akamai type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myuser/.ssh/id_rsa_akamai-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 1.99, remote software version Server-VIII-hpn14v2
debug1: no match: Server-VIII-hpn14v2
debug1: Authenticating to mycompany.upload.akamai.com:22 as 'myuser'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-dss
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-dss SHA256:LuRyAk8LZhLaIxYvzZRKDRzrToKlYFmCoPcgXRJTpKM
debug1: Host 'mycompany.upload.akamai.com' is known and matches the DSA host key.
debug1: Found key in /home/myuser/.ssh/known_hosts:20
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/myuser/.ssh/id_rsa_akamai
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Connection closed

 

 

If I switch the config line "User myuser" line to "User myuser@mycompany.com", the output of the sftp command is nearly identical except for the line that says which user it's authenticating as.  I looked at the public key on my system and it appears to match the one I see in the NetStorage settings.

 

Any ideas?

Outcomes