SFTP Connection shows error : server requires additional authentication with publickey

+1 vote
asked Dec 11, 2018 by YahudhaJames (200 points)

The application that i am developing has SFTP modules, using Rebex assemblies. The connection is being established, but cannot login..

The inner exception is "Authentication was partially successful, but server requires additional authentication with: 'publickey'.

Please help!!

Applies to: Rebex SFTP

1 Answer

+1 vote
answered Dec 11, 2018 by Lukas Pokorny (98,050 points)

This error message indicates that the SFTP server requires the user to authenticate using both a password and a public key. To do this, call the Login method overload that accepts password and private key (which is needed to perform public key authentication):

var sftp = new Sftp();
var key = new SshPrivateKey("mykey.ppk", "key_password");
sftp.Login("user01", "password", key);

However, this assumes you actually have the private key.

commented Dec 11, 2018 by YahudhaJames (200 points)
we have a pfx file and yes, we have called the Login method that accepts the parameter that u have mentioned.
do we need to register/import or any such things with the keys?
commented Dec 11, 2018 by Lukas Pokorny (98,050 points)
That looks something went wrong. Would it be possible to create a communication log showing what's going on, and either post it here or mail it to support@rebex.net? That should give us some ideas about what might be the issue. To create the log, just specify a log writer: sftp.LogWriter = new FileLogWriter("rebex-log.txt", LogLevel.Debug);
commented Dec 11, 2018 by YahudhaJames (200 points)
Hi Lukas,
I have mailed u the log, could u please analyse it and suggest what might be going wrong.
commented Dec 11, 2018 by Lukas Pokorny (98,050 points)
Thanks! According to the log, it looks like the server actually accepted both the password and public key. But instead of authenticating the client, the server is asking for further public key authentication. The client fails at this point because it has already successfully authenticated using the key.

The most likely explanation for this is a server-side bug. Are you able to connect to the same account using any SFTP client application such as WinSCP or FileZilla?

Regardless, it might be useful to try reversing the order of the two authentication steps to publickey-first. To achieve this, just set the following property before connecting to the server:
  sftp.Settings.TryPasswordFirst = false;
commented Dec 12, 2018 by YahudhaJames (200 points)
No, I am not able to connect to the server with WinSCP nor with CuteFTP. And i tried setting the property as per your advise, but in vain.
Wat other options do we have?
commented Dec 12, 2018 by Lukas Pokorny (98,050 points)
Similar behavior with WinSCP and CuteFTP indicates that this is indeed a server-side issue. At this point, possible options are rather limited:
a) Get assistance from the server vendor. This appears to be a server-side issue, so they should be able to help.
b) Upgrade the server to a more recent version. It's quite possible this will solve the issue.
c) Find an SFTP client app that is able to authenticate to this server using the same credentials. This might make it possible for us to determine what it does differently and add a workaround.
commented Dec 13, 2018 by YahudhaJames (200 points)
Hey Lukas..
We communicated with the client and it was confirmed that it was a thing in Server Side.. To be precise, they had to white-list the public key that we had to sent.
Thank you for your support Lukas.
commented Dec 13, 2018 by Lukas Pokorny (98,050 points)
Thanks for letting us know!
...