Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 29540

Summary: sftp: auth via rsa key is broken
Product: [Retired] Red Hat Linux Reporter: Gerald Teschl <gt>
Component: opensshAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: dr, pekkas
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-03-23 14:18:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gerald Teschl 2001-02-26 13:02:15 UTC 
I just tested out sftp and noted that I cannot login automatically with my
public rsa key (ssh,scp work fine). Then I found out that it uses protocol
2.
However, I have "Protocol 1,2" in both
~/.ssh/config and /etc/ssh_config. I also tried -o "Protocol 1" but it
seems to ignore it.
Comment 1 Nalin Dahyabhai 2001-02-26 20:29:48 UTC 
This is an interaction between how the sftp and ssh clients parse their
command-line arguments, specifically the 'protocol', 'forwardagent', and
'forwardx11' options.  You can see this if you add "-v -v" to the list of
options when starting sftp.

The 2.5.1p1-5 package (coming soon to Raw Hide) will add a patch to fix this. 
As a workaround, you can specify "-1" in the list of options to force protocol
1.
Comment 2 Gerald Teschl 2001-02-27 15:18:41 UTC 
Now it doesn't work at all :

[gerald@soliton gerald]$ rpm -q openssh
openssh-2.5.1p1-5
[gerald@soliton gerald]$ sftp localhost
Connecting to localhost...
xfree: NULL pointer given as argument
Couldn't read packet: Connection reset by peer
Comment 3 Pekka Savola 2001-02-28 20:22:27 UTC 
with openssh,

 xfree: NULL pointer given as argument 

almost always signifies openssl version mismatch (usually 0.9.6 vs 0.9.5a) between compiled && installed versions.  

Is your openssl good?  You could try --rebuild openssh to make sure this is not the case.
Comment 4 Gerald Teschl 2001-03-01 15:06:10 UTC 
I am using the current packages from rawhide: 
[gerald@soliton gerald]# rpm -q openssl openssh
openssl-0.9.5a-27
openssh-2.5.1p1-5

I use Protocol 1,2 in my config file

---------------------------------
[gerald@soliton gerald]$ ssh localhost
Last login: Thu Mar  1 17:02:12 2001 from localhost.localdomain
[gerald@soliton gerald]$
---------------------------------
[gerald@soliton gerald]$ sftp -1 localhost
Connecting to localhost...
sftp>
---------------------------------
[gerald@soliton gerald]$ sftp localhost
Connecting to localhost...
Connection closed by 127.0.0.1
Couldn't read packet: Connection reset by peer
[gerald@soliton gerald]$
Comment 5 Gerald Teschl 2001-03-01 15:09:45 UTC 
I recompiled the packages on a 7.0 box: Config still is Protocol 1,2 but sftp
still uses
das unless -1 is given on the command line:
---------------------------------------------------
[gerald@keen gerald]$ rpm -q openssh openssl
openssh-2.5.1p1-5
openssl-0.9.5a-14
[gerald@keen gerald]$ ssh localhost
Last login: Thu Mar  1 15:59:36 2001 from soliton.mat.univie.ac.at
Thu Mar  1 16:06:45 CET 2001
[gerald@keen gerald]$ exit
logout
Connection to localhost closed.
[gerald@keen gerald]$ sftp localhost
Connecting to localhost...
Enter passphrase for key '/users/gerald/.ssh/id_dsa':
gerald@localhost's password:
sftp> quit
[gerald@keen gerald]$ sftp -1 localhost
Connecting to localhost...
sftp> quit
[gerald@keen gerald]$
Comment 6 Gerald Teschl 2001-03-23 14:18:02 UTC 
Works in openssh-2.5.2p1-1