Wired Intelligent Edge

I have ssh using public key authentication configured on a 2810-48G, which works as it should. SFTP does not work however; I get the following error:
$ sftp admin@10.10.1.1
Connecting to 10.10.1.1...
Request for subsystem 'sftp' failed on channel 0
Couldn't read packet: Connection reset by peer

If I change to password auth
(i.e. aaa authentication ssh login local none)
then sftp works. Is this a bug or is sftp with public key auth not supported?

Thanks

 

 

P.S. This thread has been moevd from Switches, Hubs, Modems (Legacy ITRC forum) to ProCurve / ProVision-Based. = Hp Forum Moderator

Hi, crawshaw !

As I know public key authentication is only valid for an operator privilege level (for security reasons).
To get a manager privilege level you should use enable command and know (and provide!) a manager's level password.

Good luck,
Dmitry

Thanks for the reply. This implies that SFTP requires 'manager privilege level', is this the case, and therefore the reason why SFTP does not work with public key authentication?

Crawshaw,
Could this be your issue?

SSH authentication through a TACACS+ server and use of SCP or SFTP
through an SSH tunnel are mutually exclusive. Thus, if the switch is configured
to use TACACS+ for authenticating a secure Telnet SSH session on the switch,
you cannot enable SCP or SFTP

No, that's not it - neither TACACS nor RADIUS are configured.

what sftp client are you using, if it's putty, then there is specific procedure to use pub key auth, read manual.