Re: sftp upload to Windows 2003 EFS directory fails (using public key authentication)

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 06/28/04

• Next message: Henning Krause: "Re: Getting user name for failed authentication"
• Previous message: Antonio: "Re: Getting user name for failed authentication"
• In reply to: Klaus: "sftp upload to Windows 2003 EFS directory fails (using public key authentication)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Jun 2004 18:49:25 +1000

I think this is a technology limitation: SSH doesn't map public keys to
Windows user accounts, doesn't call LSA for authentication and therefore
cannot access the user key store to get EFS key. To verify that, enable file
access audit and see which user account is accessing the directory in each
scenario - password-based and public key authentication (non-encrypted
directory).

If you need to achieve data encryption in storage as well as in
transmission, consider running SSH daemon in context of a user that has
access to the EFS-encrypted directory - that might work with public key
auth.

-- 
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Klaus" <mail4klaus@telus.net> wrote in message
news:1d90329.0406271854.73c70399@posting.google.com...
> When I upload a file (via sftp client with public key authentication)
> to a Windows 2003 EFS enalbed directory (where the upload local
> account has modify rights assigned to the EFS directory) I get the
> following Windows system event error log: Event ID 6032, Source EFS,
> Description: EFS does not support encryptions over network sessions
> established using the NTLM protocol.
>
> The same sftp upload is successful if I use local account password
> authenticaton instead of public key authentication.
>
> File uploads using public key authentications are successful to non
> encrypted directories.
>
> This issue is reproducable using various sftp clients and server
> products. I used the latest versions of Vshell and F-secure products
> in my testing.
>
> Any info or troubleshooting tips are appreciated.

• Next message: Henning Krause: "Re: Getting user name for failed authentication"
• Previous message: Antonio: "Re: Getting user name for failed authentication"
• In reply to: Klaus: "sftp upload to Windows 2003 EFS directory fails (using public key authentication)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: public key vs passwd authentication? ... > I have a client that's turned off public key authentication. ... > examination of the security aspect, it'd make my job a lot easier/ ... http://www.garlic.com/~lynn/aadsm15.htm#2 Is cryptography where security took the wrong branch? ... (comp.security.ssh) Putty to Windows sshd server authentication problem ... I am having difficulty with public key authentication between a Putty client on one host and a SSH-Textia Windows server on another host. ... 1488:Ssh2AuthPubKeyServer: Received public key not authorized by authorization file. ... (SSH) OpenSSH_3.1p1 auth problems ... like to have public key authentication working. ... like to logon to Host-B FROM Host-A using public key auth. ... when I ssh on Host-A ... (comp.os.linux.security) OpenSSH_3.1p1 auth problems ... like to have public key authentication working. ... like to logon to Host-B FROM Host-A using public key auth. ... when I ssh on Host-A ... (comp.security.ssh) SSH & public key authentication ... I have F-secure SSH server software. ... can't use domain user accounts and public key ... Public key authentication does not work with domain ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint