Welcome to the Cumulus Support forum.

Latest Cumulus MX V4 release 4.3.3 (build 4070) - 04 January 2025

Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024

Legacy Cumulus 1 release 1.9.4 (build 1099) - 28 November 2014
(a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)

Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki

If you are posting a new Topic on an error or if you need help PLEASE read this first viewtopic.php?p=164080#p164080

SFTP fails with Permission denied (publickey)

From build 3044 the development baton passed to Mark Crossley. Mark has been responsible for all the Builds since. He has made the code available on GitHub. It is Mark's hope that others will join in this development, but at the very least he welcomes your ideas for future developments (see Cumulus MX Development suggestions).

Moderator: mcrossley

Post Reply
mbatesco
Posts: 5
Joined: Mon 24 Oct 2022 3:07 pm
Weather Station: Davis PV
Operating System: Raspberry Pi - Ubuntu

SFTP fails with Permission denied (publickey)

Post by mbatesco »

I installed Cumulus MX 3.22.2 (build 3213) today on ubuntu on a Raspberry Pi 4.

I setup a connection to an Amazon Lightsail instance running Ubuntu. I can connect with ssh/sftp/scp using the pem key and upload files to the /var/www/html/weather directory just fine.

I'm running Cumulus MX as root on the PI and connecting to the ubuntu user on the Lightsail instance.

When connecting via CumulusMX though I get the following:

2022-10-24 17:09:38.705 RealtimeReconnect: Realtime ftp attempting disconnect
2022-10-24 17:09:38.706 RealtimeReconnect: Realtime ftp disconnected
2022-10-24 17:09:38.706 RealtimeReconnect: Realtime ftp attempting to reconnect
2022-10-24 17:09:39.062 RealtimeReconnect: Realtime ftp attempting to reinitialise the connection
2022-10-24 17:09:39.062 RealtimeSSHLogin: Attempting realtime SFTP connect to host xx.xxx.xxx.xxx on port 22
2022-10-24 17:09:39.397 RealtimeSSHLogin: Error connecting SFTP - Permission denied (publickey).
2022-10-24 17:09:39.397 RealtimeReconnect: Realtime ftp connection failed to connect after reinitialisation
2022-10-24 17:09:39.397 RealtimeReconnect: Sleeping for 20 seconds before trying again...

I've checked the /root/.ssh/known_host file on the PI and ensure the authorized_key file on ubuntu has the key.

Any ideas?

Thanks
Mike :shock:
Last edited by mbatesco on Tue 01 Nov 2022 12:15 am, edited 2 times in total.
freddie
Posts: 2826
Joined: Wed 08 Jun 2011 11:19 am
Weather Station: Davis Vantage Pro 2 + Ecowitt
Operating System: GNU/Linux Ubuntu 24.04 LXC
Location: Alcaston, Shropshire, UK
Contact:

Re: SFTP fails with Permission denied (publickey)

Post by freddie »

Have you told MX where to find your private key in order to perform encryption? Under Settings -> Internet Settings, tick Enable FTP Connections, then select SFTP protocol, then the pre-shared key authentication method, which gives you a box to enter the path to the private key file. Note that MX doesn't use system SSH, it has its own.
Freddie
Image
mbatesco
Posts: 5
Joined: Mon 24 Oct 2022 3:07 pm
Weather Station: Davis PV
Operating System: Raspberry Pi - Ubuntu

Re: SFTP fails with Permission denied (publickey)

Post by mbatesco »

Thank you for the response.

I placed the private key in the CumulusMX directory and pointed to it during the setup. It is the same key I've used with the command line ssh/sftp/scp commands.

Mike
User avatar
mcrossley
Posts: 14072
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2/WLL
Operating System: Bullseye Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: SFTP fails with Permission denied (publickey)

Post by mcrossley »

Check your file permissions on the copied key file, can the user CMX is running under read it?
Same for the server public key.
User avatar
rogerthn
Posts: 545
Joined: Thu 11 Apr 2013 6:31 pm
Weather Station: Ecowitt GW1000/GW1003
Operating System: Raspberry Pi OS bullseye aarch64
Location: Trollhättan Sweden
Contact:

Re: SFTP fails with Permission denied (publickey)

Post by rogerthn »

I had to convert to PEM RSA private key for CMX

Code: Select all

file /home/pi/.ssh/id_rsa /home/pi/CumulusMX/id_rsa
/home/pi/.ssh/id_rsa:      OpenSSH private key
/home/pi/CumulusMX/id_rsa: PEM RSA private key
Image
mbatesco
Posts: 5
Joined: Mon 24 Oct 2022 3:07 pm
Weather Station: Davis PV
Operating System: Raspberry Pi - Ubuntu

Re: SFTP fails with Permission denied (publickey)

Post by mbatesco »

I'm double-checking the permissions and started looking at the PEM RSA, I think that might be the issue as the openssh keys have not worked to this point.

Thanks Rogerthn for the tip and I'll see how it works.

Mike
User avatar
rogerthn
Posts: 545
Joined: Thu 11 Apr 2013 6:31 pm
Weather Station: Ecowitt GW1000/GW1003
Operating System: Raspberry Pi OS bullseye aarch64
Location: Trollhättan Sweden
Contact:

Re: SFTP fails with Permission denied (publickey)

Post by rogerthn »

OK Mike
My commands below

Code: Select all

cp -p /home/pi/.ssh/id_rsa /home/pi/.ssh/id_rsa.SAVED
ssh-keygen -p -N "" -m pem -f /home/pi/.ssh/id_rsa
cp -p /home/pi/.ssh/id_rsa /home/pi/CumulusMX/
cp -p /home/pi/.ssh/id_rsa.SAVED /home/pi/.ssh/id_rsa
Image
User avatar
mcrossley
Posts: 14072
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2/WLL
Operating System: Bullseye Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: SFTP fails with Permission denied (publickey)

Post by mcrossley »

For reference...
SSH.NET supports the following private key formats:
  • RSA in OpenSSL PEM and ssh.com format
  • DSA in OpenSSL PEM and ssh.com format
  • ECDSA 256/384/521 in OpenSSL PEM format
  • ECDSA 256/384/521, ED25519 and RSA in OpenSSH key format
Private keys can be encrypted using one of the following cipher methods:
  • DES-EDE3-CBC
  • DES-EDE3-CFB
  • DES-CBC
  • AES-128-CBC
  • AES-192-CBC
  • AES-256-CBC
mbatesco
Posts: 5
Joined: Mon 24 Oct 2022 3:07 pm
Weather Station: Davis PV
Operating System: Raspberry Pi - Ubuntu

Re: SFTP fails with Permission denied (publickey)

Post by mbatesco »

Finally got some time to work through this, but still no luck.

For some reason, I can connect via the pem key with the command line ssh on a Mac and using SecureCRT without issue.

I've checked the authorized_keys files permissions and ensured the public key is in place. I also checked the private key permissions are correct. I even did a snapshot of the AWS Lightsail instance and recreated the instance with a new default key. I also create several new keys, but each time, I get

2022-10-31 15:20:40.042 RealtimeSSHLogin: Attempting realtime SFTP connect to host xx.xxx.xx.xxx on port 22
2022-10-31 15:20:41.320 RealtimeSSHLogin: Error connecting SFTP - Permission denied (publickey).
2022-10-31 15:20:41.329 Starting Realtime timer, interval = 30 seconds

Is there a debug flag for sftp to get more details? Any other sftp authentications methods that might work? I guess I could try a password but that is not as secure.

Thanks
Mike
mbatesco
Posts: 5
Joined: Mon 24 Oct 2022 3:07 pm
Weather Station: Davis PV
Operating System: Raspberry Pi - Ubuntu

Re: SFTP fails with Permission denied (publickey) [SOLVED]

Post by mbatesco »

Solved the problem.

I'm running Ubuntu 22.04, and there is an issue with ssh-rsa SHA1 hash algorithm being deprecated. Seems like some programs ignore the issue but ssh.Net does not.

In /var/log/auth.log I found: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] and Google this message which lead me to https://askubuntu.com/questions/1409105 ... from-20-04

I did not change the keys, but instead added the following to /etc/ssh/sshd_config

Code: Select all

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
And restarted sshd

Code: Select all

sudo systemctl restart sshd
Lesson relearned, do not just check the initiating endpoint, but check the other endpoint as well.

Thanks for the help.

Mike
Post Reply