PLATFORM FREAKS
RSIT 英文
最終更新:
kcwest
-
view
RSIT Server (SSH Product) known issue could cause SSH connection failure.
One of the SSH server in our test environment stopped accepting incoming public key authentication with error message "Permission denied (public key)".
This error had continued until we fixed the problem.
This error had continued until we fixed the problem.
After analysis, we found there is known issue causing the same problem, related to the particular version of RSIT (Reflection for Secure IT) Server. This issue could occur on any Windows platform using a RSIT 6.1(fixed in Release 7).
Potential impact area is SSH connection between Amsterdam sites and BTMU WebFile Server which runs on Windows 2003 Server and RSIT 6.1 SP5.
Although at this time, this issue has never happened in the production server and RSIT support team says that the frequency of occurrence is very low, if this event occurred, SSH connection from Amsterdam sites would be refused until we fix the problem.
Potential impact area is SSH connection between Amsterdam sites and BTMU WebFile Server which runs on Windows 2003 Server and RSIT 6.1 SP5.
Although at this time, this issue has never happened in the production server and RSIT support team says that the frequency of occurrence is very low, if this event occurred, SSH connection from Amsterdam sites would be refused until we fix the problem.
In order to prevent this issue will occur in the production server, we want to take a workaround, which is modifying SSH configuration file on our server.
We are planning to test this workaround in the test environment in the first week of January, 2012.
In order to verify this fix works correctly, we want you to make a SSH connection test from your sites in the second week of January.
Our concern is that your site still has a test environment which can connect to our test server.
If you have an available environment, please let us know.
Our concern is that your site still has a test environment which can connect to our test server.
If you have an available environment, please let us know.
The following is the detailed description about RSIT known issue.
[Cause]
Normally, when RSIT server receives SSH connection request from a client, it goes through Windows logon process which reads file called “USERPROFILE”. The USERPROFILE contains pass to the client public key which is used for the authentication.
Normally, when RSIT server receives SSH connection request from a client, it goes through Windows logon process which reads file called “USERPROFILE”. The USERPROFILE contains pass to the client public key which is used for the authentication.
For some reason, when Windows logon process failed to load USERPROFILE, it uses Temporal USERPROFILE instead.
Temporal USERPROFILE has different path to the public key. Consequently, RSIT server cannot find registered public key and denies the public key authentication.
To make matters worse, RSIT Server writes the wrong path to Windows registry. (RSIT support team says that the behavior is by design.)
As a result, RSIT Server continues to use the wrong path and refuse public key authentication.
Temporal USERPROFILE has different path to the public key. Consequently, RSIT server cannot find registered public key and denies the public key authentication.
To make matters worse, RSIT Server writes the wrong path to Windows registry. (RSIT support team says that the behavior is by design.)
As a result, RSIT Server continues to use the wrong path and refuse public key authentication.
※ At this time, the root cause of failing to load USERPROFILE is unknown. However, RSIT support team says the frequency of occurrence is very low.
