Is there a way to determine a bad public key presented to an SFTP server configured for public key authentication? I am comparing two pcap files next to each other one is a success and the other I know is failure with client presenting wrong key for public key authentication attempt. They look very similar except the successfull connection obviously has more encrypted packets back/forth. Is there any tell tail sign of a wrong client certificate presented like an ssl session? In the SSL session we can see an unecnrypted "Bad Cert" message. I can't find a similar one in an SSH/SFTP session captured. asked 31 Dec '13, 13:24  bonds3212000 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
are you using 'plain' public key authentication (AuthorizedKeysFile) or certificate authentication (AuthorizedPrincipalsFile)?
BTW: What is your SSH software? OpenSSH or a commercial product?