Unable to authenticate a user into Reflection for Secure IT Server via public key

  • 7023041
  • 01-Jun-2018
  • 01-Jun-2018


Reflection for Secure IT Server for Windows


An ssh/sftp client may fail to connect to Reflection for Secure IT (RSIT) Windows server via key pair.  Tracing the connection, the server debug log reports:
"the public key could not be found among the public keys configured for this user or group in RSSHD settings...; public key refused."

Something similar to the following:

000000000135 2018-05-30 16:39:27.411 2628 W2K8RSITTSTSE\LOCAL2:[Trace][40252] 
WindowsServerAuthenticator.cpp:WindowsServerAuthenticator::IsSshKeyTrusted(1940) Reading authorization file:
"C:\Users\local2\.ssh2\authorization". Found public keys from user's settings: Key ' "2048-bit RSA, exported by
Administrator@user-laptop"' from C:\Users\local2\.ssh2usertest.pub.

000000000136 2018-05-30 16:39:27.411 2628 W2K8RSITTSTSE\LOCAL2:[Info][30304]
WindowsServerAuthenticator.cpp:WindowsServerAuthenticator::IsSshKeyTrusted(1969) Logon attempt 1 for user
name 'local2' with logon method 'publickey' (algorithm: 'ssh-rsa', public key fingerprint:
dc:b3:d1:45:31:08:17:f4:79:09:bd:f4:a7:c9:16:2a, test only): the public key could not be found among the public
keys configured for this user or group in RSSHD settings (%D\.ssh2\authorization); public key refused.


Request a new copy of client's public key file. Add/replace the one currently on the server.  Be sure that the authorization file includes an entry that point to the new public key file.

Example entry inside of an "authorization" file:
key new_public_key.pub


The problem may be related to mismatched key pair.  The server may not have a copy of the public key file the client is using to connect. To check, use ssh-keygen -l switch to extract the fingerprint(s) from the server file and compare it to the one the client is presenting.

In the above example, the client presents the following fingerprint to the server:

On the server, the account's public key folder is set to:

From a Windows Command prompt, use the following syntax to extract the fingerprint from each of the public key files if there are more than one in the folder:
    ssh-keygen -l -f <public key name>

    C:\Program Files\Micro Focus\RSecureServer>ssh-keygen -l -f "C:\users\local2\.ssh2\usertest.pub"
    2048 c3:d7:0f:7b:fc:9c:ff:79:e2:cc:45:c6:e4:9a:47:f9 Comment: "2048-bit RSA, exported by Administrator@user-laptop"

Note that the two fingerprints in this example do not match.
From Client:           dc:b3:d1:45:31:08:17:f4:79:09:bd:f4:a7:c9:16:2a
Found on Server:    c3:d7:0f:7b:fc:9c:ff:79:e2:cc:45:c6:e4:9a:47:f9