ascp command line

After attempting to run an ascp command to transfer to or from a server invalid credentials would result in the following error message:

  ascp: failed to authenticate exiting.    Session Stop (Error: failed to authenticate)

Log file

The aspera-scp-transfer.log file records helpful information for each attempted transfer labelled by the date and time attempted. For a reference of the location of this log file on your system please see this article (Where are the Client or Server logs located?) .

A sample of what would be logged for a failed transfer with error code 19 is the following:

  2015-09-15 14:10:39 [59c-00001c80] ERR [ascp] SSH authentication failed  2015-09-15 14:10:39 [59c-00001c80] ERR failed to authenticate  2015-09-15 14:10:39 [59c-000023c8] LOG FASP Session Start uuid=ff820f21-f00f-4ab5-ab7e-ceba3a18a81c op=send   status=failed errcode=19 errstr="Authentication failure"

Troubleshooting

General

If you are authenticating to the transfer server with a password check that the username and password are valid. The username and password must be that of an existing system user account on the server machine.

If you are authenticating with SSH keys make sure they have been installed properly. You must have created a public-private key pair and installed the private key at the appropriate location on your local machine. The public key must in turn be installed at the appropriate location on the server machine which likely would be done by the machines server administrator.

You can double check your server connection details in the Enterprise Server GUI by clicking the Connection button and selecting the server on the left. Ensure that the proper method of authentication is selected and either fill in the correct password or choose the correct public key. You can click Test Connection to verify your credentials.

If you are using SSH keys via the command line make sure you are referencing the correct path to the private key with the -i option:

  ascp -i /path/to/private/key file1 [email protected]:/

Faspex

If you receive this error while using Faspex try the following troubleshooting measures on the machine with Faspex's transfer server:

1. Make sure SELinux is disabled. For instructions on how to disable SELinux see this Knowledge Base article .

2. (Linux and Mac OS X systems) Check the permissions of the following directories:

Linux

• /home
• /home/faspex
• /home/faspex/.ssh

Mac

• /Users
• /Users/faspex
• /Users/faspex/.ssh

These directories must allow the user read write and execute permissions. The faspex and .ssh folder should specifically be set to a permission of 700 for example:

  Linux  # ls -l /home    Mac  # ls -l /Users

  drwx------. 4 faspex faspex 39 Oct 2 21:03 faspex

If you find that the permissions differ change them with the following command:

  Linux  # chmod 700 /home/faspex    Mac  # sudo chmod 700 /Users/faspex

3. Ensure that the faspex directory has a .ssh sub-directory that contains the file authorized_keys :

  Linux  # ls -l /home/faspex/.ssh  -rw------- 1 faspex faspex 700 Oct 2 21:03 authorized_keys    Mac  # ls -l /Users/faspex/.ssh  -rw------- 1 faspex faspex 700 Oct 2 21:03 authorized_keys

On Windows navigate to the folder via the GUI and provide Administrator credentials to check.

For Linux and Mac you should also check that this file is owned by faspex and has access to the faspex group as in the example above. If faspex is not the owner and group you can make it so with the following command:

  # sudo chown -R faspex:faspex /home/faspex/.ssh/authorized_keys

4. Check that the Connect public SSH key is in the authorized_keys file not the private key. The public key is located in the following location:

• Windows: "C:\Program Files (x86)\Aspera\Enterprise Server\var\aspera_id_dsa.pub"
• Linux: /opt/aspera/var/aspera_id_dsa.pub
• Mac: /Library/Aspera/var/aspera_id_dsa.pub

5. Make sure the correct SSL certificate is in the appropriate location. For example the location of the SSL certificate for Node API communication is defined in the aspera.conf file in the <server> section such as the following:

  <cert_file>   /opt/aspera/etc/aspera_server_cert.pem  </cert_file>

6. Check that the authentication configuration on the faspex transfer user is set to token not allow for both incoming and outgoing traffic.

The easiest way to check is via the command line with asconfigurator a tool that edits and displays the configurations in aspera.conf .

Use the following command to see what the faspex transfer user's authentication is set to:

  # asconfigurator -x "get_user_data;user_namefaspex" | grep "authorization.*value"  "user"faspexauthorization_transfer_in_valuetokenAS_NULLAS_NULLAS_NULLallow  "user"faspexauthorization_transfer_out_valuetokenAS_NULLAS_NULLAS_NULLallow

In the above example the incoming and outgoing traffic are both set to token as expected. If they are set to anything other than token you can reconfigure them with asconfigurator :

  # asconfigurator -x "set_user_data;user_namefaspex;authorization_transfer_in_valuetoken"  # asconfigurator -x "set_user_data;user_namefaspex;authorization_transfer_out_valuetoken"

7. (Linux and Mac OS X systems) Ensure that the shell for user faspex is set to aspshell .

For more details on how to do so see step 4 of this Knowledge Base article .

Shares

If you receive this error while using Shares try the following troubleshooting measures on the offending node machine:

1. Make sure SELinux is disabled. For instructions on how to disable SELinux see this Knowledge Base article .

2. (Linux and Mac OS X systems) Check the permissions of the following directories where transfer_user is the transfer user set up for Shares:

Linux

• /home
• /home/ transfer_user
• /home/ transf er_user/.ssh

Mac

• /Users
• /Users/ transfer_user
• /Users/ transfer_user /.ssh

These directories must allow the user read write and execute permissions. The transfer_user home folder and .ssh folder should specifically be set to a permission of 700 for example:

  Linux  # ls -l /home    Mac  # ls -l /Users

  drwx------ 4 asp1 asp1 85 Oct 14 17:51 asp1

If you find that the permissions differ change them with the following command:

  Linux  # chmod 700 /home/faspex    Mac  # sudo chmod 700 /Users/faspex

3. Ensure that the transfer_user home directory has a .ssh sub-directory that contains the file authorized_keys :

  Linux  # ls -l /home/transfer_user/.ssh  -rw------- 1 transfer_user transfer_user 700 Oct 2 21:03 authorized_keys    Mac  # ls -l /Users/transfer_user/.ssh  -rw------- 1 transfer_user transfer_user 700 Oct 2 21:03 authorized_keys

On Windows navigate to the folder via the GUI and provide Administrator credentials to check.

For Linux and Mac you should also check that this file is owned bythe tran sfer_user and has access to the transfer_user group as in the example above. If your transfer_user is not the owner and group you can make it so with the following command:

  # sudo chown -R transfer_user:transfer_user /home/transfer_user/.ssh/authorized_keys

4. Check that the Connect public SSH key is in the authorized_keys file not the private key. The public key is located in the following location: