What can I determine about my public key on host server?

The administrators at sftp.foobar.com have done the following:

  1. Acknowledged receipt of my public key. (id_rsa.pub)
  2. Given me a hostname of their server (sftp.foobar.com)
  3. Given me a userid for an ssh/sftp connection (foo_user1)

Here’s my .ssh/config entry

Host foobar
 identityfile  id_rsa
 hostname      sftp.foobar.com
 user          foo_user1
 port          22 # I've also tried 2222 

$sftp -vvv foobar

 OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /home/foo_client/.ssh/config
debug1: /home/foo_client/.ssh/config line 332: Applying options for foobar
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "sftp.foobar.com" port 2222
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to sftp.foobar.com [] port 2222.

  #The session hangs and I CTRL-C to terminate command.


# I get no response
# I get neither userid nor password prompt.

Question: What Can I conclude about my public key on host server?

Do I have sufficient information to conclude the foobar admins have not installed my public key?

If they have installed public key but it is corrupted, would I get additional information from -vvv output?

Asked By: zundarz


You cannot determine anything about the public key. Your connection is blocked by a firewall.

SSH’s debugging output won’t help you diagnose firewall issues: they happen at a level below TCP. It could be a problem on your machine, on your local network, (unlikely) somewhere in between, on the server’s local network or on the server itself. tcptraceroute might help.

Here is some sample output with some relevant messages that you’d see on a successful connection:

debug1: Connecting to sftp.foobar.com [] port 2222.
debug1: Connection established.
debug1: identity file /home/foo_client/.ssh/id_rsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.4
debug1: Will attempt key: /home/from_client/.ssh/id_rsa 
debug1: Next authentication method: publickey
debug1: Offering public key: …
Authenticated to sftp.foobar.com ( using "publickey".

(I’ve slightly edited the messages and may have gotten the exact formatting of hostnames and such wrong.)

Of note:

  • debug1: Connecting is when the client has started the TCP connection.
  • debug1: Connection established. means the TCP connection is established. Your connection failed to reach this point.
  • debug1: Remote protocol version … is the first indication that a server has replied using the SSH protocol.
  • debug1: Will attempt key: indicates the keys that your client has found.
  • debug1: Next authentication method: publickey indicates that after negotiating with the server, your client has decided to try public-key authentication.
  • debug1: Offering public key: … indicates that your client is now trying to authenticate using this key.
  • Authenticated to sftp.foobar.com ( using "publickey". indicates that the server has accepted the last offered key.
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.