Re: [gentoo-user] Cannot login with publickey on sshd
Mick wrote: On Monday 01 December 2008, Mick wrote: On Monday 01 December 2008, Eric Martin wrote: What did you use to generate the key? Also, what does the client / server say for the key fail? I used something like: ssh-keygen -v -t rsa -b 2048. I have even generated a second key pair and tried that too, with no success. The client messages are in the first message I sent to the list - basically showing this: debug1: Connection established. debug3: timeout: 14828 ms remain after connect debug3: Not a RSA1 key file /home/michael/.ssh/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace . . . debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-END' debug3: key_read: missing keytype The server messages are shown here: http://pastebin.centos.org/22705 I have now also tried to generate a key pair on the server, move the private key over to the client and then try to login - still no result! :-( It has to be some sort of incompatibility between the two versions of OpenSSH. Don't know what else to assume with this problem. It definitely looks like the server doesn't like your private key. Did you remember to update(read: add) the public key on the server? Also, I generated an ssh key using the exact same syntax that you used and my key looks different that what I can glean about your key. The ---BEGIN, Proc-Type and DEK-Info lines are in an old dsa key I created, while the rsa key just says BEGIN RSA PRIVATE KEY- followed by key data. The DSA key says the same, except DSA as opposed to RSA. From the logs it looks like w formatting issue, given the whitespace errors. have you tried loading your key into an agent? try: ssh-agent /bin/bash ssh-add ~/.ssh/id_rsa This will unlock your key and let that session authenticate for you. It also has the nice side effect of checking if your private key is a real private key. The only time I have a problem w/pub/private keys is when I create them on a windows box and try to export it to ssh. The other way around always works for me. HTH -- Eric Martin Key fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Cannot login with publickey on sshd
On Thursday 18 December 2008, Eric Martin wrote: Mick wrote: I have now also tried to generate a key pair on the server, move the private key over to the client and then try to login - still no result! :-( It has to be some sort of incompatibility between the two versions of OpenSSH. Don't know what else to assume with this problem. It definitely looks like the server doesn't like your private key. Did you remember to update(read: add) the public key on the server? Oops! I forgot about this thread - sorry. I finally found out what was causing it: I had an entry for a previous server on the same IP address in the ~/.ssh/config file on the client and had disabled publickey to make the login faster. On that occasion the server was a router and it did not offer publickey authentication. After a couple of years I had forgotten all about it . . . The only time I have a problem w/pub/private keys is when I create them on a windows box and try to export it to ssh. The other way around always works for me. The MSWindows generated keys will work, either from PuTTY or Cygwin, but you have to be careful with hard returns at the end of lines (CR/LF). Use Notepad++ to paste your key in and you should find that it works fine. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Cannot login with publickey on sshd
On Thursday 18 December 2008 23:17:13 Mick wrote: The only time I have a problem w/pub/private keys is when I create them on a windows box and try to export it to ssh. The other way around always works for me. The MSWindows generated keys will work, either from PuTTY or Cygwin, but you have to be careful with hard returns at the end of lines (CR/LF). Use Notepad++ to paste your key in and you should find that it works fine. PuTTY comes with a utility to convert it's keys to openssh format. I insist my PuTTY users do this themselves before they send me the public key to be deployed on the servers. It works well for me - if they get stroppy and don't do this, they don't get access shrug -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Cannot login with publickey on sshd
Great to hear that the problem is solved! I've used puttygen before to convert keys (both ways) but when I used it the other day to create a key on windows convert it wouldn't work. Oh well! On 12/18/08, Alan McKinnon alan.mckin...@gmail.com wrote: On Thursday 18 December 2008 23:17:13 Mick wrote: The only time I have a problem w/pub/private keys is when I create them on a windows box and try to export it to ssh. The other way around always works for me. The MSWindows generated keys will work, either from PuTTY or Cygwin, but you have to be careful with hard returns at the end of lines (CR/LF). Use Notepad++ to paste your key in and you should find that it works fine. PuTTY comes with a utility to convert it's keys to openssh format. I insist my PuTTY users do this themselves before they send me the public key to be deployed on the servers. It works well for me - if they get stroppy and don't do this, they don't get access shrug -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Cannot login with publickey on sshd
On Thursday 18 December 2008, Eric Martin wrote: Great to hear that the problem is solved! I've used puttygen before to convert keys (both ways) but when I used it the other day to create a key on windows convert it wouldn't work. Oh well! If you first paste the key in notepad++ it should work, if you just copy the generated file it won't. That's what I have found anyway when helping people with MSWindows machines. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Cannot login with publickey on sshd
On Monday 01 December 2008, Mick wrote: On Monday 01 December 2008, Eric Martin wrote: What did you use to generate the key? Also, what does the client / server say for the key fail? I used something like: ssh-keygen -v -t rsa -b 2048. I have even generated a second key pair and tried that too, with no success. The client messages are in the first message I sent to the list - basically showing this: debug1: Connection established. debug3: timeout: 14828 ms remain after connect debug3: Not a RSA1 key file /home/michael/.ssh/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace . . . debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-END' debug3: key_read: missing keytype The server messages are shown here: http://pastebin.centos.org/22705 I have now also tried to generate a key pair on the server, move the private key over to the client and then try to login - still no result! :-( It has to be some sort of incompatibility between the two versions of OpenSSH. Don't know what else to assume with this problem. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Cannot login with publickey on sshd
Mick wrote: On Saturday 29 November 2008, Eric Martin wrote: Mick wrote: Hi All, For some reason my Gentoo rsa public key is not liked by 3.9p1-11.el4_7 sshd, which is running on a CentOS server. On the Gentoo machine I am running net-misc/openssh-5.1_p1-r1. This is what it shows: === debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug3: timeout: 14835 ms remain after connect debug3: Not a RSA1 key file /home/michael/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-BEGIN' It sounds like you're using a pgp public key, is this on purpose? AFAIK, you need to convert pgp keys - openssh keys before you use them. Have you tried making a public key via ssh-keygen? Thanks Eric, The --BEGIN string is I believe from the private key generated using ssh-keygen. If looks like this: = -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC, X XX... etc. = where X is the hash of the key. The public key starts with: = ssh-rsa X...etc = As I mentioned the same ssh key pair seems to work fine with other servers. What did you use to generate the key? Also, what does the client / server say for the key fail? signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Cannot login with publickey on sshd
On Monday 01 December 2008, Eric Martin wrote: What did you use to generate the key? Also, what does the client / server say for the key fail? I used something like: ssh-keygen -v -t rsa -b 2048. I have even generated a second key pair and tried that too, with no success. The client messages are in the first message I sent to the list - basically showing this: debug1: Connection established. debug3: timeout: 14828 ms remain after connect debug3: Not a RSA1 key file /home/michael/.ssh/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace . . . debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-END' debug3: key_read: missing keytype The server messages are shown here: http://pastebin.centos.org/22705 -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Cannot login with publickey on sshd
On Saturday 29 November 2008, Eric Martin wrote: Mick wrote: Hi All, For some reason my Gentoo rsa public key is not liked by 3.9p1-11.el4_7 sshd, which is running on a CentOS server. On the Gentoo machine I am running net-misc/openssh-5.1_p1-r1. This is what it shows: === debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug3: timeout: 14835 ms remain after connect debug3: Not a RSA1 key file /home/michael/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-BEGIN' It sounds like you're using a pgp public key, is this on purpose? AFAIK, you need to convert pgp keys - openssh keys before you use them. Have you tried making a public key via ssh-keygen? Thanks Eric, The --BEGIN string is I believe from the private key generated using ssh-keygen. If looks like this: = -BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC, X XX... etc. = where X is the hash of the key. The public key starts with: = ssh-rsa X...etc = As I mentioned the same ssh key pair seems to work fine with other servers. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Cannot login with publickey on sshd
Hi All, For some reason my Gentoo rsa public key is not liked by 3.9p1-11.el4_7 sshd, which is running on a CentOS server. On the Gentoo machine I am running net-misc/openssh-5.1_p1-r1. This is what it shows: === debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug3: timeout: 14835 ms remain after connect debug3: Not a RSA1 key file /home/michael/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-END' debug3: key_read: missing keytype debug1: identity file /home/michael/.ssh/id_rsa type 1 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* debug1: Remote is NON-HPN aware debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1p1-hpn13v5 debug3: check_host_in_hostfile: filename /home/michael/.ssh/known_hosts debug3: check_host_in_hostfile: match line 17 debug1: Host '[XX]:22' is known and matches the RSA host key. debug1: Found key in /home/michael/.ssh/known_hosts:17 debug2: bits set: 496/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: Enabling compression at level 6. debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/michael/.ssh/id_rsa () debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive debug3: start over, passed a different list publickey,gssapi-with-mic,password,keyboard-interactive debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug1: No more authentication methods to try. Permission denied (publickey,gssapi-with-mic,password,keyboard-interactive). === The above response and bail out without authenticating happens when I pass the option: -o PreferredAuthentications=publickey Otherwise, it goes through the above responses and then asks for the user's passwd. I have had no problems to date using pubkey on other Gentoo, Ubuntu and FreeBSD machines. Can you see anything that makes sense in the above CentOS response? Is there a fix? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Cannot login with publickey on sshd
Mick wrote: Hi All, For some reason my Gentoo rsa public key is not liked by 3.9p1-11.el4_7 sshd, which is running on a CentOS server. On the Gentoo machine I am running net-misc/openssh-5.1_p1-r1. This is what it shows: === debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug3: timeout: 14835 ms remain after connect debug3: Not a RSA1 key file /home/michael/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-BEGIN' It sounds like you're using a pgp public key, is this on purpose? AFAIK, you need to convert pgp keys - openssh keys before you use them. Have you tried making a public key via ssh-keygen? signature.asc Description: OpenPGP digital signature