First of all, you only modified .ssh content on remote hosts: 1. when connecting to remote host the only thing which matters is that your local public key (id_ed25519.pub) line is in the appropriate remote authorized_keys file; AND you have the equivalent private key file (id_ed25519) in your local .ssh/; AND you know the correct passphrase. 2. When you are on the remote machine 1. applies in the reverse direction. the former remote is your local and vice versa.
This is most likely not your problem, but: If your client (ssh) or remote server (sshd) do not use id_ed25519*, only id_dsa --> check if id_ed25519 is not disabled in ~/.ssh/sshd_config or on remote side in /etc/ssh/ssh_config About your password and seed conundrum - ssh uses challenge response protocol for authentication. Your passwords or keys are not transmitted - which means that, if you like chaos, you could have different passwords for the same private key files on different hosts. The password is only used to unlock your private key, so that you can decrypt the challenge from the remote host on your local machine and prove that you can decrypt the challenge to the remote host by sending it back encrypted by remote machine's public key. I hope that this explanation makes sense and it is not circular. Tomas On Tue, 2016-11-08 at 07:47 -0800, Rich Shepard wrote: > On Mon, 7 Nov 2016, Tom wrote: > > > If you want the public key ssh to work the same way in the other > > direction (remote to local) you have two basic options: > > a) have same authorized_keys, id_ed25519 and id_ed25519.pub in > > your > > accounts on all hosts (remote and local). > > Now I'm thoroughly confused. I copied those files from the desktop > to the > portable and restarted sshd. Cannot ssh in either direction now; same > results using -vv for verbosity on both hosts. Output below. > > On lines 9 and 11 openssh indicates it cannot find a public key > even > though id_ed25519.pub is present. Then, it looks for a DSA key pair > which it > seems to find even though there is only the ed25519 identity file is > used. > > Detailed output from the portable (it's the same on the desktop): > > $ ssh -vv salmo > OpenSSH_7.2p2, OpenSSL 1.0.2h 3 May 2016 > debug1: Reading configuration data /home/rshepard/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: resolving "salmo" port <portnum> > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to salmo [127.0.0.1] port <portnum>. > debug1: Connection established. > debug1: key_load_public: No such file or directory > debug1: identity file /home/rshepard/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /home/rshepard/.ssh/id_dsa-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.2 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_7.2 > debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x04000000 > debug2: fd 3 setting O_NONBLOCK > debug1: Authenticating to salmo:<portnum> as 'rshepard' > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: local client KEXINIT proposal > debug2: KEX algorithms: [email protected],ecdh-sha2 > -nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group > -exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman > -group14-sha1,ext-info-c > debug2: host key algorithms: [email protected],ssh > -ed25519,[email protected], > [email protected], > [email protected],[email protected] > ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2 > -512,rsa-sha2-256,ssh-rsa > debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256 > -ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc > debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256 > -ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc > debug2: MACs ctos: [email protected],[email protected], > [email protected],[email protected], > [email protected],[email protected],[email protected],hm > ac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: MACs stoc: [email protected],[email protected], > [email protected],[email protected], > [email protected],[email protected],[email protected],hm > ac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: compression ctos: none,[email protected],zlib > debug2: compression stoc: none,[email protected],zlib > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug2: peer server KEXINIT proposal > debug2: KEX algorithms: [email protected],ecdh-sha2 > -nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group > -exchange-sha256,diffie-hellman-group14-sha1 > debug2: host key algorithms: ssh-ed25519 > debug2: ciphers ctos: [email protected],aes128-ctr,aes192 > -ctr,aes256-ctr,[email protected],[email protected] > debug2: ciphers stoc: [email protected],aes128-ctr,aes192 > -ctr,aes256-ctr,[email protected],[email protected] > debug2: MACs ctos: [email protected],[email protected], > [email protected],[email protected], > [email protected],[email protected],[email protected],hm > ac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: MACs stoc: [email protected],[email protected], > [email protected],[email protected], > [email protected],[email protected],[email protected],hm > ac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: compression ctos: none,[email protected] > debug2: compression stoc: none,[email protected] > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug1: kex: algorithm: [email protected] > debug1: kex: host key algorithm: ssh-ed25519 > debug1: kex: server->client cipher: aes128-ctr MAC: > [email protected] compression: none > debug1: kex: client->server cipher: aes128-ctr MAC: > [email protected] compression: none > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > debug1: Server host key: ssh-ed25519 > SHA256:TxTmpZon4vcLvmH7kapzGfcjTN52KfiEC0oqrkWIbJc > debug1: Host '[salmo]:<portnum>' is known and matches the ED25519 > host key. > debug1: Found key in /home/rshepard/.ssh/known_hosts:2 > debug2: set_newkeys: mode 1 > debug1: rekey after 4294967296 blocks > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: rekey after 4294967296 blocks > debug1: SSH2_MSG_NEWKEYS received > debug2: key: /home/rshepard/.ssh/id_dsa ((nil)) > debug1: SSH2_MSG_EXT_INFO received > debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2 > -512> > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /home/rshepard/.ssh/id_dsa > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > Permission denied (publickey). > > Does this help in locating the source of the issue? > > Rich > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
