Results 1 to 5 of 5

Thread: SSH Key Problems

  1. #1
    Join Date
    Apr 2010
    Beans
    188

    SSH Key Problems

    I am having some problems using an rsa key instead of a password for authentication. I have been using ssh keys for a while now, and they have been working fine for me. Recently, I set up an Ubuntu server which has an ssh server. Yesterday, I set up key based authentication. The key based authentication was working for me all yesterday, but today, it is not working. I end up having to enter the user password in order to log in. I have no idea why. I know that it is not a problem with my ssh key since I am able to use it to log in to other computers. I also know that the key is set up on my Ubuntu server since it was working perfectly the first day I set it up. This has led me to believe that it might be a problem with gnome keyring.

    Here is the what I get when I try and log in to the Ubuntu server:
    Code:
    $ ssh ubuntu-server.shivers.com -vvv
    OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to ubuntu-server.shivers.com [192.168.1.183] port 22.
    debug1: Connection established.
    debug3: Incorrect RSA1 identifier
    debug3: Could not load "/home/travis/.ssh/id_rsa" as a RSA1 public key
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug2: key_type_from_name: unknown key type 'Proc-Type:'
    debug3: key_read: missing keytype
    debug2: key_type_from_name: unknown key type 'DEK-Info:'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home/travis/.ssh/id_rsa type 1
    debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
    debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
    debug1: identity file /home/travis/.ssh/id_rsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1
    debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
    debug2: fd 3 setting O_NONBLOCK
    debug3: load_hostkeys: loading entries for host "ubuntu-server.shivers.com" from file "/home/travis/.ssh/known_hosts"
    debug3: load_hostkeys: found key type ECDSA in file /home/travis/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ECDSA 6a:5e:8e:fe:5d:ba:b7:cd:de:dc:fd:90:28:b6:cb:51
    debug3: load_hostkeys: loading entries for host "ubuntu-server.shivers.com" from file "/home/travis/.ssh/known_hosts"
    debug3: load_hostkeys: found key type ECDSA in file /home/travis/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug3: load_hostkeys: loading entries for host "192.168.1.183" from file "/home/travis/.ssh/known_hosts"
    debug3: load_hostkeys: found key type ECDSA in file /home/travis/.ssh/known_hosts:2
    debug3: load_hostkeys: loaded 1 keys
    debug1: Host 'ubuntu-server.shivers.com' is known and matches the ECDSA host key.
    debug1: Found key in /home/travis/.ssh/known_hosts:1
    debug1: ssh_ecdsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/travis/.ssh/id_rsa (0x7febf8e11560)
    debug2: key: ttshivers@gmail.com (0x7febf8e16770)
    debug1: Authentications that can continue: publickey,password
    debug3: start over, passed a different list publickey,password
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/travis/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,password
    debug1: Offering RSA public key: ttshivers@gmail.com
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,password
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    travis@ubuntu-server.shivers.com's password:
    If you need any more information or files, such as my ssh config files, just let me know and I will be happy to provide them.

  2. #2
    Join Date
    Mar 2008
    Location
    Fond du Lac, Wisconsin
    Beans
    72
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: SSH Key Problems

    Are you sure that you're supposed to be using RSA? DSA is newer and more secure.

    And why is it that ssh can't load /home/travis/.ssh/id_rsa? Is there something wrong with the permissions for that file?

    Try generating a DSA pub/private keys, and using that instead.

  3. #3
    Join Date
    Apr 2010
    Beans
    188

    Re: SSH Key Problems

    There are many arguments about whether rsa or dsa is better. RSA is faster and more secure. If you look at man ssh-keygen, it says that a DSA key has to be exactly 1024 bits long to be compliant with NIST's FIPS 186-2. So although in theory longer DSA keys are possible (FIPS 186-3 also explicitly allows them) you are still restricted to 1024 bits. And if you take the considerations of this [article], we are no longer secure with 1024 bits for either RSA or DSA. Remember that there is probably nothing wrong with the key that I am using since I am able to use it to log into other computers.

  4. #4
    Join Date
    May 2006
    Location
    Boston
    Beans
    1,918
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: SSH Key Problems

    in your server-side check:
    1.
    the id.rsa.pub in in the end of file: "~/.ssh/authorized_keys" or "~/.ssh/authorized_keys2"

    2.
    permissions for "~/.ssh/authorized_keys(2)" are set to 700 or 640 depending on the version of ssh.

    blog
    Donations BTC : 12FwoB7uAM5FnweykpR1AEEDVFaTLTYFkS
    DOUBLEPLUSGOOD!!

  5. #5
    Join Date
    Apr 2010
    Beans
    188

    Re: SSH Key Problems

    I just double checked.

    1. I have my ssh public key in the ssh servers' ~/.ssh/authorized_keys file
    2. The permissions of the authorized_keys file is 700 and the owner is the user(travis)

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •