Results 1 to 3 of 3

Thread: SSH server login in error

  1. #1
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,726
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    SSH server login in error

    Hey, I'm not sure what happened here and I'm trying to debug the error but I'm stuck. Recently did a maintainence upgrade (no version change), rebooted, and now I can't login locally to the ssh server. The sshd is running on port 2223. I regenerated new rsa keys : ssh-keygen -t rsa -b 4096. The new pub key was placed into authorized_keys file within ~/.ssh directory. Here is the error:

    Code:
    kevdog@MrGiggles:~/.ssh$ ssh -vvv -p 2223 -i ~/.ssh/id_rsa kevdog@localhost
    OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [127.0.0.1] port 2223.
    debug1: Connection established.
    debug3: Incorrect RSA1 identifier
    debug3: Could not load "/home/kevdog/.ssh/id_rsa" as a RSA1 public key
    debug1: identity file /home/kevdog/.ssh/id_rsa type 1
    debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-4096
    debug1: Checking blacklist file /etc/ssh/blacklist.RSA-4096
    debug1: identity file /home/kevdog/.ssh/id_rsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
    debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
    debug2: fd 3 setting O_NONBLOCK
    debug3: put_host_port: [localhost]:2223
    debug3: load_hostkeys: loading entries for host "[localhost]:2223" from file "/home/kevdog/.ssh/known_hosts"
    debug3: load_hostkeys: found key type ECDSA in file /home/kevdog/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ECDSA c0:d5:d6:1a:d4:9c:88:08:dd:1e:e1:96:fe:2b:1a:31
    debug3: put_host_port: [127.0.0.1]:2223
    debug3: put_host_port: [localhost]:2223
    debug3: load_hostkeys: loading entries for host "[localhost]:2223" from file "/home/kevdog/.ssh/known_hosts"
    debug3: load_hostkeys: found key type ECDSA in file /home/kevdog/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug1: Host '[localhost]:2223' is known and matches the ECDSA host key.
    debug1: Found key in /home/kevdog/.ssh/known_hosts:1
    debug1: ssh_ecdsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/kevdog/.ssh/id_rsa (0x20ec5a78)
    debug1: Authentications that can continue: publickey
    debug3: start over, passed a different list publickey
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/kevdog/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey
    debug2: we did not send a packet, disable method
    debug1: No more authentication methods to try.
    Permission denied (publickey).
    I'm curious specifically about this :
    debug3: Incorrect RSA1 identifier
    debug3: Could not load "/home/kevdog/.ssh/id_rsa" as a RSA1 public key

    Is this normal?

  2. #2
    Join Date
    Apr 2007
    Location
    Brussels, Belgium
    Beans
    182
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: SSH server login in error

    Yes that's normal.
    debug3: Incorrect RSA1 identifier
    debug3: Could not load "/home/jdc/.ssh/id_rsa" as a RSA1 public key

    I use an RSA key myself and tried the -vvv it tries the RSA1 and then switches.
    The difference is later, at the end of your debug. It starts the same:

    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/jdc/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Server accepts key: pkalg ssh-rsa blen 535
    debug2: input_userauth_pk_ok: fp 76:1exx
    debug3: sign_and_send_pubkey: RSA 76:1e:2dxx
    debug1: Authentication succeeded (publickey).

    I'm sorry, but I only have to offer this info and no solution.

  3. #3
    Join Date
    Jan 2010
    Beans
    3

    Re: SSH server login in error

    Hi,
    try to rename (or remove) the id_rsa.pub on the client host (/home/jdc/.ssh/id_rsa.pub).

    I think that if the client founds the public key in user's .ssh, then it goes to password authentication due to an algorith error or race condition.

    Mau.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •