Results 1 to 3 of 3

Thread: Two 19.10 AWS EC2 Upgrades result in ssh Permission denied (publickey).

  1. #1
    Join Date
    Aug 2009
    Location
    Montreal, Canada
    Beans
    13

    Two 19.10 AWS EC2 Upgrades result in ssh Permission denied (publickey).

    I upgrade two EC2 20.04 systems from 20.04 to 20.10 (via ssh of course). In both cases, after completing the upgrade and attempting to log in my ssh certificate was rejected. I've been using this certificate for years without incident.

    Code:
    $ ssh -vvv -i ~/.ssh/sslTest ubuntu@52.23.192.104
    OpenSSH_8.3p1 Ubuntu-1, OpenSSL 1.1.1f  31 Mar 2020
    debug1: Reading configuration data /home/mslinn/.ssh/config
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug2: resolve_canonicalize: hostname 52.23.192.104 is address
    debug2: ssh_connect_direct
    debug1: Connecting to 52.23.192.104 [52.23.192.104] port 22.
    debug1: Connection established.
    load pubkey "/home/mslinn/.ssh/sslTest": invalid format
    debug1: identity file /home/mslinn/.ssh/sslTest type -1
    debug1: identity file /home/mslinn/.ssh/sslTest-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_8.3p1 Ubuntu-1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_8.3p1 Ubuntu-1
    debug1: match: OpenSSH_8.3p1 Ubuntu-1 pat OpenSSH* compat 0x04000000
    debug2: fd 3 setting O_NONBLOCK
    debug1: Authenticating to 52.23.192.104:22 as 'ubuntu'
    debug3: hostkeys_foreach: reading file "/home/mslinn/.ssh/known_hosts"
    debug3: record_hostkey: found key type ECDSA in file /home/mslinn/.ssh/known_hosts:48
    debug3: load_hostkeys: loaded 1 keys from 52.23.192.104
    debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    debug3: send packet: type 20
    debug1: SSH2_MSG_KEXINIT sent
    debug3: receive packet: type 20
    debug1: SSH2_MSG_KEXINIT received
    debug2: local client KEXINIT proposal
    debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
    debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
    debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: compression ctos: zlib@openssh.com,zlib,none
    debug2: compression stoc: zlib@openssh.com,zlib,none
    debug2: languages ctos:
    debug2: languages stoc:
    debug2: first_kex_follows 0
    debug2: reserved 0
    debug2: peer server KEXINIT proposal
    debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
    debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
    debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: compression ctos: none,zlib@openssh.com
    debug2: compression stoc: none,zlib@openssh.com
    debug2: languages ctos:
    debug2: languages stoc:
    debug2: first_kex_follows 0
    debug2: reserved 0
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com
    debug3: send packet: type 30
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug3: receive packet: type 31
    debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ABq7YnCtlA7th201/MY9AyEjJrg2mg5yggmJA7De0po
    debug3: hostkeys_foreach: reading file "/home/mslinn/.ssh/known_hosts"
    debug3: record_hostkey: found key type ECDSA in file /home/mslinn/.ssh/known_hosts:48
    debug3: load_hostkeys: loaded 1 keys from 52.23.192.104
    debug1: Host '52.23.192.104' is known and matches the ECDSA host key.
    debug1: Found key in /home/mslinn/.ssh/known_hosts:48
    debug3: send packet: type 21
    debug2: set_newkeys: mode 1
    debug1: rekey out after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug3: receive packet: type 21
    debug1: SSH2_MSG_NEWKEYS received
    debug2: set_newkeys: mode 0
    debug1: rekey in after 134217728 blocks
    debug1: Will attempt key: /home/mslinn/.ssh/sslTest  explicit
    debug2: pubkey_prepare: done
    debug3: send packet: type 5
    debug3: receive packet: type 7
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
    debug3: receive packet: type 6
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug3: send packet: type 50
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey
    debug3: start over, passed a different list publickey
    debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/mslinn/.ssh/sslTest
    debug3: sign_and_send_pubkey: RSA SHA256:P+B2f4dkicVFoUWXv9BFa7qmAMtqo8GNWdtIjKsRZm8
    debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:P+B2f4dkicVFoUWXv9BFa7qmAMtqo8GNWdtIjKsRZm8
    debug3: send packet: type 50
    debug2: we sent a publickey packet, wait for reply
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey
    debug2: we did not send a packet, disable method
    debug1: No more authentication methods to try.
    ubuntu@52.23.192.104: Permission denied (publickey).
    I see the message 'load pubkey "/home/mslinn/.ssh/sslTest": invalid format'. No idea why that should appear now.
    Last edited by mslinn; 3 Weeks Ago at 02:40 PM.

  2. #2
    Join Date
    May 2013
    Location
    Galiza
    Beans
    2,864
    Distro
    Ubuntu

    Re: Two 19.10 AWS EC2 Upgrades result in ssh Permission denied (publickey).

    19.04 or 19.10 are both EOL.

  3. #3
    Join Date
    Aug 2009
    Location
    Montreal, Canada
    Beans
    13

    Re: Two 19.10 AWS EC2 Upgrades result in ssh Permission denied (publickey).

    Oops, I wrote in an incorrect version number. Instead of 19.04 and 19.10, I should have written 20.04 and 20.10. I was able to modify the question, but not the title.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •