On Mon, 26 Sep 2016 at 19:22, Stephan Beck <sb...@secure.mailbox.org> wrote:
> Hi, > > I have successfully uploaded my SSH public key to the authorized_keys > file in ~/.ssh on the remote server using ssh-copy-id. I connected using > password authentication to check whether it really is the correct key > there and it is. Permissions are ok. > > Public key authentication is the first (in order and priority) of > several auth methods that the server offers. But as to the output below > something is not working with the submission of the secret part of the > key (well, the proof of being in possession of it) by the ssh-agent. > Before establishing connection for the first time I did > > eval $(ssh-agent) > PID xxxx > ssh-add ~/.ssh/id_rsa > > But it seems that the ssh-agent does not really authenticates to the > remote server and as a fallback password auth is selected. (I anonymized > the output below.) So, pubkey authentication is not working :-( > > Can anyone tell me what's going wrong, especially this > debug1: Offering RSA public key: ~/.ssh/id_rsa > debug2: we sent a publickey packet, wait for reply > ... > debug2: we did not send a packet, disable method > > Any hints welcome. > > > Stephan > > ----------------------------------------------------------------------- > me@mymachine:~/.ssh$ ssh -vv me@theremoteserver > OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to theremoteserver [IPaddress_remoteserver] port 22. > debug1: Connection established. > [debug messages concerning type 1 keys, snipped] > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_6.0p1 Debian-4+deb7u6 > debug1: match: OpenSSH_6.0p1 Debian-4+deb7u6 pat OpenSSH* compat 0x04000000 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > [debug messages concerning ciphers, snipped] > debug1: Server host key: RSA [server_host_key] > debug1: Host 'theremoteserver' is known and matches the RSA host key. > debug1: Found key in ~/.ssh/known_hosts:4 > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: ~/.ssh/id_rsa (0x1cpt789b66z1), > debug2: key: ~/.ssh/id_dsa ((nil)), > debug2: key: ~/.ssh/id_ecdsa ((nil)), > debug2: key: ~/.ssh/id_ed25519 ((nil)), > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering RSA public key: ~/.ssh/id_rsa > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug1: Trying private key: ~/.ssh/id_dsa > debug1: Trying private key: ~/.ssh/id_ecdsa > debug1: Trying private key: ~/.ssh/id_ed25519 > debug2: we did not send a packet, disable method > debug1: Next authentication method: keyboard-interactive > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug2: input_userauth_info_req > debug2: input_userauth_info_req: num_prompts 1 > Password: > ------------------------------------------------------------------------ > > NOTE: I pray for the OpenSSL version OpenSSH ships with being patched > soon in Jessie! > > If I'm reading the above right, it looks like the server is offering an rsa key to authenticate itself, but won't accept rsa to authenticate the client. Which is a bit cheeky. You may need a key created with a stronger method, such as ecdsa or ed25519. Mark
