LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-18-2008, 02:33 PM   #1
deesto
Member
 
Registered: May 2002
Location: NY, USA
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448

Rep: Reputation: 31
Question OpenSSH problem after upgrade


I recently had to upgrade my version of OpenSSH from 4.7 to 5.0 on my MacBook (Darwin). I installed the latest 'portable' tarball and removed the system version:
Code:
$ ssh -V
OpenSSH_5.0p1, OpenSSL 0.9.7l 28 Sep 2006
$ which ssh
/usr/bin/ssh
sshd is the same version, installed in /usr/sbin/sshd. Now, things are a bit broken: I am able to ssh from another machine into my MacBook, so the server (sshd) is working, but the outgoing client (ssh) hangs indefinitely on connect. ssh-add also hangs on any operation. ssh-agent shows:
Code:
ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-35xNGanxBs/agent.2282; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2283; export SSH_AGENT_PID;
echo Agent pid 2283;
The interesting bits from an ssh -vvv localhost are:
Code:
...
debug3: Not a RSA1 key file /Users/jd/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
...
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
The ssh connection attempt just hangs and sits at:
Code:
...
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
I don't know why the error 'Not a RSA1 key file' comes up, as my private key (id_rsa) remains unchanged and begins thusly:
Code:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E4E5E1C1F000924A
...
Any thoughts on what may be wrong or what else I can try?
 
Old 06-19-2008, 07:31 AM   #2
pinniped
Senior Member
 
Registered: May 2008
Location: planet earth
Distribution: Debian
Posts: 1,732

Rep: Reputation: 50
Check the configuration files.
 
Old 06-19-2008, 07:32 AM   #3
deesto
Member
 
Registered: May 2002
Location: NY, USA
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by pinniped View Post
Check the configuration files.
... for....?
 
Old 06-19-2008, 07:45 AM   #4
pinniped
Senior Member
 
Registered: May 2008
Location: planet earth
Distribution: Debian
Posts: 1,732

Rep: Reputation: 50
Well, check the config files for everything. For example, my client has these default settings:

Host *
SendEnv LANG LC_*
HashKnownHosts yes

It wouldn't make sense for me to post my server settings though. You just need to go through the config file and make sure the correct host files are used etc.
 
Old 06-19-2008, 07:50 AM   #5
deesto
Member
 
Registered: May 2002
Location: NY, USA
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448

Original Poster
Rep: Reputation: 31
Interesting ... my .ssh/config has none of those lines, just these:
Code:
Host *
 ServerAliveInterval 120
 ServerAliveCountMax 3
 ForwardAgent yes
 ForwardX11 yes
 ForwardX11Trusted yes
 TCPKeepAlive yes
 IdentityFile ~/.ssh/id_rsa
I got rid of mine and used yours instead, and ssh hangs in the same place.

/etc/ssh_config is:
Code:
   ForwardAgent yes
   ForwardX11 yes
   ForwardX11Trusted yes
/etc/sshd_config is:
Code:
Protocol 2
SyslogFacility AUTHPRIV
Subsystem       sftp    /usr/libexec/sftp-server
Match User jd
        X11Forwarding yes
 
Old 06-19-2008, 02:31 PM   #6
deesto
Member
 
Registered: May 2002
Location: NY, USA
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448

Original Poster
Rep: Reputation: 31
I removed *all installations* of OpenSSH from my system (both manually installed, and from port/MacPorts), rebooted, cleaned up any trace of ssh and sshd, then re-installed openssh using ports, which installs v5.0p_1. I restored my key files (public and private), authorized_keys, and known_hosts files to ~/.ssh, then tried to ssh into my own machine, which seems to be rejecting my key:
Code:
ssh -vvv localhost
OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /Users/jd/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /Users/jd/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /Users/jd/.ssh/id_rsa type 1
ssh_exchange_identification: Connection closed by remote host
Now I'm confused: first, if I have 'Protocol 2' set in my sshd_config, why is sshd looking for 'a RSA1 key file'? Does that mean version 1 of RSA?

Second, my private key begins like this:
Code:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC, ...
Isn't that the way it should be?

If I connect to a remote host, it once again hangs in the same place:
Code:
debug1: Found key in /Users/jd/.ssh/known_hosts:22
debug2: bits set: 525/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
 
Old 06-19-2008, 09:36 PM   #7
pinniped
Senior Member
 
Registered: May 2008
Location: planet earth
Distribution: Debian
Posts: 1,732

Rep: Reputation: 50
"Second, my private key begins like this ..."
Proc-Type: 4,ENCRYPTED

Well, you shouldn't encrypt your SSH private key or else you will have to put in the passphrase before the authentication can be completed - and apparently you're not being asked for the passphrase -- is this an SSH bug or was SSH never intended to use an encrypted private key?

Aside from that, check the permissions of your private and public keys:
-rw------- 1 <user> <group> 1675 Mar 3 01:30 id_rsa
-rw-r--r-- 1 <user> <group> 395 Mar 3 01:30 id_rsa.pub

The private key should be read/writable by the user ONLY. You can turn off the 'write' flag as well if you wish. The public key should only have 'read' permission for groups and others; as with the private key you can remove all write permissions.

How are you generating your keys?


"I have 'Protocol 2' set in my sshd_config, why is sshd looking for 'a RSA1 key file'?"
Well, that would be because v2 uses RSA and/or DSA; v1 uses RSA only.
 
Old 06-20-2008, 10:18 AM   #8
deesto
Member
 
Registered: May 2002
Location: NY, USA
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by pinniped View Post
"Second, my private key begins like this ..."
Proc-Type: 4,ENCRYPTED

Well, you shouldn't encrypt your SSH private key or else you will have to put in the passphrase before the authentication can be completed - and apparently you're not being asked for the passphrase -- is this an SSH bug or was SSH never intended to use an encrypted private key?
Unfortunately this is an option that is not up for discussion for me: my key *has* to be protected with a passphrase per guidelines at work. And I never had a problem with other versions of SSH before this.
Quote:
Aside from that, check the permissions of your private and public keys:
-rw------- 1 <user> <group> 1675 Mar 3 01:30 id_rsa
-rw-r--r-- 1 <user> <group> 395 Mar 3 01:30 id_rsa.pub

The private key should be read/writable by the user ONLY. You can turn off the 'write' flag as well if you wish. The public key should only have 'read' permission for groups and others; as with the private key you can remove all write permissions.
Yup, permissions are fine.
Quote:
How are you generating your keys?
Using OpenSSH itself (ssh-keygen). In fact, I just tried generating new keys (both on this machine and on others), and they all return the same error.
Quote:
"I have 'Protocol 2' set in my sshd_config, why is sshd looking for 'a RSA1 key file'?"
Well, that would be because v2 uses RSA and/or DSA; v1 uses RSA only.
OK, but why "RSA1"? I've also tried setting 'Protocol' to '1','1,2', same result.
 
  


Reply

Tags
hang, key, openssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to upgrade openssh without disturbing old authentication keys avijitp Linux - Software 1 07-06-2007 05:56 PM
OPENSSH upgrade ?? sachinh Linux - General 2 05-31-2007 04:43 AM
Trying to upgrade openssh Rig24 Linux - Software 4 04-17-2007 11:23 AM
problem compiling openssh josephswagner Linux - Software 1 03-27-2005 05:42 AM
unable to upgrade openSSH on RH6.2 assdee Linux - Software 2 12-29-2003 05:05 PM


All times are GMT -5. The time now is 01:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration