LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-09-2015, 07:28 PM   #1
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Rep: Reputation: 31
Question A tale of two SSHs


Friends--

What I am trying to do: connect each of two laptops back to my home computer when I am away.

Laptop 1: ubuntu, running Ubuntu 12.04 LTS
Laptop 2: kudu, running Ubuntu 14.04 LTS
Server: fire, running Ubuntur 12.04 LTS
Same username on all 3 systems.
Using ssh keys for connections.

First Issue: One connects, other does not:
------------------------------------------

ubuntu is able to connect via ssh over internal ethernet network; kudu is not. Here is ubuntu's output:
Code:
doug@ubuntu:~$ ssh -vvv fire 
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug2: ssh_connect: needpriv 0 
debug1: Connecting to fire [192.168.0.6] port 22. 
debug1: Connection established. 
debug3: Incorrect RSA1 identifier 
debug3: Could not load "/home/doug/.ssh/id_rsa" as a RSA1 public key 
debug1: identity file /home/doug/.ssh/id_rsa type 1 
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-4096 
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-4096 
debug1: identity file /home/doug/.ssh/id_rsa-cert type -1 
debug1: identity file /home/doug/.ssh/id_dsa type -1 
debug1: identity file /home/doug/.ssh/id_dsa-cert type -1 
debug1: identity file /home/doug/.ssh/id_ecdsa type -1 
debug1: identity file /home/doug/.ssh/id_ecdsa-cert type -1 
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4 
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH* 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4 
debug2: fd 3 setting O_NONBLOCK 
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts" 
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:9 
debug3: load_hostkeys: loaded 1 keys 
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib 
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib@openssh.com 
debug2: kex_parse_kexinit: none,zlib@openssh.com 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5 
debug1: kex: server->client aes128-ctr hmac-md5 none 
debug2: mac_setup: found hmac-md5 
debug1: kex: client->server aes128-ctr hmac-md5 none 
debug1: sending SSH2_MSG_KEX_ECDH_INIT 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug1: Server host key: ECDSA [BLANKED]
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts" 
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:9 
debug3: load_hostkeys: loaded 1 keys 
debug3: load_hostkeys: loading entries for host "192.168.0.6" from file "/home/doug/.ssh/known_hosts" 
debug3: load_hostkeys: found key type RSA in file /home/doug/.ssh/known_hosts:1 
debug3: load_hostkeys: loaded 1 keys 
debug1: Host 'fire' is known and matches the ECDSA host key. 
debug1: Found key in /home/doug/.ssh/known_hosts:9 
Warning: the ECDSA host key for 'fire' differs from the key for the IP address '192.168.0.6' 
Offending key for IP in /home/doug/.ssh/known_hosts:1 
Matching host key in /home/doug/.ssh/known_hosts:9 
Are you sure you want to continue connecting (yes/no)? yes 
debug1: ssh_ecdsa_verify: signature correct 
debug2: kex_derive_keys 
debug2: set_newkeys: mode 1 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug2: set_newkeys: mode 0 
debug1: SSH2_MSG_NEWKEYS received 
debug1: Roaming not allowed by server 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug2: service_accept: ssh-userauth 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug2: key: /home/doug/.ssh/id_rsa (0xb96e9038) 
debug2: key: /home/doug/.ssh/id_dsa ((nil)) 
debug2: key: /home/doug/.ssh/id_ecdsa ((nil)) 
debug1: Authentications that can continue: publickey 
debug3: start over, passed a different list publickey 
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password 
debug3: authmethod_lookup publickey 
debug3: remaining preferred: keyboard-interactive,password 
debug3: authmethod_is_enabled publickey 
debug1: Next authentication method: publickey 
debug1: Offering RSA public key: /home/doug/.ssh/id_rsa 
debug3: send_pubkey_test 
debug2: we sent a publickey packet, wait for reply 
debug1: Server accepts key: pkalg ssh-rsa blen 535 
debug2: input_userauth_pk_ok: fp  [BLANKED]
debug3: sign_and_send_pubkey: RSA  [BLANKED]
debug1: Authentication succeeded (publickey). 
Authenticated to fire ([192.168.0.6]:22). 
debug1: channel 0: new [client-session] 
debug3: ssh_session2_open: channel_new: 0 
debug2: channel 0: send open 
debug1: Requesting no-more-sessions@openssh.com 
debug1: Entering interactive session. 
debug2: callback start 
debug2: client_session2_setup: id 0 
debug2: fd 3 setting TCP_NODELAY 
debug2: channel 0: request pty-req confirm 1 
debug1: Sending environment. 
debug3: Ignored env SSH_AGENT_PID 
debug3: Ignored env GPG_AGENT_INFO 
debug3: Ignored env TERM 
debug3: Ignored env SHELL 
debug3: Ignored env XDG_SESSION_COOKIE 
debug3: Ignored env WINDOWID 
debug3: Ignored env GNOME_KEYRING_CONTROL 
debug3: Ignored env NO_PROXY 
debug3: Ignored env USER 
debug3: Ignored env LS_COLORS 
debug3: Ignored env XDG_SESSION_PATH 
debug3: Ignored env XDG_SEAT_PATH 
debug3: Ignored env SSH_AUTH_SOCK 
debug3: Ignored env SESSION_MANAGER 
debug3: Ignored env DEFAULTS_PATH 
debug3: Ignored env XDG_CONFIG_DIRS 
debug3: Ignored env ALL_PROXY 
debug3: Ignored env all_proxy 
debug3: Ignored env PATH 
debug3: Ignored env DESKTOP_SESSION 
debug3: Ignored env PWD 
debug3: Ignored env socks_proxy 
debug3: Ignored env GNOME_KEYRING_PID 
debug1: Sending env LANG = en_US.UTF-8 
debug2: channel 0: request env confirm 0 
debug3: Ignored env MANDATORY_PATH 
debug3: Ignored env GDMSESSION 
debug3: Ignored env SHLVL 
debug3: Ignored env HOME 
debug3: Ignored env GNOME_DESKTOP_SESSION_ID 
debug3: Ignored env no_proxy 
debug3: Ignored env LOGNAME 
debug3: Ignored env XDG_DATA_DIRS 
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS 
debug3: Ignored env LESSOPEN 
debug3: Ignored env DISPLAY 
debug3: Ignored env XDG_CURRENT_DESKTOP 
debug3: Ignored env LESSCLOSE 
debug3: Ignored env COLORTERM 
debug3: Ignored env XAUTHORITY 
debug3: Ignored env _ 
debug3: Ignored env OLDPWD 
debug2: channel 0: request shell confirm 1 
debug2: callback done 
debug2: channel 0: open confirm rwindow 0 rmax 32768 
debug2: channel_input_status_confirm: type 99 id 0 
debug2: PTY allocation request accepted on channel 0 
debug2: channel 0: rcvd adjust 2097152 
debug2: channel_input_status_confirm: type 99 id 0 
debug2: shell request accepted on channel 0 
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.2.0-88-generic x86_64) 

 * Documentation:  https://help.ubuntu.com/ 

0 packages can be updated. 
0 updates are security updates. 

New release '14.04.1 LTS' available. 
Run 'do-release-upgrade' to upgrade to it. 



Last login: Sun Aug  9 19:29:43 2015 from ubuntu 
doug@fire:~$
Here is kudu's output:

Code:
doug@kudu:~$ ssh -vvv fire 
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug2: ssh_connect: needpriv 0 
debug1: Connecting to fire [192.168.0.6] port 22. 
debug1: Connection established. 
debug1: identity file /home/doug/.ssh/id_rsa type -1 
debug1: identity file /home/doug/.ssh/id_rsa-cert type -1 
debug1: identity file /home/doug/.ssh/id_dsa type -1 
debug1: identity file /home/doug/.ssh/id_dsa-cert type -1 
debug1: identity file /home/doug/.ssh/id_ecdsa type -1 
debug1: identity file /home/doug/.ssh/id_ecdsa-cert type -1 
debug1: identity file /home/doug/.ssh/id_ed25519 type -1 
debug1: identity file /home/doug/.ssh/id_ed25519-cert type -1 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4 
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5* compat 0x0c000000 
debug2: fd 3 setting O_NONBLOCK 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib 
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib@openssh.com 
debug2: kex_parse_kexinit: none,zlib@openssh.com 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5 
debug1: kex: server->client aes128-ctr hmac-md5 none 
debug2: mac_setup: setup hmac-md5 
debug1: kex: client->server aes128-ctr hmac-md5 none 
debug1: sending SSH2_MSG_KEX_ECDH_INIT 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug1: Server host key: ECDSA  [BLANKED]
The authenticity of host 'fire (192.168.0.6)' can't be established. 
ECDSA key fingerprint is  [BLANKED]
Are you sure you want to continue connecting (yes/no)? yes 
Failed to add the host to the list of known hosts (/home/doug/.ssh/known_hosts). 
debug1: ssh_ecdsa_verify: signature correct 
debug2: kex_derive_keys 
debug2: set_newkeys: mode 1 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug2: set_newkeys: mode 0 
debug1: SSH2_MSG_NEWKEYS received 
debug1: Roaming not allowed by server 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug2: service_accept: ssh-userauth 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug2: key: /home/doug/.ssh/id_rsa ((nil)), 
debug2: key: /home/doug/.ssh/id_dsa ((nil)), 
debug2: key: /home/doug/.ssh/id_ecdsa ((nil)), 
debug2: key: /home/doug/.ssh/id_ed25519 ((nil)), 
debug1: Authentications that can continue: publickey 
debug3: start over, passed a different list publickey 
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password 
debug3: authmethod_lookup publickey 
debug3: remaining preferred: keyboard-interactive,password 
debug3: authmethod_is_enabled publickey 
debug1: Next authentication method: publickey 
debug1: Trying private key: /home/doug/.ssh/id_rsa 
debug3: no such identity: /home/doug/.ssh/id_rsa: Permission denied 
debug1: Trying private key: /home/doug/.ssh/id_dsa 
debug3: no such identity: /home/doug/.ssh/id_dsa: Permission denied 
debug1: Trying private key: /home/doug/.ssh/id_ecdsa 
debug3: no such identity: /home/doug/.ssh/id_ecdsa: Permission denied 
debug1: Trying private key: /home/doug/.ssh/id_ed25519 
debug3: no such identity: /home/doug/.ssh/id_ed25519: Permission denied 
debug2: we did not send a packet, disable method 
debug1: No more authentication methods to try. 
Permission denied (publickey). 
doug@kudu:~$
I am pretty sure I did connect this way with kudu before. I have tried recreating the keys twice (ssh-keygen -t rsa -b 4096); I have tried uncommenting PasswordAuthentication and commenting StrictModes in fire's sshd_config: neither made any difference so I put them back. I have searched for hours on the Web and found nothing that works.

Seems strange that one connects and the other not.

Is it possible that the two ssh versions are not compatible?

2nd Issue: "entering interactive session" but no command prompt:
----------------------------------------------------------------

This I think is the bigger issue.

OK, had this problem with kudu, but will show you with ubuntu for now, since we know it can connect.

This one is run through no-ip as a ddns. Here is the output for ubuntu:
Code:
doug@ubuntu:~$ ssh -C2qTnNvvv -D 8080 [BLANKED].no-ip.org 
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug2: ssh_connect: needpriv 0 
debug1: Connecting to [BLANKED] port 22. 
debug1: Connection established. 
debug3: Incorrect RSA1 identifier 
debug3: Could not load "/home/doug/.ssh/id_rsa" as a RSA1 public key 
debug1: identity file /home/doug/.ssh/id_rsa type 1 
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-4096 
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-4096 
debug1: identity file /home/doug/.ssh/id_rsa-cert type -1 
debug1: identity file /home/doug/.ssh/id_dsa type -1 
debug1: identity file /home/doug/.ssh/id_dsa-cert type -1 
debug1: identity file /home/doug/.ssh/id_ecdsa type -1 
debug1: identity file /home/doug/.ssh/id_ecdsa-cert type -1 
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4 
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH* 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4 
debug2: fd 3 setting O_NONBLOCK 
debug3: load_hostkeys: loading entries for host "[BLANKED]" from file "/home/doug/.ssh/known_hosts" 
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:5 
debug3: load_hostkeys: loaded 1 keys 
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none 
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib@openssh.com 
debug2: kex_parse_kexinit: none,zlib@openssh.com 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5 
debug1: kex: server->client aes128-ctr hmac-md5 zlib@openssh.com 
debug2: mac_setup: found hmac-md5 
debug1: kex: client->server aes128-ctr hmac-md5 zlib@openssh.com 
debug1: sending SSH2_MSG_KEX_ECDH_INIT 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug1: Server host key: ECDSA [BLANKED]
debug3: load_hostkeys: loading entries for host "[BLANKED]" from file "/home/doug/.ssh/known_hosts" 
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:5 
debug3: load_hostkeys: loaded 1 keys 
debug3: load_hostkeys: loading entries for host "[BLANKED]" from file "/home/doug/.ssh/known_hosts" 
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:8 
debug3: load_hostkeys: loaded 1 keys 
debug1: Host '[BLANKED]' is known and matches the ECDSA host key. 
debug1: Found key in /home/doug/.ssh/known_hosts:5 
debug1: ssh_ecdsa_verify: signature correct 
debug2: kex_derive_keys 
debug2: set_newkeys: mode 1 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug2: set_newkeys: mode 0 
debug1: SSH2_MSG_NEWKEYS received 
debug1: Roaming not allowed by server 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug2: service_accept: ssh-userauth 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug2: key: /home/doug/.ssh/id_rsa (0xb8083880) 
debug2: key: /home/doug/.ssh/id_dsa ((nil)) 
debug2: key: /home/doug/.ssh/id_ecdsa ((nil)) 
debug1: Authentications that can continue: publickey 
debug3: start over, passed a different list publickey 
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password 
debug3: authmethod_lookup publickey 
debug3: remaining preferred: keyboard-interactive,password 
debug3: authmethod_is_enabled publickey 
debug1: Next authentication method: publickey 
debug1: Offering RSA public key: /home/doug/.ssh/id_rsa 
debug3: send_pubkey_test 
debug2: we sent a publickey packet, wait for reply 
debug1: Server accepts key: pkalg ssh-rsa blen 535 
debug2: input_userauth_pk_ok: fp [BLANKED]
debug3: sign_and_send_pubkey: RSA [BLANKED]
debug1: Enabling compression at level 6. 
debug1: Authentication succeeded (publickey). 
Authenticated to [BLANKED]. 
debug1: Local connections to LOCALHOST:8080 forwarded to remote address socks:0 
debug3: channel_setup_fwd_listener: type 2 wildcard 0 addr NULL 
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY 
debug1: Local forwarding listening on ::1 port 8080. 
debug2: fd 4 setting O_NONBLOCK 
debug3: fd 4 is O_NONBLOCK 
debug1: channel 0: new [port listener] 
debug1: Local forwarding listening on 127.0.0.1 port 8080. 
debug2: fd 5 setting O_NONBLOCK 
debug3: fd 5 is O_NONBLOCK 
debug1: channel 1: new [port listener] 
debug1: Requesting no-more-sessions@openssh.com 
debug1: Entering interactive session.
And then here the whole thing sits and I never get a command prompt. The only thing I can do is ctrl-d or -c and cancel the session.
 
Old 08-09-2015, 09:02 PM   #2
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,826

Rep: Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962
Check the debug messages for kudu. Your getting a permission denied error when the client tries reading the keys. Go back and very that your .ssh directory and keys have the correct permissions.

I'm not sure what you are trying to accomplish with all of this "-C2qTnNvvv -D 8080". It looks like a connection was successful but due to the -nT options you do not have a tty. Just try ssh [blank].no-ip.org.
 
1 members found this post helpful.
Old 08-10-2015, 10:29 PM   #3
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

michaelk--

Wonderful! You have given me the first clue! Thank you!

That string of options was from an experiment I tried a few years ago, and just copied over by mistake. Doing a straight ssh [blanked].no-ip.org got ubuntu connected straight away!

And yes, the permissions and ownerships on kudu were a strange mixture. I have changed them to these:
Code:
doug@kudu:~$ ls -alh
....
drwx------   3 doug doug 4.0K Aug  9 18:45 .ssh
....
doug@kudu:~$ cd ./.ssh
doug@kudu:~/.ssh$ ls -alh
total 96K
drwx------  3 doug doug 4.0K Aug  9 18:45 .
drwx------ 30 doug doug  40K Aug 10 22:20 ..
-rw-------  1 doug doug   97 Aug  2 20:32 config
-rw-------  1 doug doug 3.2K Aug  9 18:45 id_rsa
-rw-------  1 doug doug  735 Aug  9 18:45 id_rsa.pub
-rw-------  1 doug doug 1.8K Aug  2 20:02 known_hosts
These look right to me. Then I do:
Code:
doug@kudu:~/.ssh$ ssh -vvv fire
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/doug/.ssh/config
debug1: /home/doug/.ssh/config line 1: Applying options for fire
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to fire [192.168.0.6] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/doug/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/doug/.ssh/id_rsa type 1
debug1: identity file /home/doug/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA [blanked]
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.168.0.6" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'fire' is known and matches the ECDSA host key.
debug1: Found key in /home/doug/.ssh/known_hosts:5
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/doug/.ssh/id_rsa ([blanked]), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/doug/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
doug@kudu:~/.ssh$
I tried sudo chmod 644 id_rsa.pub (to match what is on ubuntu), with same result as above--permission denied.

The things I have read suggest that 600 is correct for the permissions. Do you see anything wrong there?

I wonder what this means: "debug1: Roaming not allowed by server" (towards the end)

The kudu debug says key: /home/doug/.ssh/id_rsa **explicit** but ubuntu lacks this word.

Another difference: at the end both kudu and ubuntu have "we sent a publickey packet, wait for reply" and then ubuntu reports "Server accepts key: pkalg ssh-rsa blen 535", while kudu goes on to "Authentications that can continue: publickey
debug2: we did not send a packet, disable method". Clues in any of that?

Thanks for your help, michaelk!
 
Old 08-11-2015, 07:57 AM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,826

Rep: Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962
The server is not accepting the key. Did you use the same id_rsa key as ubuntu?
 
Old 08-11-2015, 10:41 PM   #5
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

michaelk--

Nope. Completely new key.

Just compared the ~/.ssh directories of ubuntu and kudu: kudu had a file that ubuntu did not have: config. So I mv-ed that out of the directory and tried a ssh -vvv fire and got the same Permission denied (publickey) error.

The problem seems to be on the kudu side, would you agree?

I ran tail -f /var/log/auth.log on fire and tried connecting via no-ip, first from kudu, then from ubuntu:
Code:
Aug 11 23:32:01 fire sshd[6400]: Connection closed by [blanked] [preauth] <-- this is the kudu try
Aug 11 23:32:39 fire sshd[6410]: Accepted publickey for doug from [blanked] port 56998 ssh2
Aug 11 23:32:39 fire sshd[6410]: pam_unix(sshd:session): session opened for user doug by (uid=0)
Is that reference to port 56998 a clue? I am guessing not, because it is complaining about public key.

Then I tried ssh over the local ethernet by ubuntu and got a different port:
Code:
Aug 11 23:36:53 fire sshd[6782]: Accepted publickey for doug from 192.168.0.9 port 34840 ssh2
Aug 11 23:36:53 fire sshd[6782]: pam_unix(sshd:session): session opened for user doug by (uid=0)
I'm poking around in the dark. You have any light to poke around in? <grin>

Thanks for helping me, michaelk!
 
Old 08-12-2015, 05:38 AM   #6
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,826

Rep: Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962
How did you add kudu's public key to the authorized keys file on the server?
 
Old 08-12-2015, 10:39 AM   #7
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

michaelk--

Glad you asked that. I could not connect via ssh to do the transfer, so I used a usb memory stick to copy it, then:
Code:
cat id_rsa_kudu14.pub >> authorized_keys
The key does appear in the text in ~/.ssh/authorized_keys.

But I just noticed that it read root@kudu, so I gksudo gedited that to say doug@kudu and sudo service ssh restart, but still it does not go.

Maybe I created the key using sudo and have to redo that with user doug? Out of time to try till later today.

Thanks, michaelk!
 
Old 08-12-2015, 09:34 PM   #8
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

Thought for sure we were on to something.

So on kudu I removed all the files (id_rsa, id_rsa.pub, known_hosts) from ~/.ssh, and as user doug ran
Code:
ssh-keygen -t rsa -b 4096
then on fire:
Code:
cat id_rsa_kudu12.pub >> authorized_keys
I do have a key in there that says doug@kudu.

then on kudu the same error message:
Code:
doug@kudu:~$ ssh -vvv fire
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to fire [192.168.0.6] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/doug/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/doug/.ssh/id_rsa type 1
debug1: identity file /home/doug/.ssh/id_rsa-cert type -1
debug1: identity file /home/doug/.ssh/id_dsa type -1
debug1: identity file /home/doug/.ssh/id_dsa-cert type -1
debug1: identity file /home/doug/.ssh/id_ecdsa type -1
debug1: identity file /home/doug/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/doug/.ssh/id_ed25519 type -1
debug1: identity file /home/doug/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA [blanked]
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.168.0.6" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'fire' is known and matches the ECDSA host key.
debug1: Found key in /home/doug/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/doug/.ssh/id_rsa ([blanked]),
debug2: key: /home/doug/.ssh/id_dsa ((nil)),
debug2: key: /home/doug/.ssh/id_ecdsa ((nil)),
debug2: key: /home/doug/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/doug/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/doug/.ssh/id_dsa
debug3: no such identity: /home/doug/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/doug/.ssh/id_ecdsa
debug3: no such identity: /home/doug/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/doug/.ssh/id_ed25519
debug3: no such identity: /home/doug/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
doug@kudu:~$
Same thing using no-ip.

These two machines don't like each other!
 
Old 08-12-2015, 09:42 PM   #9
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

Config files issue?

On fire, /etc/ssh/sshd_config:
Code:
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
on kudu, /etc/ssh/ssh_config:
Code:
# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3d:
es-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no
#####ddg 20150802:
    IPQos 0x00
Clues here?
 
Old 08-12-2015, 10:09 PM   #10
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,826

Rep: Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962Reputation: 5962
Code:
debug1: Trying private key: /home/doug/.ssh/id_dsa
debug3: no such identity: /home/doug/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/doug/.ssh/id_ecdsa
debug3: no such identity: /home/doug/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/doug/.ssh/id_ed25519
debug3: no such identity: /home/doug/.ssh/id_ed25519: No such file or directory
Not sure why it didn't try sending the id_rsa key. Did you verify permissions are correct when you regenerated the keys again? You might specify the key on the command line.
ssh -i id_rsa fire

In addition you could try copying the private key from ubuntu to see if that would work. Be sure to change permissions and owner to match kudu. Be sure to specify the key file as above.
 
1 members found this post helpful.
Old 08-12-2015, 11:07 PM   #11
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

michaelk--

OK OK OK! You are on to something. I simply copied the id_rsa and id_rsa.pub from ubuntu to kudu, and it connected! Both using your -i and without it. Oh, and with no-ip.

So there is something wrong with the key generation?

Below are for historical purposes, what I tried before the above good news.

I would rather generate a new key for kudu.

What do you suggest next, michaelk?

Thank you very much! Much progress thanks to you!

====================historical info only====================

Permissions on kudu:
Code:
doug@kudu:~/.ssh$ ls -alh
total 84K
drwx------  3 doug doug 4.0K Aug 12 22:10 .
drwx------ 30 doug doug  40K Aug 12 21:50 ..
-rw-------  1 doug doug 3.2K Aug 12 22:03 id_rsa
-rw-r--r--  1 doug doug  735 Aug 12 22:03 id_rsa.pub
-rw-r--r--  1 doug doug  888 Aug 12 22:24 known_hosts
drwx------  2 doug doug 4.0K Aug 12 22:02 old
doug@kudu:~/.ssh$

Tried this on kudu:
Code:
doug@kudu:~/.ssh$ ssh -i ./id_rsa fire
Permission denied (publickey).
doug@kudu:~/.ssh$ ssh -i id_rsa fire
Permission denied (publickey).
doug@kudu:~/.ssh$
Have to think about how to copy the key from ubuntu to kudu, and I am running out of time for the rest of this week. The issue I see is that if I use the same key, the key says "doug@ubuntu" and not "doug@kudu", so I am not sure what to try with it. Guess I could simply do a copy of the pub and private keys and just run it....

Just for info, I ran those two commands over with -vvv:

First:
Code:
doug@kudu:~/.ssh$ ssh -vvv -i ./id_rsa fire
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to fire [192.168.0.6] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "./id_rsa" as a RSA1 public key
debug1: identity file ./id_rsa type 1
debug1: identity file ./id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA [blanked]
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.168.0.6" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'fire' is known and matches the ECDSA host key.
debug1: Found key in /home/doug/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: ./id_rsa ([blanked]), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: ./id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
doug@kudu:~/.ssh$
Second:
Code:
doug@kudu:~/.ssh$ ssh -vvv -i id_rsa fire
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to fire [192.168.0.6] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "id_rsa" as a RSA1 public key
debug1: identity file id_rsa type 1
debug1: identity file id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA [blanked]
debug3: load_hostkeys: loading entries for host "fire" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.168.0.6" from file "/home/doug/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/doug/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'fire' is known and matches the ECDSA host key.
debug1: Found key in /home/doug/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: id_rsa ([blanked]), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
doug@kudu:~/.ssh$
Changed all files in .ssh directory to 600, still same error.
 
  


Reply

Tags
ddns, interactive, public key, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
The tale of 2 kernals ukwho Linux - Newbie 2 02-10-2009 09:41 AM
A Tale of two Eth pannet1 Linux - Networking 11 09-18-2007 02:09 AM
Bard's Tale mat_uk111 Linux - Games 0 08-23-2005 05:34 AM
Squid..my tale of woe ..... Nige Linux - Newbie 2 12-08-2003 05:11 PM
Samba, a tale of two cities kcourser Linux - Networking 3 03-12-2003 01:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration