Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448
Rep:
OpenSSH problem after upgrade
I recently had to upgrade my version of OpenSSH from 4.7 to 5.0 on my MacBook (Darwin). I installed the latest 'portable' tarball and removed the system version:
sshd is the same version, installed in /usr/sbin/sshd. Now, things are a bit broken: I am able to ssh from another machine into my MacBook, so the server (sshd) is working, but the outgoing client (ssh) hangs indefinitely on connect. ssh-add also hangs on any operation. ssh-agent shows:
Well, check the config files for everything. For example, my client has these default settings:
Host *
SendEnv LANG LC_*
HashKnownHosts yes
It wouldn't make sense for me to post my server settings though. You just need to go through the config file and make sure the correct host files are used etc.
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448
Original Poster
Rep:
I removed *all installations* of OpenSSH from my system (both manually installed, and from port/MacPorts), rebooted, cleaned up any trace of ssh and sshd, then re-installed openssh using ports, which installs v5.0p_1. I restored my key files (public and private), authorized_keys, and known_hosts files to ~/.ssh, then tried to ssh into my own machine, which seems to be rejecting my key:
"Second, my private key begins like this ..."
Proc-Type: 4,ENCRYPTED
Well, you shouldn't encrypt your SSH private key or else you will have to put in the passphrase before the authentication can be completed - and apparently you're not being asked for the passphrase -- is this an SSH bug or was SSH never intended to use an encrypted private key?
Aside from that, check the permissions of your private and public keys:
-rw------- 1 <user> <group> 1675 Mar 3 01:30 id_rsa
-rw-r--r-- 1 <user> <group> 395 Mar 3 01:30 id_rsa.pub
The private key should be read/writable by the user ONLY. You can turn off the 'write' flag as well if you wish. The public key should only have 'read' permission for groups and others; as with the private key you can remove all write permissions.
How are you generating your keys?
"I have 'Protocol 2' set in my sshd_config, why is sshd looking for 'a RSA1 key file'?"
Well, that would be because v2 uses RSA and/or DSA; v1 uses RSA only.
Distribution: FreeBSD, Fedora, RHEL, Ubuntu; OS X, Win; have used Slackware, Mandrake, SuSE, Xandros
Posts: 448
Original Poster
Rep:
Quote:
Originally Posted by pinniped
"Second, my private key begins like this ..."
Proc-Type: 4,ENCRYPTED
Well, you shouldn't encrypt your SSH private key or else you will have to put in the passphrase before the authentication can be completed - and apparently you're not being asked for the passphrase -- is this an SSH bug or was SSH never intended to use an encrypted private key?
Unfortunately this is an option that is not up for discussion for me: my key *has* to be protected with a passphrase per guidelines at work. And I never had a problem with other versions of SSH before this.
Quote:
Aside from that, check the permissions of your private and public keys:
-rw------- 1 <user> <group> 1675 Mar 3 01:30 id_rsa
-rw-r--r-- 1 <user> <group> 395 Mar 3 01:30 id_rsa.pub
The private key should be read/writable by the user ONLY. You can turn off the 'write' flag as well if you wish. The public key should only have 'read' permission for groups and others; as with the private key you can remove all write permissions.
Yup, permissions are fine.
Quote:
How are you generating your keys?
Using OpenSSH itself (ssh-keygen). In fact, I just tried generating new keys (both on this machine and on others), and they all return the same error.
Quote:
"I have 'Protocol 2' set in my sshd_config, why is sshd looking for 'a RSA1 key file'?"
Well, that would be because v2 uses RSA and/or DSA; v1 uses RSA only.
OK, but why "RSA1"? I've also tried setting 'Protocol' to '1','1,2', same result.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.