Related
trying to ssh to a linux machine
this is the logs after entering the password
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).
Authenticated to 169.254.63.73 ([169.254.63.73]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions#openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x48
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env TERM_PROGRAM
debug3: Ignored env SHELL
debug3: Ignored env TERM
debug3: Ignored env TMPDIR
debug3: Ignored env TERM_PROGRAM_VERSION
debug3: Ignored env TERM_SESSION_ID
debug3: Ignored env USER
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env PATH
debug3: Ignored env LaunchInstanceID
debug3: Ignored env PWD
debug3: Ignored env XPC_FLAGS
debug3: Ignored env XPC_SERVICE_NAME
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug1: Sending env LC_CTYPE = UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env SECURITYSESSIONID
debug3: Ignored env _
debug3: Ignored env __CF_USER_TEXT_ENCODING
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
and then it just freezes and doesn't continue. Terminal is stuck as well, and can't be ctrl+c to quit
what is happening?
I see several stackoverflow threads on difference between non-interactive and interactive and login and non-login shell.
However, there is no clear answer on being able to create/designate a "non-interactive login shell" for a user. I see some reference "disabling" (or lock) a user account but thats not what I want. I need to be able to do remotely something like:
ssh user#hostname somecommand
I tried the useradd "-s /usr/sbin/nologin" but its not working if I am trying to execute a command like above. I get output like (trying to use user name "test_nl" to localhost and execute command "pwd"):
my_user#ubuntu:~$ ssh -i test_nl test_nl#localhost -vvvv pwd
OpenSSH_7.2p2 Ubuntu-4ubuntu2.7, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "localhost" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file test_nl type 1
debug1: key_load_public: No such file or directory
debug1: identity file test_nl-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.7
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.7 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to localhost:22 as 'test_nl'
debug3: hostkeys_foreach: reading file "/home/my_user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/my_user/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from localhost
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qwLgqbgRRRXK9MxbkWmHziRek34pW6nvDiE0fYV7ImI
debug3: hostkeys_foreach: reading file "/home/my_user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/my_user/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from localhost
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/my_user/.ssh/known_hosts:4
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: test_nl (0x56156682cd00), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: test_nl
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:RFDBiNfj35+57Lllaccu8Um6qPUuP7I3jDrPWgNRKNU
debug3: sign_and_send_pubkey: RSA SHA256:RFDBiNfj35+57Lllaccu8Um6qPUuP7I3jDrPWgNRKNU
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([::1]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions#openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IPV6_TCLASS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env SSH_CLIENT
debug3: Ignored env OLDPWD
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env VIRTUAL_ENV
debug3: Ignored env LIBVIRT_DEFAULT_URI
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env PS1
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env LESSCLOSE
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-142-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
142 packages can be updated.
94 updates are security updates.
Last login: Thu Sep 5 15:54:47 2019 from ::1
This account is currently not available.
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow#openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
debug3: send packet: type 1
Connection to localhost closed.
Transferred: sent 3020, received 3592 bytes, in 0.2 seconds
Bytes per second: sent 15345.1, received 18251.5
debug1: Exit status 1
I still see option it triggering interactive shell. How do I disable it (or login 'non-interactively' and execute somecommand (in this case pwd). FYI my /etc/passwd is:
my_user#ubuntu:~$ cat /etc/passwd | grep test_
test_nl:x:1002:1002:,,,:/home/test_nl:/usr/sbin/nologin
my_user#ubuntu:~$
The difference between the way that OpenSSH invokes shells for interactive use and for scripting use is that interactive shells are always login shells (because the first character of argv[0] is -). When invoking a command, the shell will always be invoked with the first argument as -c instead.
There are no standard shells that allow only commands with -c but do not allow interactive use because there is no appreciable difference in security between those situations. If you wanted to have a shell that would only process scripting commands, you would have to write one, probably as a wrapper around a standard shell, and add your custom shell to /etc/shells.
OpenSSH does provide a command option in authorized_keys (see authorized_keys(5)) which allows you to specify a command to be run when a particular key is used. You can use this to allow the execution of only a single command when someone logs in with a key; this, unlike the distinction above, is an effective security control. If you want to allow multiple different commands, you'd either need to use your own restricted shell or use a key per command.
I just want to understand how ssh works. When I sniffed the communication using wireshark I got these packets:
SSHv2 client: Protocol
SSHv2 server: Protocol
SSHv2 Client: Key Exchange Init
SSHv2 Server: Key Exchange Init
SSHv2 Client: Elliptic Diffie-Hellman Key Exchange Init
SSHv2 Server: Elliptic Diffie-Hellman Key Exchange Reply, New Keys, Encrypted packet
SSHv2 Client: New Keys
After this everything is encrypted, I did my research and found out that two packets are missing :
SSHv2 Client: Diffie-Hellman GEX Init
SSHv2 Server: Diffie-Hellman GEX Reply
These 2 numbers will be then used to generate the symmetric key!
My question is at which point the 2 numbers are exchanged and in which packets? Why do I have 2 packets missing? Is it because the ssh algorithm has changed? Or is it because the openSSH-client version (I am using OpenSSH_7.2p2 on ubuntu 16.04) You will find below the output of the command ssh -v -v -v user#server plus the screenshot. Have a good day.
screenshot http://hpics.li/598bb8e
loucif#loucif-VirtualBox:~$ ssh -v -v -v loucif#192.168.1.1
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g-fips 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.1" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/loucif/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/loucif/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/loucif/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/loucif/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/loucif/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/loucif/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/loucif/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/loucif/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.1:22 as 'loucif'
debug3: hostkeys_foreach: reading file "/home/loucif/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/loucif/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 192.168.1.1
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:s+3/VK4r8fauhX9bab+l+88gvu9Ky6fikXqP83bYsMo
debug3: hostkeys_foreach: reading file "/home/loucif/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/loucif/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 192.168.1.1
debug1: Host '192.168.1.1' is known and matches the ECDSA host key.
debug1: Found key in /home/loucif/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/loucif/.ssh/id_rsa ((nil))
debug2: key: /home/loucif/.ssh/id_dsa ((nil))
debug2: key: /home/loucif/.ssh/id_ecdsa ((nil))
debug2: key: /home/loucif/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/loucif/.ssh/id_rsa
debug3: no such identity: /home/loucif/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/loucif/.ssh/id_dsa
debug3: no such identity: /home/loucif/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/loucif/.ssh/id_ecdsa
debug3: no such identity: /home/loucif/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/loucif/.ssh/id_ed25519
debug3: no such identity: /home/loucif/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
loucif#192.168.1.1's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).
Authenticated to 192.168.1.1 ([192.168.1.1]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions#openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env XDG_VTNR
debug1: Sending env LC_PAPER = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug1: Sending env LC_ADDRESS = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_GREETER_DATA_DIR
debug1: Sending env LC_MONETARY = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env CLUTTER_IM_MODULE
debug3: Ignored env SESSION
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env TERM
debug3: Ignored env VTE_VERSION
debug3: Ignored env SHELL
debug3: Ignored env QT_LINUX_ACCESSIBILITY_ALWAYS_ON
debug3: Ignored env WINDOWID
debug1: Sending env LC_NUMERIC = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env UPSTART_SESSION
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env GTK_MODULES
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug1: Sending env LC_TELEPHONE = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env QT_ACCESSIBILITY
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PATH
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env QT_QPA_PLATFORMTHEME
debug1: Sending env LC_IDENTIFICATION = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env PWD
debug3: Ignored env JOB
debug3: Ignored env XMODIFIERS
debug3: Ignored env GNOME_KEYRING_PID
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env GDM_LANG
debug3: Ignored env MANDATORY_PATH
debug1: Sending env LC_MEASUREMENT = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env COMPIZ_CONFIG_PROFILE
debug3: Ignored env IM_CONFIG_PHASE
debug3: Ignored env PAPERSIZE
debug3: Ignored env GDMSESSION
debug3: Ignored env SESSIONTYPE
debug3: Ignored env GTK2_MODULES
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env XDG_SEAT
debug3: Ignored env LANGUAGE
debug3: Ignored env LIBGL_ALWAYS_SOFTWARE
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env UPSTART_INSTANCE
debug3: Ignored env UPSTART_EVENTS
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env LOGNAME
debug3: Ignored env COMPIZ_BIN_PATH
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env QT4_IM_MODULE
debug3: Ignored env LESSOPEN
debug3: Ignored env INSTANCE
debug3: Ignored env UPSTART_JOB
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env GTK_IM_MODULE
debug3: Ignored env LESSCLOSE
debug1: Sending env LC_TIME = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug1: Sending env LC_NAME = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
519 paquets peuvent être mis à jour.
278 mises à jour de sécurité.
Last login: Sat Dec 30 14:35:41 2017 from 192.168.1.2
loucif#loucif-VirtualBox:~$
So after some research I found the following answer:
There was an update in the ssh algorithm (since 2006 I think, not
sure), they moved out from standard Diffie Hellman to Elliptic
Curve Diffie Hellman which is faster and more secure since it is based on Elliptic Curves.
Since the algorithm has changed we don't have the same packets
anymore which explains the missing ones :
SSHv2 Client: Diffie-Hellman GEX Init
SSHv2 Server: Diffie-Hellman GEX Reply
I am trying to ping remote host using module: ping. my hosts file looks like below:
[groupA] HostA ansible_connection=ssh ansible_user=userA
command: ansible -i hosts -m ping all
Manually I am able to ssh successfully using same userA on HostA, but not via ansible
Debug logs from ansible:
No config file found; using defaults Loaded callback minimal of
type stdout, v2.0 ESTABLISH SSH CONNECTION FOR USER:
userA SSH: EXEC ssh -C -vvv -o StrictHostKeyChecking=no
-o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=userA -o ConnectTimeout=10 HostA '/bin/sh -c '"'"'( umask 77 && mkdir -p "echo
/tmp/ansible-userB/ansible-tmp-1473143642.15-125405279117948" &&
echo ansible-tmp-1473143642.15-125405279117948="echo
/tmp/ansible-userB/ansible-tmp-1473143642.15-125405279117948" ) &&
sleep 0'"'"''
Source Host O.S details:
LSB Version:
:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: RedHatEnterpriseServer Description: Red Hat
Enterprise Linux Server release 6.8 (Santiago) Release: 6.8
Codename: Santiago
Target Host O.S details:
bash-4.1$ lsb_release -a
LSB Version:
:base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: RedHatEnterpriseServer Description: Red
Hat Enterprise Linux Server release 6.8 (Santiago) Release:
6.8 Codename: Santiago
EDIT: Manual commands:
ssh UserA#HostA
//Some lines of sshing to the remote host
-sh$: hostname -f
HostA
-sh$:
EDIT2:
Output from running ssh: EXEC command
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading
configuration data /etc/ssh/ssh_config debug1: Applying options for *
debug2: ssh_connect: needpriv 0 debug1: Connecting to hostA [IP port]
port 22. debug2: fd 3 setting O_NONBLOCK debug1: fd 3 clearing
O_NONBLOCK debug1: Connection established. debug3: timeout: 9924 ms
remain after connect debug1: identity file /home/userB/.ssh/identity
type -1 debug1: identity file /home/userB/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /home/userB/.ssh/id_rsa. debug2:
key_type_from_name: unknown key type '-----BEGIN' debug3: key_read:
missing keytype debug3: key_read: missing whitespace debug3: key_read:
missing whitespace debug3: key_read: missing whitespace debug3:
key_read: missing whitespace debug3: key_read: missing whitespace
debug3: key_read: missing whitespace debug3: key_read: missing
whitespace debug3: key_read: missing whitespace debug3: key_read:
missing whitespace debug3: key_read: missing whitespace debug3:
key_read: missing whitespace debug3: key_read: missing whitespace
debug3: key_read: missing whitespace debug3: key_read: missing
whitespace debug3: key_read: missing whitespace debug3: key_read:
missing whitespace debug3: key_read: missing whitespace debug3:
key_read: missing whitespace debug3: key_read: missing whitespace
debug3: key_read: missing whitespace debug3: key_read: missing
whitespace debug3: key_read: missing whitespace debug3: key_read:
missing whitespace debug3: key_read: missing whitespace debug3:
key_read: missing whitespace debug2: key_type_from_name: unknown key
type '-----END' debug3: key_read: missing keytype debug1: identity
file /home/userB/.ssh/id_rsa type 1 debug1: identity file
/home/userB/.ssh/id_rsa-cert type -1 debug1: identity file
/home/userB/.ssh/id_dsa type -1 debug1: identity file
/home/userB/.ssh/id_dsa-cert type -1 debug1: identity file
/home/userB/.ssh/id_ecdsa type -1 debug1: identity file
/home/userB/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version
2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3 debug2: fd 3 setting
O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 960 bytes for a
total of 981 debug1: SSH2_MSG_KEXINIT received debug2:
kex_parse_kexinit: debug2: kex_parse_kexinit: debug2:
kex_parse_kexinit: debug2: kex_parse_kexinit: debug2:
kex_parse_kexinit: debug2: kex_parse_kexinit: debug2:
kex_parse_kexinit: zlib#openssh.com,zlib,none debug2:
kex_parse_kexinit: zlib#openssh.com,zlib,none debug2:
kex_parse_kexinit: debug2: kex_parse_kexinit: debug2:
kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit:
reserved 0 debug2: kex_parse_kexinit: debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss debug2: kex_parse_kexinit: debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2:
kex_parse_kexinit: none,zlib#openssh.com debug2: kex_parse_kexinit:
none,zlib#openssh.com debug2: kex_parse_kexinit: debug2:
kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found
hmac-md5 debug1: kex: server->client debug2: mac_setup: found
hmac-md5 debug1: kex: client->server debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting
SSH2_MSG_KEX_DH_GEX_GROUP debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 123/256 debug2: bits set:
506/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting
SSH2_MSG_KEX_DH_GEX_REPLY debug3: Wrote 144 bytes for a total of 1149
debug3: check_host_in_hostfile: host hostA filename
/home/userB/.ssh/known_hosts debug3: check_host_in_hostfile: host
hostA filename /home/userB/.ssh/known_hosts debug3:
check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile:
host IP port filename /home/userB/.ssh/known_hosts debug3:
check_host_in_hostfile: host IP port filename
/home/userB/.ssh/known_hosts debug3: check_host_in_hostfile: match
line 1 debug1: Host 'hostA' is known and matches the RSA host key.
debug1: Found key in /home/userB/.ssh/known_hosts:1 debug2: bits set:
505/1024 debug1: ssh_rsa_verify: signature correct debug2:
kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS
sent debug1: expecting SSH2_MSG_NEWKEYS debug3: Wrote 16 bytes for a
total of 1165 debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS
received debug1: SSH2_MSG_SERVICE_REQUEST sent debug3: Wrote 48 bytes
for a total of 1213 debug2: service_accept: ssh-userauth debug1:
SSH2_MSG_SERVICE_ACCEPT received debug2: key:
/home/userB/.ssh/identity ((nil)) debug2: key: /home/userB/.ssh/id_rsa
(0x7ffb0551e430) debug2: key: /home/userB/.ssh/id_dsa ((nil)) debug2:
key: /home/userB/.ssh/id_ecdsa ((nil)) debug3: Wrote 64 bytes for a
total of 1277 debug3: input_userauth_banner
debug1: Authentications that can continue: debug3: start over, passed
a different list debug3: preferred debug3: authmethod_lookup
gssapi-with-mic debug3: remaining preferred: debug3:
authmethod_is_enabled debug1: Next authentication method: debug3:
Trying to reverse map address IP port. debug1: Unspecified GSS
failure. Minor code may provide more information Credentials cache
file '/tmp/krb5cc_' not found
debug1: Unspecified GSS failure. Minor code may provide more
information Credentials cache file '/tmp/krb5cc_' not found
debug1: Unspecified GSS failure. Minor code may provide more
information
debug1: Unspecified GSS failure. Minor code may provide more
information Credentials cache file '/tmp/krb5cc_' not found
debug2: we did not send a packet, disable method debug3:
authmethod_lookup gssapi-keyex debug3: remaining preferred: debug3:
authmethod_is_enabled gssapi-keyex debug1: Next authentication method:
gssapi-keyex debug1: No valid Key exchange context debug2: we did not
send a packet, disable method debug3: authmethod_lookup publickey
debug3: remaining preferred: ,publickey debug3: authmethod_is_enabled
publickey debug1: Next authentication method: publickey debug1: Trying
private key: /home/userB/.ssh/identity debug3: no such identity:
/home/userB/.ssh/identity debug1: Offering public key:
/home/userB/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a
publickey packet, wait for reply debug3: Wrote 368 bytes for a total
of 1645 debug1: Server accepts key: pkalg ssh-rsa blen 277 debug2:
input_userauth_pk_ok: debug3: sign_and_send_pubkey: debug1: read PEM
private key done: type RSA debug3: Wrote 640 bytes for a total of 2285
debug1: Enabling compression at level 6. debug1: Authentication
succeeded (publickey). debug1: channel 0: new [client-session] debug3:
ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1:
Requesting no-more-sessions#openssh.com debug1: Entering interactive
session. debug3: Wrote 112 bytes for a total of 2397 debug2: callback
start debug2: client_session2_setup: id 0 debug2: channel 0: request
pty-req confirm 1 debug1: Sending environment. debug3: Ignored env
debug3: Ignored env debug3: Ignored env MANPATH debug3: Ignored env
debug3: Ignored env HOSTNAME debug3: Ignored env
ANSIBLE_HOST_KEY_CHECKING debug3: Ignored env ANSIBLE_SSH_ARGS debug3:
Ignored env debug3: Ignored env TERM debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE debug3: Ignored env QTDIR debug3: Ignored
env OLDPWD debug3: Ignored env QTINC debug3: Ignored env USER debug3:
Ignored env ANSIBLE_REMOTE_TEMP debug3: Ignored env LS_COLORS debug3:
Ignored env debug3: Ignored env TMOUT debug3: Ignored env debug3:
Ignored env PAGER debug3: Ignored env PATH debug3: Ignored env
debug3: Ignored env PWD debug3: Ignored env JAVA_HOME debug3: Ignored
env LMFILES debug3: Ignored env EFS_SERVERNAME debug3: Ignored env
EDITOR debug1: Sending env LANG = en_US.utf8 debug2: channel 0:
request env confirm 0 debug3: Ignored env MODULEPATH debug3: Ignored
env debug3: Ignored env LOADEDMODULES debug3: Ignored env
ANSIBLE_SCP_IF_SSH debug3: Ignored env ANSIBLE_TRANSPORT debug3:
Ignored env HISTCONTROL debug3: Ignored env debug3: Ignored env SHLVL
debug3: Ignored env HOME debug3: Ignored env debug3: Ignored env
PYTHONPATH debug3: Ignored env PBUSER debug3: Ignored env LOGNAME
debug3: Ignored env QTLIB debug3: Ignored env CVS_RSH debug3: Ignored
env LESSOPEN debug3: Ignored env EFS_PLATFORM64 debug3: Ignored env
G_BROKEN_FILENAMES debug3: Ignored env BASH_FUNC_append() debug3:
Ignored env BASH_FUNC_addpath() debug3: Ignored env BASH_FUNC_module()
debug3: Ignored env BASH_FUNC_prepend() debug3: Ignored env
BASH_FUNC_delpath() debug3: Ignored env BASH_FUNC_showpath() debug3:
Ignored env _ debug2: channel 0: request shell confirm 1 debug2: fd 3
setting TCP_NODELAY debug2: callback done debug2: channel 0: open
confirm rwindow 0 rmax 32768 debug3: Wrote 320 bytes for a total of
2717 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY
allocation request accepted on channel 0 debug2: channel 0: rcvd
adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0 Last login: Tue Sep 6
07:24:55 2016 from hostB
Did you try to skip the authentication of ssh?
In the file /etc/ssh/ssh_config or ~/.ssh/config, add following lines.
Host *
StrictHostKeyChecking no
or add following lines in the ansible.cfg
[defaults]
host_key_checking = False
I have an EC2 instance running. I can ssh with no problems:
ssh -i mykey.pem ec2-user#someIPaddress
. However, scp fails. Running this:
scp -vvv -i mykey.pem test.txt ec2-user#someIPaddress:/tmp/
produces the following result:
Executing: program /usr/bin/ssh host someIPadress, user ec2-user, command scp -v -t /tmp/
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to someIPaddress [someIPaddress] port 22.
debug1: connect to address someIPadress port 22: Network is unreachable
ssh: connect to host someIPaddress port 22: Network is unreachable
lost connection
Additional infos:
My .pem key has read and write permissions only for myself (-rw-------).
I was told that there might be a problem with scp if running /bin/true on EC2 produces a non-empty line, but this is not the case here:
[ec2-user#someIPaddress ~]$ /bin/true
[ec2-user#someIPaddress ~]$
I verified that test.txt exists :)
I verified that I can write into /tmp by logging in via ssh.
I am surprised that ssh works, but not scp. Any ideas?
Edit: Running
ssh -vvv -i mykey.pem ec2-user#someIP
produces:
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to someIPaddress [someIPaddress] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "mykey.pem" as a RSA1 public key
debug1: identity file mykey.pem type -1
debug1: identity file mykey.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1
debug1: match: OpenSSH_6.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "someIPaddress" from file "/home/burger/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/burger/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01#openssh.com,ssh-rsa-cert-v00#openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01#openssh.com,ssh-rsa-cert-v00#openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ssh-dss-cert-v01#openssh.com,ssh-dss-cert-v00#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib#openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 139/256
debug2: bits set: 481/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA somekey
debug3: load_hostkeys: loading entries for host "someIPaddress" from file "/home/burger/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/burger/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'someIPaddress' is known and matches the RSA host key.
debug1: Found key in /home/burger/.ssh/known_hosts:3
debug2: bits set: 523/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: mykey.pem ((nil))
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: mykey.pem
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA some-key
debug2: we sent a publickey packet, wait for reply
debug1: Authentication succeeded (publickey).
Authenticated to someIPaddress ([someIPaddress]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env rvm_gemsets_path
debug3: Ignored env rvm_scripts_path
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env rvm_bin_path
debug3: Ignored env GEM_HOME
debug3: Ignored env rvm_man_path
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env IRBRC
debug3: Ignored env rvm_user_path
debug3: Ignored env rvm_wrappers_path
debug3: Ignored env WINDOWID
debug3: Ignored env rvm_patches_path
debug3: Ignored env OLDPWD
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env MY_RUBY_HOME
debug3: Ignored env rvm_docs_path
debug3: Ignored env GTK_MODULES
debug3: Ignored env rvm_verbose_flag
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env rvm_gems_cache_path
debug3: Ignored env rvm_config_path
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env rvm_path
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env rvm_debug_flag
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env rvm_prefix
debug3: Ignored env rvm_examples_path
debug3: Ignored env PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env rvm_rubies_path
debug3: Ignored env rvm_loaded_flag
debug3: Ignored env PWD
debug3: Ignored env GNOME_KEYRING_PID
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env UBUNTU_MENUPROXY
debug3: Ignored env rvm_usr_path
debug3: Ignored env GDMSESSION
debug3: Ignored env rvm_version
debug3: Ignored env rvm_src_path
debug3: Ignored env HOME
debug3: Ignored env SHLVL
debug3: Ignored env rvm_gems_path
debug3: Ignored env _JAVA_AWT_WM_NONREPARENTING
debug3: Ignored env rvm_ruby_string
debug3: Ignored env rvm_tmp_path
debug3: Ignored env LOGNAME
debug3: Ignored env GEM_PATH
debug3: Ignored env rvm_lib_path
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env rvm_repos_path
debug3: Ignored env LESSOPEN
debug3: Ignored env rvm_reload_flag
debug3: Ignored env rvm_log_path
debug3: Ignored env rvm_help_path
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env rvm_environments_path
debug3: Ignored env RUBY_VERSION
debug3: Ignored env rvm_archives_path
debug3: Ignored env LESSCLOSE
debug3: Ignored env rvm_user_install_flag
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Fri May 31 14:18:38 2013 from stgt-5f7197c5.pool.mediaways.net
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2013.03-release-notes/
[ec2-user#ip-someIPaddress ~]$
Another cause of this problem (SCP failing where SSH succeeds) is having any message printed to the console during login (e.g. from your .bashrc script)
See also
https://superuser.com/questions/395356/scp-doesnt-work-but-ssh-does
SCP doesn't work when echo in .bashrc?