I carefully follow official documentation how to connect to self-hosted GitLab from Windows (tried with VisualStudio and Tower).
But connection is not established.
From Troubleshooting section I run ssh -Tv git#gitlab.mydomain.com and get this:
matjaz.cof#MatjazCof-PC MINGW64 ~
$ ssh -Tv git#gitlab.mydomain.com
OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to gitlab.mydomain.com [*.*.*.*] port 22.
debug1: Connection established.
debug1: identity file /c/Users/matjaz.cof/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug1: Authenticating to gitlab.mydomain.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:hTqVMUtkiM3ngYdEyH4JZ5A7QjY8O3Ih9EFS13AIp84
debug1: Host 'gitlab.mydomain.com' is known and matches the RSA host key.
debug1: Found key in /c/Users/matjaz.cof/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/matjaz.cof/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_dsa
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_ed25519
debug1: Next authentication method: password
git#gitlab.mydomain.com's password:
It outputs
No such file or directory
, but my id_rsa.pub exists:
I added my public key to my profile in GitLab: cat ~/.ssh/id_rsa.pub | clip.
My repository https url is: https://gitlab.mydoamin.com:3000/web/oppis.git and it works (not sure if port matters), but not with SSH.
Edited:
I know path is strange for Windows environment, but I don't know how to fix this. Also when executing ssh-keygen -t rsa -C "your.email#example.com" -b 4096 suggested path for saving keys are "strange": /c/Users/matjaz.cof/.ssh, but files are saved. So I though this should work.
Edited #TarunLalwani
$ ssh -i ~/.ssh/id_rsa -Tv git#gitlab.mydomain
OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to gitlab.mydomain [*.*.*.*] port 22.
debug1: Connection established.
debug1: identity file /c/Users/matjaz.cof/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug1: Authenticating to gitlab.mydomain:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:hTqVMUtkiM3ngYdEyH4JZ5A7QjY8O3Ih9EFS13AIp84
debug1: Host 'gitlab.mydomain' is known and matches the RSA host key.
debug1: Found key in /c/Users/matjaz.cof/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/matjaz.cof/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
git#gitlab.mydomain's password:
Edited #JuanMellado
I found something strange:
debug1: Offering public key: RSA SHA256:w3E6UGqM5x3VniG+sKMxOJiTupmX3N4pwWPt6PW9di8 /c/Users/matjaz.cof/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_dsa
Strange is I have id_rsa.pub and id_rsa files. (They were create with GitBash ssh-keygen -t rsa -C "your.email#example.com" -b 4096)
So I change id_rsa.pub to id_rsa and id_rsa to id_dsa.
Now I get different log (relevant section):
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:w3E6UGqM5x3VniG+sKMxOJiTupmX3N4pwWPt6PW9di8 /c/Users/matjaz.cof/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_dsa
debug3: sign_and_send_pubkey: RSA SHA256:w3E6UGqM5x3VniG+sKMxOJiTupmX3N4pwWPt6PW9di8
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_ecdsa
debug3: no such identity: /c/Users/matjaz.cof/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_ed25519
debug3: no such identity: /c/Users/matjaz.cof/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
git#gitlab.mydomain's password:
Not sure why it tries to send another private key (`id_ecdsa)?
Full log:
$ ssh -v -v -v -t git#gitlab.mydomain
OpenSSH_7.6p1, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "gitlab.mydomain" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to gitlab.mydomain [*.*.*.*] port 22.
debug1: Connection established.
debug1: identity file /c/Users/matjaz.cof/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to gitlab.mydomain:22 as 'git'
debug3: hostkeys_foreach: reading file "/c/Users/matjaz.cof/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /c/Users/matjaz.cof/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from gitlab.mydomain
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,none
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc,none
debug2: MACs ctos: hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1,hmac-md5
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug3: send packet: type 34
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug3: receive packet: type 31
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1018/2048
debug3: send packet: type 32
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug3: receive packet: type 33
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:hTqVMUtkiM3ngYdEyH4JZ5A7QjY8O3Ih9EFS13AIp84
debug3: hostkeys_foreach: reading file "/c/Users/matjaz.cof/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /c/Users/matjaz.cof/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from gitlab.mydomain
debug3: hostkeys_foreach: reading file "/c/Users/matjaz.cof/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /c/Users/matjaz.cof/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from *.*.*.*
debug1: Host 'gitlab.mydomain' is known and matches the RSA host key.
debug1: Found key in /c/Users/matjaz.cof/.ssh/known_hosts:1
debug2: bits set: 1008/2048
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /c/Users/matjaz.cof/.ssh/id_rsa (0x600061260)
debug2: key: /c/Users/matjaz.cof/.ssh/id_dsa (0x0)
debug2: key: /c/Users/matjaz.cof/.ssh/id_ecdsa (0x0)
debug2: key: /c/Users/matjaz.cof/.ssh/id_ed25519 (0x0)
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:w3E6UGqM5x3VniG+sKMxOJiTupmX3N4pwWPt6PW9di8 /c/Users/matjaz.cof/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_dsa
debug3: sign_and_send_pubkey: RSA SHA256:w3E6UGqM5x3VniG+sKMxOJiTupmX3N4pwWPt6PW9di8
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_ecdsa
debug3: no such identity: /c/Users/matjaz.cof/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /c/Users/matjaz.cof/.ssh/id_ed25519
debug3: no such identity: /c/Users/matjaz.cof/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
git#gitlab.mydomain's password:
I can say, I try this on 2 computers, My Windows 10 and Windows Server 2012. Both uses same domain user.
Edited #VonC
C:\Program Files\Git\usr\bin>ssh -i ~/.ssh/id_rsa -Tv git#gitlab.mydomain
OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to gitlab.mydomain [*.*.*.*] port 22.
debug1: Connection established.
debug1: identity file /c/Users/matjaz.cof/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/matjaz.cof/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug1: Authenticating to gitlab.mydomain:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:hTqVMUtkiM3ngYdEyH4JZ5A7QjY8O3Ih9EFS13AIp84
debug1: Host 'gitlab.mydomain' is known and matches the RSA host key.
debug1: Found key in /c/Users/matjaz.cof/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/matjaz.cof/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
git#gitlab.mydomain's password:
Strange is that /c/Users/matjaz.cof/.ssh/id_rsa is not found, but /c/Users/matjaz.cof/.ssh/known_hosts is.
I have 3 files in c:\Users\matjaz.cof\.ssh\:
id_dsa
id_rsa
known_hosts
Edited #TarunLalwani
C:\Program Files\Git\usr\bin>ls -al /c/Users/matjaz.cof/.ssh/
total 25
drwxr-xr-x 1 matjaz.cof 1049089 0 Feb 20 08:49 .
drwxr-xr-x 1 matjaz.cof 1049089 0 Feb 16 09:24 ..
-rw-r--r-- 1 matjaz.cof 1049089 3243 Feb 20 08:45 id_rsa
-rw-r--r-- 1 matjaz.cof 1049089 744 Feb 20 08:45 id_rsa.pub
-rw-r--r-- 1 matjaz.cof 1049089 410 Feb 20 08:49 known_hosts
Problem was in firewall. I forget to set Harpin NAT.
My firewall allowed me to connect to port 22. I also route port 22 to GitLab machine IP. But forget to set Harpin NAT.
That means If my public IP is 1.2.3.4(gitlab.mydomain.com) I could connect to gitlab.mydomain.com from any public IP except (1.2.3.4).
Router didn't know what to do with packets, because LAN machine tries to connect to another LAN machine via the external IP address. (WIKI)
As discussed on chat, this turns out to be a firewall problem at your office. Your firewall probably blocks outgoing connections on port 22 to other server.
This is the main reason for not being able to reach to the SSH server and that is why it works from your home network and not from office
Related
When I fire the command "ssh localhost", I am always getting asked for password.
partha#Parthas-MBP ~ % ssh localhost
(partha#localhost) Password:
I have given proper rights to all files under "~/.ssh/" folder
partha#Parthas-MBP ~ % ls -lrt ~/.ssh/*
-rwxrwxr-x 1 partha staff 2610 May 15 15:17 /Users/partha/.ssh/id_rsa
-rwxrwxr-x 1 partha staff 572 May 15 15:17 /Users/partha/.ssh/id_rsa.pub
-rwxrwxr-x 1 partha staff 572 May 15 15:17 /Users/partha/.ssh/authorized_keys
-rwxrwxr-x 1 partha staff 91 May 15 15:18 /Users/partha/.ssh/known_hosts.old
-rwxrwxr-x 1 partha staff 825 May 15 15:18 /Users/partha/.ssh/known_hosts
The complete verbose log is as below.
partha#Parthas-MBP ~ % ssh -vvv localhost
OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/partha/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/partha/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to localhost port 22.
debug1: Connection established.
debug1: identity file /Users/partha/.ssh/id_rsa type 0
debug1: identity file /Users/partha/.ssh/id_rsa-cert type -1
debug1: identity file /Users/partha/.ssh/id_dsa type -1
debug1: identity file /Users/partha/.ssh/id_dsa-cert type -1
debug1: identity file /Users/partha/.ssh/id_ecdsa type -1
debug1: identity file /Users/partha/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/partha/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/partha/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/partha/.ssh/id_ed25519 type -1
debug1: identity file /Users/partha/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/partha/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/partha/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/partha/.ssh/id_xmss type -1
debug1: identity file /Users/partha/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.6
debug1: compat_banner: match: OpenSSH_8.6 pat OpenSSH* compat 0x04000000
debug3: fd 6 is O_NONBLOCK
debug1: Authenticating to localhost:22 as 'partha'
debug3: record_hostkey: found key type ED25519 in file /Users/partha/.ssh/known_hosts:1
debug3: record_hostkey: found key type RSA in file /Users/partha/.ssh/known_hosts:2
debug3: record_hostkey: found key type ECDSA in file /Users/partha/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 3 keys from localhost
debug1: load_hostkeys: fopen /Users/partha/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01#openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519#openssh.com,sk-ecdsa-sha2-nistp256#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:vQ9e/Je46T5XXO4ar2I6IeaJHbZ2lQfJkFm/qy85JHc
debug3: record_hostkey: found key type ED25519 in file /Users/partha/.ssh/known_hosts:1
debug3: record_hostkey: found key type RSA in file /Users/partha/.ssh/known_hosts:2
debug3: record_hostkey: found key type ECDSA in file /Users/partha/.ssh/known_hosts:3
debug3: load_hostkeys_file: loaded 3 keys from localhost
debug1: load_hostkeys: fopen /Users/partha/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'localhost' is known and matches the ED25519 host key.
debug1: Found key in /Users/partha/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/partha/.ssh/id_rsa RSA SHA256:97SoRQEsHc2Yixc4X+QfE1c+PKJMpFbE/vjAqjJUNcM
debug1: Will attempt key: /Users/partha/.ssh/id_dsa
debug1: Will attempt key: /Users/partha/.ssh/id_ecdsa
debug1: Will attempt key: /Users/partha/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/partha/.ssh/id_ed25519
debug1: Will attempt key: /Users/partha/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/partha/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com,webauthn-sk-ecdsa-sha2-nistp256#openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/partha/.ssh/id_rsa RSA SHA256:97SoRQEsHc2Yixc4X+QfE1c+PKJMpFbE/vjAqjJUNcM
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /Users/partha/.ssh/id_dsa
debug3: no such identity: /Users/partha/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /Users/partha/.ssh/id_ecdsa
debug3: no such identity: /Users/partha/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/partha/.ssh/id_ecdsa_sk
debug3: no such identity: /Users/partha/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /Users/partha/.ssh/id_ed25519
debug3: no such identity: /Users/partha/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /Users/partha/.ssh/id_ed25519_sk
debug3: no such identity: /Users/partha/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /Users/partha/.ssh/id_xmss
debug3: no such identity: /Users/partha/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req: entering
debug2: input_userauth_info_req: num_prompts 1
(partha#localhost) Password:
Delete the ssh key you have now and create a new one using ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa to create a passwordless one
https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SingleCluster.html
I have set up a Kerberos cluster with docker containers as such:
One container runs the KDC.
One container has SSH server.
One container has SSH client.
Server setup
I create a service principal host/krb5-service.myexample.com for the server, create a keytab with that principal and places it in the krb5-server container.
I also created a user in the krb-server container named "yoav" - Don't know if that's necessary..
Client setup
I also create a client principal john. Then I run kinit yoav inside the krb5-client container.
Now I try to connect with SSH from the client to the server
$ ssh yoav#krb5-server.myexample.com
That's what I get as output:
# KRB5_TRACE=/dev/stdout ssh -vvv -o PreferredAuthentications=gssapi-with-mic yoav#krb5-server.myexample.com
OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "krb5-server.myexample.com" port 22
debug2: ssh_connect_direct
debug1: Connecting to krb5-server.myexample.com [172.21.0.2] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to krb5-server.myexample.com:22 as 'yoav'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from krb5-server.myexample.com
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256#openssh.com,ssh-ed25519,sk-ssh-ed25519#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:5Mill1PYxkf1X/hHoMQfbbx4h/QSsRZv5/xaCAuJbsY
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from krb5-server.myexample.com
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 172.21.0.2
debug1: Host 'krb5-server.myexample.com' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred:
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
[50] 1643800420.264240: ccselect module realm chose cache FILE:/tmp/krb5cc_0 with client principal yoav#MYEXAMPLE.COM for server principal host/krb5-server.myexample.com#MYEXAMPLE.COM
[50] 1643800420.264241: Getting credentials yoav#MYEXAMPLE.COM -> host/krb5-server.myexample.com#MYEXAMPLE.COM using ccache FILE:/tmp/krb5cc_0
[50] 1643800420.264242: Retrieving yoav#MYEXAMPLE.COM -> host/krb5-server.myexample.com#MYEXAMPLE.COM from FILE:/tmp/krb5cc_0 with result: 0/Success
[50] 1643800420.264244: Creating authenticator for yoav#MYEXAMPLE.COM -> host/krb5-server.myexample.com#MYEXAMPLE.COM, seqnum 138014910, subkey aes256-cts/1E83, session key aes256-cts/5566
debug3: send packet: type 50
debug2: we sent a gssapi-with-mic packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
[50] 1643800420.264251: ccselect module realm chose cache FILE:/tmp/krb5cc_0 with client principal yoav#MYEXAMPLE.COM for server principal host/krb5-server.myexample.com#MYEXAMPLE.COM
[50] 1643800420.264252: Getting credentials yoav#MYEXAMPLE.COM -> host/krb5-server.myexample.com#MYEXAMPLE.COM using ccache FILE:/tmp/krb5cc_0
[50] 1643800420.264253: Retrieving yoav#MYEXAMPLE.COM -> host/krb5-server.myexample.com#MYEXAMPLE.COM from FILE:/tmp/krb5cc_0 with result: 0/Success
[50] 1643800420.264255: Getting credentials yoav#MYEXAMPLE.COM -> host/krb5-server.myexample.com#MYEXAMPLE.COM using ccache FILE:/tmp/krb5cc_0
[50] 1643800420.264256: Retrieving yoav#MYEXAMPLE.COM -> host/krb5-server.myexample.com#MYEXAMPLE.COM from FILE:/tmp/krb5cc_0 with result: 0/Success
[50] 1643800420.264258: Creating authenticator for yoav#MYEXAMPLE.COM -> host/krb5-server.myexample.com#MYEXAMPLE.COM, seqnum 1058679402, subkey aes256-cts/87DD, session key aes256-cts/5566
debug3: send packet: type 50
debug2: we sent a gssapi-with-mic packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
yoav#krb5-server.myexample.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
NOTE: I have a server and client C applications that perform Kerberos authentication, and that works fine, so the problem is not with the setup of the cluster...
Reference: You can look at the code here: https://github.com/yoav-klein/kerberos
I'm trying to use Gitlab for the first time, and have been trying to set up my account to automatically ssh in. I've followed instructions and tried many different times, but no matter what, I can't ssh to gitlab properly.
I've tried deleting my id_rsa and id_rsa.pub files and regenerating keys, using the command line to copy the contents of id_rsa.pub to my Gitlab user settings (both with a newline and no newline at the end of the paste). I added my key using ssh-add. I'm running ssh -vvvv git#gitlab.com for verbosity and I just cannot connect succesfully for the life of me.
OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "gitlab.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to gitlab.com [35.231.145.151] port 22.
debug1: Connection established.
debug1: identity file /home/jihan/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jihan/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jihan/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jihan/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jihan/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jihan/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jihan/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jihan/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to gitlab.com:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/jihan/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/jihan/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from gitlab.com
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw
debug3: hostkeys_foreach: reading file "/home/jihan/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/jihan/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from gitlab.com
debug3: hostkeys_foreach: reading file "/home/jihan/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/jihan/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from 35.231.145.151
debug1: Host 'gitlab.com' is known and matches the ECDSA host key.
debug1: Found key in /home/jihan/.ssh/known_hosts:3
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/jihan/.ssh/id_rsa (0x55e032d43000), agent
debug2: key: jihany#nvidia.com (0x55e032d363a0), agent
debug2: key: /home/jihan/.ssh/id_dsa ((nil))
debug2: key: /home/jihan/.ssh/id_ecdsa ((nil))
debug2: key: /home/jihan/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jihan/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: jihany#nvidia.com
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/jihan/.ssh/id_dsa
debug3: no such identity: /home/jihan/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/jihan/.ssh/id_ecdsa
debug3: no such identity: /home/jihan/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/jihan/.ssh/id_ed25519
debug3: no such identity: /home/jihan/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
It has to be some small dumb mistake somewhere, but I just can't figure it out. If it helps, when I do ssh-add -l, my fingerprints look like a hash for some reason.
Do check that:
when you copy the public key in your GitLab settings profile, it is copied as one line
when you generate your RSA SSH key, you use the old legacy profile (in case the new OPENSSH one with 70 chars per line is not well interpreted)
That is
ssh-keygen -m PEM -t rsa -P "
I am trying to ssh to my home router from local network, to explore it's internals.
shh myaccount#192.168.1.1
returns an error:
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
To fix it, I ssh with -o option:
ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 myaccount#192.168.1.1 -v
At first, ssh hangs for around 5 minutes and than quits.
ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 myaccount#192.168.1.1 -v
OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2l 25 May 2017
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /Users/mainuser/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1-hpn14v11
debug1: Remote protocol version 2.0, remote software version dropbear_0.46
debug1: no match: dropbear_0.46
debug1: Authenticating to 192.168.1.1:22 as 'myaccount'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: REQUESTED ENC.NAME is '3des-cbc'
debug1: kex: server->client cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: REQUESTED ENC.NAME is '3des-cbc'
debug1: kex: client->server cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: ssh-rsa SHA256:longstringhere(omitted by me)
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /Users/mainuser/.ssh/known_hosts:14
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/mainuser/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/mainuser/.ssh/id_dsa
debug1: Trying private key: /Users/mainuser/.ssh/id_ecdsa
debug1: Trying private key: /Users/mainuser/.ssh/id_ed25519
debug1: Next authentication method: password
I type in password here. It follows a 5min delay with no messages on screen, and after that it outputs this:
debug1: Authentication succeeded (password).
Authenticated to 192.168.1.1 ([192.168.1.1]:22).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug1: Entering interactive session.
debug1: pledge: network
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.1.1 closed by remote host.
Connection to 192.168.1.1 closed.
Transferred: sent 2256, received 744 bytes, in 0.0 seconds
Bytes per second: sent 5815826.6, received 1917985.4
debug1: Exit status -1
What is going on? I don't see any error message. This is my first time trying to ssh to home router, so it might not be possible at all. Whats your experience with ssh-ing to home routers?
-vvv outout
ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 myaccount#192.168.1.1 -vvv
OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2l 25 May 2017
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: resolving "192.168.1.1" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /Users/mainuser/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mainuser/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1-hpn14v11
debug1: Remote protocol version 2.0, remote software version dropbear_0.46
debug1: no match: dropbear_0.46
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.1:22 as 'myaccount'
debug3: hostkeys_foreach: reading file "/Users/mainuser/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/mainuser/.ssh/known_hosts:14
debug3: load_hostkeys: loaded 1 keys from 192.168.1.1
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: 3des-cbc
debug2: ciphers stoc: 3des-cbc
debug2: MACs ctos: hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1,hmac-md5
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: REQUESTED ENC.NAME is '3des-cbc'
debug1: kex: server->client cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: REQUESTED ENC.NAME is '3des-cbc'
debug1: kex: client->server cipher: 3des-cbc MAC: hmac-sha1 compression: none
debug1: sending SSH2_MSG_KEXDH_INIT
debug2: bits set: 502/1024
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:verylongstring(omitted by me)
debug3: hostkeys_foreach: reading file "/Users/mainuser/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/mainuser/.ssh/known_hosts:14
debug3: load_hostkeys: loaded 1 keys from 192.168.1.1
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /Users/mainuser/.ssh/known_hosts:14
debug2: bits set: 526/1024
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /Users/mainuser/.ssh/id_rsa (0x7fb137407a10)
debug2: key: /Users/mainuser/.ssh/id_dsa (0x0)
debug2: key: /Users/mainuser/.ssh/id_ecdsa (0x0)
debug2: key: /Users/mainuser/.ssh/id_ed25519 (0x0)
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/mainuser/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/mainuser/.ssh/id_dsa
debug3: no such identity: /Users/mainuser/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /Users/mainuser/.ssh/id_ecdsa
debug3: no such identity: /Users/mainuser/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/mainuser/.ssh/id_ed25519
debug3: no such identity: /Users/mainuser/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
myaccount#192.168.1.1's password:
waiting here
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to 192.168.1.1 ([192.168.1.1]:22).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug3: send packet: type 1
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t3 r-1 i0/0 o0/0 fd 4/5 cc -1)
Connection to 192.168.1.1 closed by remote host.
Connection to 192.168.1.1 closed.
Transferred: sent 2256, received 744 bytes, in 0.0 seconds
Bytes per second: sent 4538297.3, received 1496672.5
debug1: Exit status -1
I am able to login to my virtual server as root as well as username naveed through password-less SSH. I have to run Hadoop on it, for that purpose I have created private and public keys in my remote ssh directory and also added public key to authorized_keys file.
But when I do ssh comquest it asks for password. Comquest is hostname of my remote server.
Below are my permissions info:
naveed#comquest:~$ stat -c "%a %n" ~/.ssh
755 /home/naveed/.ssh
naveed#comquest:~$ stat -c "%a %n" ~/.ssh/authorized_keys
644 /home/naveed/.ssh/authorized_keys
Below is the error I got with naveed#comquest:$ ssh -vvv comquest
naveed#comquest:/usr/local/hadoop$ ssh -vvv comquest
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "comquest" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to comquest [173.82.212.48] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/naveed/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/naveed/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/naveed/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/naveed/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/naveed/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/naveed/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/naveed/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/naveed/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to comquest:22 as 'naveed'
debug3: hostkeys_foreach: reading file "/home/naveed/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/naveed/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from comquest
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:jad0RkXVMVxVyKD+9eY7abnSnUEz31nn+IMCfVUk7CA
debug3: hostkeys_foreach: reading file "/home/naveed/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/naveed/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from comquest
debug3: hostkeys_foreach: reading file "/home/naveed/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/naveed/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from 173.82.212.48
debug1: Host 'comquest' is known and matches the RSA host key.
debug1: Found key in /home/naveed/.ssh/known_hosts:2
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/naveed/.ssh/id_rsa ((nil))
debug2: key: /home/naveed/.ssh/id_dsa ((nil))
debug2: key: /home/naveed/.ssh/id_ecdsa ((nil))
debug2: key: /home/naveed/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
CloudCone LLC
-----------------------------------------------
KVM Cloud Server Ubuntu 16.04.3 LTS
-----------------------------------------------
Service Status status.cloudcone.com
Client Area & Help Desk app.cloudcone.com
FAQs and Documentation help.cloudcone.com
-- NOTICE ---------------------------------------------------------------
This computer system is for authorized users only. Individuals using this
system without authority or in excess of their authority are subject to
having all their activities on this system monitored and recorded or
examined by any authorized person, including law enforcement, as system
personnel deem appropriate. In the course of monitoring individuals
improperly using the system or in the course of system maintenance, the
activities of authorized users may also be monitored and recorded. Any
material so recorded may be disclosed as appropriate. Anyone using this
system consents to these terms.
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/naveed/.ssh/id_rsa
debug3: no such identity: /home/naveed/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/naveed/.ssh/id_dsa
debug3: no such identity: /home/naveed/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/naveed/.ssh/id_ecdsa
debug3: no such identity: /home/naveed/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/naveed/.ssh/id_ed25519
debug3: no such identity: /home/naveed/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
naveed#comquest's password:
Below are the contents of my remote ~/.ssh folder:
naveed#comquest:~$ ls ~/.ssh
authorized_keys known_hosts local local.pub
local and local.pub are keys generated by naveed#comquest to access comquest. local.pub is added to authorized_keys.
Your private key is in a file named local, but that's not a name that ssh looks for (by default). Your ssh -vvv output shows that it's only looking for the default key filenames, such as id_rsa and id_dsa.
Either rename your local and local.pub files to match the expected naming convention (e.g. id_rsa or whatever, depending on what type of key it is), or add -o IdentityFile=~/.ssh/local to your ssh command line.