1. Forum
  2. Usenet
  3. UK.COMP.OS.LINUX

  • Can log in to server using public key file from Windows 7, but same key

    From Java Jive@21:1/5 to All on Sat Aug 24 00:18:28 2024
    XPost: alt.os.linux

    As per subject, I have a number of Windows 7 PCs which are running an
    old-ish 32-bit version of ssh via CygWin and PuTTy. Several of these
    machines dual-boot between Windows and Ubuntu22. I also have a number
    of servers and network media players, 4 pretty old, 2 much newer.

    The machines running under Windows can log into the old servers via the
    old-ish 32-bit ssh and Cygwin using a public key file, no password is
    required, but to log into the newer servers, I have to use PuTTy.

    However, when booted into Ubuntu 22 none of the machines, even though
    they're using the *SAME* key files, can login in using just these public
    keys, a password is requested for both old and new servers. I never had
    this problem with Ubuntu 18.

    I've checked all the usual suspects:

    + The id_rsa* copied into ~/.ssh are identical to those used by the
    Windows builds.

    + The ~/.ssh directory (700) and the files within it (600) all have
    the correct ownership and permissions.

    Suitably anonymised, trying to force using a key file with the following command ...

    ssh -i /user/.ssh/id_rsa.pub -v -E ssh.log -o 'PubkeyAuthentication yes'
    -o 'PasswordAuthentication no' user@server

    ... results in the output appended. Can anyone help explain what is
    going wrong and help fix the problem? My first suspicion is that a
    newer version of ssh in the Ubuntu 22 builds is not accepting the older
    keys accepted by Ubuntu 18, so, if this is true, I need to know what configuration changes to make in /etc/ssh_config to get backward
    compatibility. Nothing leaps out at me from reading the online manual
    and so far searches have produced the usual advice about how to set up
    public key use, and the standard advice to try when it goes wrong, all
    of which I've done. I've not yet found anything covering this exact
    situation.

    Debug output:

    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: include
    /etc/ssh/ssh_config.d/*.conf matched no files
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug1: Connecting to server [IP Address] port 22.
    debug1: Connection established.
    debug1: identity file /user/.ssh/id_rsa.pub type 0
    debug1: identity file /user/.ssh/id_rsa.pub-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9 debug1: compat_banner: match: OpenSSH_5.9 pat OpenSSH_5* compat 0x0c000002 debug1: Authenticating to server:22 as 'user'
    debug1: load_hostkeys: fopen /user/.ssh/known_hosts2: No such file or
    directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: ecdh-sha2-nistp256
    debug1: kex: host key algorithm: ecdsa-sha2-nistp521
    debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
    debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: SSH2_MSG_KEX_ECDH_REPLY received
    debug1: Server host key: <anonymised> SHA256:<anonymised>
    debug1: load_hostkeys: fopen /user/.ssh/known_hosts2: No such file or
    directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
    debug1: Host 'server' is known and matches the ECDSA host key.
    debug1: Found key in /user/.ssh/known_hosts:7
    debug1: rekey out after 4294967296 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey in after 4294967296 blocks
    debug1: get_agent_identities: bound agent to hostkey
    debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
    debug1: Will attempt key: /user/.ssh/id_rsa.pub RSA SHA256:<an unknown
    key, not the one in id_rsa or id_rsa.pub> explicit
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering public key: /user/.ssh/id_rsa.pub RSA SHA256:<same
    unknown key, not the one in id_rsa or id_rsa.pub> explicit
    debug1: send_pubkey_test: no mutual signature algorithm
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: No more authentication methods to try.
    user@server: Permission denied (publickey,password,keyboard-interactive).



    However, the same key file
    --

    Fake news kills!

    I may be contacted via the contact address given on my website:
    www.macfh.co.uk

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)