home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   alt.os.linux      Getting to be as bloated as Windows!      107,822 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 106,397 of 107,822   
   Java Jive to Richard Kettlewell   
   Re: Can log in to server using public ke   
   25 Aug 24 02:07:38   
   
   XPost: uk.comp.os.linux   
   From: java@evij.com.invalid   
      
   On 24/08/2024 15:29, Richard Kettlewell wrote:   
   >   
   > Java Jive  writes:   
   >>   
   >> On 24/08/2024 09:51, Richard Kettlewell wrote:   
   >>> Java Jive  writes:   
   >>>>   
   >>>> As per subject, I have a number of Windows 7 PCs which are running an   
   >>>> old-ish 32-bit version of ssh via CygWin and PuTTy.  Several of these   
   >      ^^^^^^^   
   >   
   > What version exactly?   
      
   >ssh -v   
   OpenSSH_5.1p1, OpenSSL 0.9.8i 15 Sep 2008   
   usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]   
               [-D [bind_address:]port] [-e escape_char] [-F configfile]   
               [-i identity_file] [-L [bind_address:]port:host:hostport]   
               [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]   
               [-R [bind_address:]port:host:hostport] [-S ctl_path]   
               [-w local_tun[:remote_tun]] [user@]hostname [command]   
      
   >>>> debug1: Offering public key: /user/.ssh/id_rsa.pub RSA SHA256:>>> unknown key, not the one in id_rsa or id_rsa.pub> explicit   
   >>>> debug1: send_pubkey_test: no mutual signature algorithm   
   >>> The server did not accept your key.   
   >>   
   >> Really odd, seeing it accepts exactly the same key from Windows 7 and   
   >> formerly Ubuntu 18.   
   >   
   > If the client is attempted SHA1-based signature that would probably also   
   > be rejected by a modern server. I’m not convinced that’s a likely   
   > explanation since based on the debug trace it is using SHA256 key hashes   
   > and understands SHA2 ECDSA signatures.   
   >   
   > At this point I’d be reaching for server-side debug logging to shed some   
   > light on why the server doesn’t like your key (or at least the signature   
   > it makes).   
      
   This is what the failure looks like from the server with maximum   
   debugging options:   
      
   ~ # /opt/sbin/sshd -D -d -d -d   
   debug2: load_server_config: filename /opt/etc/openssh/sshd_config   
   debug2: load_server_config: done config len = 200   
   debug2: parse_server_config: config /opt/etc/openssh/sshd_config len 200   
   debug3: /opt/etc/openssh/sshd_config:50 setting AuthorizedKeysFile   
   .ssh/authorized_keys   
   debug3: /opt/etc/openssh/sshd_config:115 setting Subsystem sftp   
   /opt/libexec/sftp-server   
   debug3: RNG is ready, skipping seeding   
   debug1: sshd version OpenSSH_5.9p1   
   debug3: Incorrect RSA1 identifier   
   debug1: read PEM private key done: type RSA   
   debug1: private host key: #0 type 1 RSA   
   debug3: Incorrect RSA1 identifier   
   debug1: read PEM private key done: type DSA   
   debug1: private host key: #1 type 2 DSA   
   debug3: Incorrect RSA1 identifier   
   debug1: read PEM private key done: type ECDSA   
   debug1: private host key: #2 type 3 ECDSA   
   debug1: rexec_argv[0]='/opt/sbin/sshd'   
   debug1: rexec_argv[1]='-D'   
   debug1: rexec_argv[2]='-d'   
   debug1: rexec_argv[3]='-d'   
   debug1: rexec_argv[4]='-d'   
   debug3: oom_adjust_setup   
   Set /proc/self/oom_adj from 0 to -17   
   debug2: fd 3 setting O_NONBLOCK   
   debug1: Bind to port 22 on 0.0.0.0.   
   Server listening on 0.0.0.0 port 22.   
   socket: Address family not supported by protocol   
   debug3: fd 4 is not O_NONBLOCK   
   debug1: Server will not fork when running in debugging mode.   
   debug3: send_rexec_state: entering fd = 7 config len 200   
   debug3: ssh_msg_send: type 0   
   debug3: send_rexec_state: done   
   debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7   
   debug1: inetd sockets after dupping: 3, 3   
   Connection from [IP_Address] port 40078   
   debug1: Client protocol version 2.0; client software version   
   OpenSSH_8.9p1 Ubuntu-3ubuntu0.10   
   debug1: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH*   
   debug1: Enabling compatibility mode for protocol 2.0   
   debug1: Local version string SSH-2.0-OpenSSH_5.9   
   debug2: fd 3 setting O_NONBLOCK   
   debug2: Network child is on pid 5749   
   debug3: preauth child monitor started   
   debug3: privsep user:group 99:99 [preauth]   
   debug1: permanently_set_uid: 99/99 [preauth]   
   debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp521 [preauth]   
   debug1: SSH2_MSG_KEXINIT sent [preauth]   
   debug1: SSH2_MSG_KEXINIT received [preauth]   
   debug2: kex_parse_kexinit:   
   ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-   
   ellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,   
   iffie-hellman-group14-sha1,diffie-hellman-group1-sha1   
   [preauth]   
   debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp521 [preauth]   
   debug2: kex_parse_kexinit:   
   aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cb   
   ,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour   
   rijndael-cbc@lysator.liu.se   
   [preauth]   
   debug2: kex_parse_kexinit:   
   aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cb   
   ,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour   
   rijndael-cbc@lysator.liu.se   
   [preauth]   
   debug2: kex_parse_kexinit:   
   hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-2   
   6-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd16   
   @openssh.com,hmac-sha1-96,hmac-md5-96   
   [preauth]   
   debug2: kex_parse_kexinit:   
   hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-2   
   6-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd16   
   @openssh.com,hmac-sha1-96,hmac-md5-96   
   [preauth]   
   debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]   
   debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]   
   debug2: kex_parse_kexinit:  [preauth]   
   debug2: kex_parse_kexinit:  [preauth]   
   debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]   
   debug2: kex_parse_kexinit: reserved 0  [preauth]   
   debug2: kex_parse_kexinit:   
   curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp25   
   ,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@op   
   nssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-gro   
   p16-sha512,diffie-hellman-group18-sha512,diffie-hellman-   
   group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com   
   [preauth]   
   debug2: kex_parse_kexinit:   
   ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp521,ssh   
   ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openss   
   .com,ecdsa-sha2-nistp384-cert-v01@openssh.com,sk-ssh-ed25519-cer   
   -v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.   
   com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@open   
   sh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,sk-ss   
   -ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2   
   512,rsa-sha2-256   
   [preauth]   
   debug2: kex_parse_kexinit:   
   chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,a   
   s128-gcm@openssh.com,aes256-gcm@openssh.com   
   [preauth]   
   debug2: kex_parse_kexinit:   
   chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,a   
   s128-gcm@openssh.com,aes256-gcm@openssh.com   
   [preauth]   
   debug2: kex_parse_kexinit:   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca