touch-packages team mailing list archive

Thread
Date
[Bug 1522190] Re: Permission denied (publickey) whereas the public key has been inserted into ~/.ssh/authorized_keys: "usePAM no" issue

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Cesar <chg1@xxxxxxxxxx>
Date: Tue, 12 Jan 2016 16:52:46 -0000
Reply-to: Bug 1522190 <1522190@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
I haven't search for the information as Marc did.
But when I try to connect it says:
Permission denied (publickey).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1522190

Title:
  Permission denied (publickey) whereas the public key has been inserted
  into  ~/.ssh/authorized_keys: "usePAM no" issue

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  Security vulnerability because I cannot use SSH to connect to my Ubuntu host from a Ubuntu guest. Is Telnet the last option?
  However, I can connect through the same port at the same IP address from a Windows 10 guest using the latest WinSCP software.

  OpenSSH Server: 4.2.0-19-generic #23-Ubuntu SMP Wed Nov 11 11:39:30 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
  with openssh-server 6.9p1-2

  OpenSSH client: 4.2.0-19-generic #23-Ubuntu SMP Wed Nov 11 11:39:30 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
  with openssh-client 6.9p1-2

  Trace of the failed SSH connection:
  ----------------------------------------------------
  root@stack:~/.ssh# ssh -v -p xxxx root@172.19.100.1
  OpenSSH_6.9p1 Ubuntu-2, OpenSSL 1.0.2d 9 Jul 2015
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: /etc/ssh/ssh_config line 19: Applying options for *
  debug1: Connecting to 172.19.100.1 [172.19.100.1] port xxxx.
  debug1: Connection established.
  debug1: key_load_private_type: No such file or directory
  debug1: key_load_private_cert: No such file or directory
  debug1: key_load_private_cert: No such file or directory
  debug1: key_load_private_cert: No such file or directory
  debug1: key_load_private_cert: No such file or directory
  debug1: key_load_private_type: No such file or directory
  debug1: key_load_private_type: No such file or directory
  debug1: permanently_set_uid: 0/0
  debug1: identity file /root/.ssh/id_rsa type 1
  debug1: key_load_public: No such file or directory
  debug1: identity file /root/.ssh/id_rsa-cert type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /root/.ssh/id_dsa type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /root/.ssh/id_dsa-cert type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /root/.ssh/id_ecdsa type -1
  debug1: key_load_public: No such file or directory
  debug1: identity file /root/.ssh/id_ecdsa-cert type -1
  debug1: identity file /root/.ssh/id_ed25519 type 4
  debug1: key_load_public: No such file or directory
  debug1: identity file /root/.ssh/id_ed25519-cert type -1
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2
  debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9p1 Ubuntu-2
  debug1: match: OpenSSH_6.9p1 Ubuntu-2 pat OpenSSH* compat 0x04000000
  debug1: Authenticating to 172.19.100.1:xxxx as 'root'
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: server->client aes192-ctr hmac-sha2-256-etm@xxxxxxxxxxx none
  debug1: kex: client->server aes192-ctr hmac-sha2-256-etm@xxxxxxxxxxx none
  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<8192<8192) sent
  debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
  debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
  debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
  debug1: Server host key: ssh-ed25519 SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  debug1: checking without port identifier
  The authenticity of host '[172.19.100.1]:xxxx ([172.19.100.1]:xxxx)' can't be established.
  ED25519 key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Are you sure you want to continue connecting (yes/no)? yes
  Warning: Permanently added '[172.19.100.1]:xxxx' (ED25519) to the list of known hosts.
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug1: SSH2_MSG_NEWKEYS received
  debug1: Roaming not allowed by server
  debug1: SSH2_MSG_SERVICE_REQUEST sent
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  *************************************************************************
                              NOTICE TO USERS

  This computer system is the private property of its owner, whether
  individual, corporate or government.  It is for authorized use only.
  Users (authorized or unauthorized) have no explicit or implicit
  expectation of privacy.

  Any or all uses of this system and all files on this system may be
  intercepted, monitored, recorded, copied, audited, inspected, and
  disclosed to your employer, to authorized site, government, and law
  enforcement personnel, as well as authorized officials of government
  agencies, both domestic and foreign.

  By using this system, the user consents to such interception, monitoring,
  recording, copying, auditing, inspection, and disclosure at the
  discretion of such personnel or officials.  Unauthorized or improper use
  of this system may result in civil and criminal penalties and
  administrative or disciplinary action, as appropriate. By continuing to
  use this system you indicate your awareness of and consent to these terms
  and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
  conditions stated in this warning.
  *************************************************************************
  debug1: Authentications that can continue: publickey
  debug1: Next authentication method: publickey
  debug1: Offering RSA public key: /root/.ssh/id_rsa
  debug1: Authentications that can continue: publickey
  debug1: Trying private key: /root/.ssh/id_dsa
  debug1: Trying private key: /root/.ssh/id_ecdsa
  debug1: Offering ED25519 public key: /root/.ssh/id_ed25519
  debug1: Authentications that can continue: publickey
  debug1: No more authentication methods to try.
  Permission denied (publickey).

  However; on the guest:
  ----------------------------------
  root@stack:~/.ssh# ls -al
  total 40
  drwx------  2 root root 4096 Dec  2 23:58 .
  drwx------ 20 root root 4096 Nov 22 19:47 ..
  -rw-------  1 root root    2 Dec  2 23:58 authorized_keys
  -rw-------  1 root root  464 Dec  2 23:39 id_ed25519
  -rw-r--r--  1 root root   99 Dec  2 23:39 id_ed25519.pub
  -rw-------  1 root root 1766 Dec  2 23:32 id_rsa
  -rw-r--r--  1 root root  399 Dec  2 23:32 id_rsa.pub
  -rw-r--r--  1 root root  142 Dec  2 23:59 known_hosts

  On the server:
  ---------------------
  root@msi-ge60-ubuntu:/etc/ssh# ls -al
  total 308
  drwx------   2 root root   4096 Dec  3 00:22 .
  drwxr-xr-x 192 root root  12288 Dec  2 23:24 ..
  -rw-------   1 root root   1251 Jan 24  2015 banner-warning.txt
  -rw-------   1 root root 263002 Sep 11 11:33 moduli
  -rw-------   1 root root   2448 Dec  2 23:53 ssh_config
  -rw-------   1 root root   3554 Dec  2 18:17 sshd_config
  -rw-------   1 root root    411 Dec  2 18:21 ssh_host_ed25519_key
  -rw-r--r--   1 root root    102 Dec  2 18:21 ssh_host_ed25519_key.pub
  -rw-------   1 root root   1675 Nov 25 17:00 ssh_host_rsa_key
  -rw-------   1 root root    402 Nov 25 17:00 ssh_host_rsa_key.pub
  -rw-------   1 root root    338 Oct 24 22:37 ssh_import_id
  -rw-------   1 root root      0 Nov 25 19:41 ssh_known_hosts

  and regarding the authorized keys for the root account:
  root@msi-ge60-ubuntu:~/.ssh# cat authorized_keys
  ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  KVM-Windows-10

  ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@KVM-DevStack

  ssh-ed25519 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@KVM-
  DevStack

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1522190/+subscriptions