Can't commit as my ssh key seems to be not recognized
Hi,
I try to follow the launchpad guide with gnuhello project test.
When i try to push the code, I received this error;
$ bzr push bzr+ssh://<email address hidden>
Permission denied (publickey).
bzr: ERROR: Connection closed: please check connectivity and permissions (and try -Dhpss if further diagnosis is required)
But my public ssh key (stored in ~/.ssh/id_dsa.pub) is the right one, corresponding to the one registered on launchpad (The passphrase as already been unlock as I use also it to authentificate to others servers).
I tried also to connect directly to launchpad ssh server:
$ ssh -vvv <email address hidden>/
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
ssh: bazaar.
Do you have any idea about this issue ?
Thanks
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Bazaar Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Didier Roche-Tolomelli
- Solved:
- Last query:
- Last reply:
Revision history for this message
|
#1 |
To test direct connections, you need to use:
ssh -vvv <email address hidden>
(no trailing slash)
Because this is a DSA key, it is possible that LP no longer accepts that key. There was a recent vulnerability for ssh keys generated with certain versions of openssh (mostly debian based ones.)
Also, LP probably won't let you ssh in directly, but you could try "sftp <email address hidden>".
My guess is that you need to generate an 'rsa' key (using ssh-keygen), and add that to your ssh keys
I *do* see a key listed here:
https:/
So it might be something else.
Revision history for this message
|
#2 |
Hi, and thank for your answer.
My dsa key has been regenerated after the debian OpenSSL vulnerability and corresponds to the one you show in the link, so I think my key is not backlisted.
Do you thing that LP doesn't take DSA key, even it is not specified?
I tried a direct test connection again:
$ ssh -vvv <email address hidden>
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to bazaar.
debug1: Connection established.
debug1: identity file /home/didrocks/
debug1: identity file /home/didrocks/
debug3: Not a RSA1 key file /home/didrocks/
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/didrocks/
debug1: Remote protocol version 2.0, remote software version Twisted
debug1: no match: Twisted
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-
debug2: kex_parse_kexinit: aes128-
debug2: kex_parse_kexinit: hmac-md5,
debug2: kex_parse_kexinit: hmac-md5,
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes256-
debug2: kex_parse_kexinit: aes256-
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 502/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_
debug3: check_host_
debug3: check_host_
debug3: check_host_
debug3: check_host_
debug1: Host 'bazaar.
debug1: Found key in /home/didrocks/
debug2: bits set: 531/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_
debug2: key: /home/didrocks/
debug2: key: /home/didrocks/
debug2: key: /home/didrocks/
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-
debug3: authmethod_
debug1: Next authentication method: publickey
debug1: Offering public key: /home/didrocks/
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/didrocks/
debug3: no such identity: /home/didrocks/
debug1: Trying private key: /home/didrocks/
debug3: no such identity: /home/didrocks/
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
So, it seems to find the dsa key...
Another test :
$ sftp <email address hidden>
Connecting to bazaar.
Permission denied (publickey).
Couldn't read packet: Connection reset by peer
Same error... Do you have an idea of what's going wrong?
Revision history for this message
|
#3 |
I know that Canonical's other machines have chosen to deny all DSA keys. They may have done the same for Launchpad. My understanding is that they cannot tell whether a DSA key is vulnerable or not, and that if you connected to a vulnerable host with a DSA key, then your key could be compromised.
Looking at the verbose connection, I can see that it is *not* trying your DSA key. It tries:
debug1: Next authentication method: publickey
debug1: Offering public key: /home/didrocks/
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/didrocks/
debug3: no such identity: /home/didrocks/
debug1: Trying private key: /home/didrocks/
debug3: no such identity: /home/didrocks/
but it is not accepted.
So it looks like you need to create an RSA key, after all.
Revision history for this message
|
#4 |
That's right, the RSA key finally work :)
Revision history for this message
|
#5 |
Hi !
I have a similar problem. Here's the output of "ssh -vvv <email address hidden>"
OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to bazaar.
debug1: Connection established.
debug1: identity file /home/antoine/
debug1: identity file /home/antoine/
debug1: identity file /home/antoine/
debug1: Remote protocol version 2.0, remote software version Twisted
debug1: no match: Twisted
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-
debug2: kex_parse_kexinit: aes128-
debug2: kex_parse_kexinit: hmac-md5,
debug2: kex_parse_kexinit: hmac-md5,
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes256-
debug2: kex_parse_kexinit: aes256-
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: dh_gen_key: priv key bits set: 131/256
debug2: bits set: 501/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_
debug3: check_host_
debug3: check_host_
debug3: check_host_
debug3: check_host_
debug1: Host 'bazaar.
debug1: Found key in /home/antoine/
debug2: bits set: 523/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_
debug2: key: /home/antoine/
debug2: key: /home/antoine/
debug2: key: /home/antoine/
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-
debug3: authmethod_
debug1: Next authentication method: publickey
debug1: Trying private key: /home/antoine/
debug3: no such identity: /home/antoine/
debug1: Trying private key: /home/antoine/
debug3: no such identity: /home/antoine/
debug1: Trying private key: /home/antoine/
debug3: no such identity: /home/antoine/
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
Is it a problem of email address? I have two registred emails on launchpad antoine AT pairet DOT be and lists AT pairet DOT be.
Revision history for this message
|
#6 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antoine Pairet wrote:
> Question #36322 on Bazaar changed:
> https:/
>
> Antoine Pairet posted a new comment:
> Hi !
> I have a similar problem. Here's the output of "ssh -vvv <email address hidden>"
You seem to have one key registered here:
https:/
...
> debug1: identity file /home/antoine/
> debug1: identity file /home/antoine/
> debug1: identity file /home/antoine/
^- Does this mean that these files don't exist?
> debug2: key: /home/antoine/
> debug2: key: /home/antoine/
> debug2: key: /home/antoine/
> debug1: Authentications that can continue: publickey
> debug3: start over, passed a different list publickey
> debug3: preferred gssapi-
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-
> debug3: authmethod_
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/antoine/
> debug3: no such identity: /home/antoine/
> debug1: Trying private key: /home/antoine/
> debug3: no such identity: /home/antoine/
> debug1: Trying private key: /home/antoine/
> debug3: no such identity: /home/antoine/
> debug2: we did not send a packet, disable method
> debug1: No more authentication methods to try.
> Permission denied (publickey).
>
> Is it a problem of email address? I have two registred emails on
> launchpad antoine AT pairet DOT be and lists AT pairet DOT be.
>
If I read that correctly, you don't have any ssh private keys locally. I
don't know what ssh-key you *do* have registered.
Perhaps you should use "ssh-keygen" to generate a new key, and then
upload the corresponding ~/.ssh/id_rsa.pub file, so that the new key is
also authorized to access your launchpad account.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://
iEYEARECAAYFAkm
Tv8An169VvBJk7b
=5QEx
-----END PGP SIGNATURE-----
Revision history for this message
|
#7 |
Great! Thank you, you solved my problem.
Here's the content of my .ssh folder before creating a new ssh key:
-rw------- 1 antoine antoine 0 2009-02-10 23:03 authorized_keys
-rw------- 1 antoine antoine 1743 2008-11-05 02:00 key
-rw-r--r-- 1 antoine antoine 397 2008-11-05 02:00 key.pub
-rw-r--r-- 1 antoine antoine 1793 2008-11-08 11:21 known_hosts
-rw------- 1 antoine antoine 396 2009-02-10 23:03 other_keys.seahorse
After running ssh-keygen, two new files are created. I uploaded ~/.ssh/id_rsa.pub on Launchpad and I now able use its bazaar infrastructure.
Thanks a lot!