Arch Linux

Masin AD

Member

Registered: 2015-02-07

Posts: 23

SSH, pubkey authentication, keyring won't work

Hi,

today I tried securing my virtual server following these directions: https://stribika.github.io/2015/01/04/s … shell.html

The server runs Ubuntu 12.04 with all updates installed, which means there's OpenSSH 5.9 running on it. This version lacks support of a few algorithms mentioned in the linked article. I just state this for sake of completeness. I disabled those accordingly.

On my desktop I use Archlinux. I had pubkey authentication setup and working before; in fact, I used it to change the /etc/ssh/sshd_config on my server. After generating a new pair of RSA keys using

ssh-keygen -t rsa -b 4096 -o -a 100

and copying the new key via ssh-copy-id

ssh my_server

reports

Agent admitted failure to sign using the key.

besides a lot of other stuff not related to this issue. I can login using

SSH_AUTH_SOCKS=0 ssh my_server

but it asks me every time I login for my passphrase. It's quite long as I used a password generator to create it.
I found a hint to use ssh-add which also asks me for my passphrase, after which it is recommended to log out and back in. I did that, but still, the agent admits its failure to sign the key.

Reverting the clientside changes doesn't help. Reverting the serverside changes doesn't help either. I guess I somehow broke my local keyring management and I don't know how. Maybe the mistake was to just generate a new pair of keys without deleting the old one but I don't know how to address that problem now :-/.

Any hints?

Spider.007

Member

Registered: 2004-06-20

Posts: 1,175

Re: SSH, pubkey authentication, keyring won't work

Do you use ssh-agent; or do you maybe user gnome (which includes an ssh-agent)?

Last edited by Spider.007 (2015-02-07 21:39:21)

Masin AD

Member

Registered: 2015-02-07

Posts: 23

Re: SSH, pubkey authentication, keyring won't work

Do you use ssh-agent; or do you maybe user gnome (which includes an ssh-agent)?

I use gnome-shell.