SSH not working after non-SSH updates

andrekp · 2015-10-18 16:04:51

I have three boxes running Arch, the same three dual boot Ubuntu, and a Ubuntu server which would be the machine to SSH into.

All six linux instances (and my phone) were able to SSH into the server three weeks ago with no issues.

A couple weeks back, I upgraded ONE of the Arch instances. At that point, a problem was created (non-SSH), detailed in another thread, so I did not upgrade either of the other two Arch instances. In that upgrade, openSSH was NOT upgraded, and SSH still worked on all Linux instances. As I was dealing with the unrelated problem, I did no further upgrading on the problematic Arch instance.

Sometime after that, SSH stopped working on that Linux instance. Running "ssh -p 22 -v andrekp@192.168.1.250" yields:

OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.250 [192.168.1.250] port 22.
debug1: Connection established.
debug1: identity file /home/andrekp/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/andrekp/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/andrekp/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/andrekp/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/andrekp/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/andrekp/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/andrekp/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/andrekp/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 192.168.1.250:22 as 'andrekp'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:cDlIbYizZ6P2R6efDbfSUeDmBrmrqfMC9hAA6hNUFrQ
debug1: Host '192.168.1.250' is known and matches the ECDSA host key.
debug1: Found key in /home/andrekp/.ssh/known_hosts:2
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
Ubuntu 14.04.3 LTS
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/andrekp/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Trying private key: /home/andrekp/.ssh/id_dsa
debug1: Trying private key: /home/andrekp/.ssh/id_ecdsa
debug1: Trying private key: /home/andrekp/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

At this point in my story, the other five instances of Linux (2 Arch, 3 Ubuntu), as well as my phone, could still SSH into the server just fine.

In a GOOD instance of Arch w/ open SSH, the above messages appear up until "debug1: Server accepts key: pkalg ssh-rsa blen 279", at which point a prompt window comes up asking for my password to unlock the key. I type in my password, and the connection is made successfully.

In a BAD instance of Arch w/ openSSH, no prompt is offered and the "debug1: Trying private key: /home/andrekp/.ssh/id_dsa" etc. happens until permission is denied.

I have verified this behavior by upgrading one of the other two good instances of Arch and finding the same result. Upgraded ARCH cannot SSH, un-upgraded can. None of the upgrades appear to be SSH-related. Downgrading openSSH or reinstalling openSSH does not resolve the issue.

From the differences in what happens GOOD vs. BAD,it appears that there is some sort of authentication problem outside of ssh. SSH goes looking for the key, but can't unlock it because the user is never given a prompt to type in a password.

Does anyone have any input on this? Any ideas as to why I'm not getting the appropriate password prompt? (this is Arch + SLiM + Openbox, if that matters). Not sure where to start looking...

EDIT: BTW, the server shows nothing useful in its authentication log. It just says "Connection closed by 192.168.1.97 [preauth]" which suggests unsurprisingly it's simply not getting a key.

Thanks

Last edited by andrekp (2015-10-18 16:08:40)

graysky · 2015-10-18 16:08:42

Your post is too wordy and confusing for me. Please simplify clearly stating to the problem without all the superfluous information... are you running a firewall? How often do you update your affected Arch box? Is this relevant to you: https://www.archlinux.org/news/openssh- … -dss-keys/

Last edited by graysky (2015-10-18 16:10:04)

lamarpavel · 2015-10-18 16:18:00

Are you using gpg-agent as your ssh-agent? If so, is your version of gnupg >= 2.1.7?

The related bug report: https://bugs.gnupg.org/gnupg/issue2111

andrekp · 2015-10-18 16:46:06

graysky wrote:

Your post is too wordy and confusing for me. Please simplify clearly stating to the problem without all the superfluous information... are you running a firewall? How often do you update your affected Arch box? Is this relevant to you: https://www.archlinux.org/news/openssh- … -dss-keys/

I'm sorry, but my post is just the complete information.

The TL:DR is:

I'm not getting a prompt to request the password for my ssh key.

No, that previous deprecation is not relevant.

andrekp · 2015-10-18 17:11:20

lamarpavel wrote:

Are you using gpg-agent as your ssh-agent? If so, is your version of gnupg >= 2.1.7?
The related bug report: https://bugs.gnupg.org/gnupg/issue2111

No. Though your question helped me notice something.

I appear to be using ssh-agent with gnome-keyring. (I set all this up YEARS ago, so honestly, I can't even remember all the details.)

I do recall that I was having trouble then getting it all to work automatically and that fixing it involved putting this in my .xinitrc:

# Start a D-Bus session
source /etc/X11/xinit/xinitrc.d/30-dbus
# Start GNOME Keyring
eval $(/usr/bin/gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
# You probably need to do this too:
export SSH_AUTH_SOCK
export GPG_AGENT_INFO
export GNOME_KEYRING_CONTROL
export GNOME_KEYRING_PID

I really don't remember all the details. I do remember that my problem was that when I used Filezilla to try to connect with the server, I could not, as I was never prompted for the password. I both ssh in directly, and occasionally use Filezilla, so I need a GUI prompt. (Sounds much like current problem)

What I don't know is what has changed. SSH authentication, which has remained as originally set up multiple years ago, simply stopped working. I'm not sure if I need to alter something, or pull that code from my .xinitrc and start from scratch setting it up again or...

Arch Linux

#1 2015-10-18 16:04:51

SSH not working after non-SSH updates

#2 2015-10-18 16:08:42

Re: SSH not working after non-SSH updates

#3 2015-10-18 16:18:00

Re: SSH not working after non-SSH updates

#4 2015-10-18 16:46:06

Re: SSH not working after non-SSH updates

#5 2015-10-18 17:11:20

Re: SSH not working after non-SSH updates

Board footer