Tag: ssh

  • ssh asking for password when it shouldn’t

    After a recent Ubuntu upgrade, one of my frequented remote servers stopped accepting my public key and was prompting me for my password.  The password is gross and unwieldy and I was most put-out, I must say.  So, I googled the title of this post.  Mostly suggestions to check the permissions of various files.  All of mine were locked tight to user-only, including my home directory.

    Of course, I’d already tried ssh -vvv to get all the debugging output.  Unfortunately, I zoomed in on the following message:

    debug1: Next authentication method: publickey
    debug2: we did not send a packet, disable method
    
    

    Instead of this one a little further up:

    debug1: Skipping ssh-dss key /home/ME/.ssh/keyfiles/ME.key - not in PubkeyAcceptedKeyTypes
    
    

    Rather than add ssh-dss to the supported types, I just created a new key with ssh-keygen.   An ssh-copy-id later, everything worked.

    … except when it didn’t.  Adding the following to ~/.ssh/config</tt for the offending host worked:

    Host refuses-my-agent-keys.jerkass.com
        PubkeyAcceptedKeyTypes +ssh-dss
    
    
  • ssh: no matching cipher found

    After a recent Ubuntu upgrade on my home machine, ssh attempts to it from the VirtualBox instance at work stopped working.   Here’s what ssh spewed back at me:

      no matching cipher found: client blowfish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

     

    Impatient, I just logged in from another machine.  The VM runs CentOS 5.10 so that its environment is comparable with what [used to be] present on the majority of our production servers.   I’m an anti-RedHat bigot in the first place, and didn’t want to hunt down repos and upgrade my ssh.

    That was not necessary.  The problem was a “Ciphers” line I’d added to my ~/.ssh/config, intended to prefer  (“Googallegedly”) faster encryption methods.   Adding all but those that resemble email addresses seems to have fixed the issue.   My “Ciphers” line now looks like this:

      Host *
      Ciphers blowfish-cbc,arcfour,aes128-ctr,aes192-ctr,aes256-ctr

     

    The ciphers may be defined in your system /etc/ssh/ssh_config.  Check around.  If you can’t find it anywhere, try this:

      sudo find  ~/.[a-z]* /etc -path '*ssh*' -type f | sudo xargs fgrep Cipher

     

    Anyway, that was my fix.   Right on in, easy-peasy lemon-squeezy.