Error: ssh unable to authenticate
Closed this issue ยท 19 comments
Hi, can you help what I do wrong?
$ ssh webmaster@<host>
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 4.2.0-27-generic x86_64)
* Documentation: https://help.ubuntu.com/
You have new mail.
Last login: Wed Mar 23 15:21:23 2016 from 195.16.110.65
webmaster@environment:~$ exit
logout
Connection to <host> closed.
$ GoSSHa -l webmaster
{"Type":"InitializeComplete","InitializeComplete":true}
{"Action":"ssh","Cmd":"uptime","Hosts":["<host>"]}
{"Type":"Reply","Hostname":"<host>","Stdout":"","Stderr":"","Success":false,"ErrMsg":"ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain"}
{"Type":"FinalReply","TotalTime":0.711877219,"TimedOutHosts":{}}
How exactly do you authenticate? Maybe you have custom names for
public/private keys (I mean not id_rsa, id_ecdsa and id_dsa)
On Wed, 23 Mar 2016 at 15:55, Ilyas Salikhov notifications@github.com
wrote:
Hi, can you help what I do wrong?
$ ssh webmaster@
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 4.2.0-27-generic x86_64)
- Documentation: https://help.ubuntu.com/
You have new mail.
Last login: Wed Mar 23 15:21:23 2016 from 195.16.110.65
webmaster@environment:~$ exit
logout
Connection to closed.
$ GoSSHa -l webmaster
{"Type":"InitializeComplete","InitializeComplete":true}
{"Action":"ssh","Cmd":"uptime","Hosts":[""]}
{"Type":"Reply","Hostname":"","Stdout":"","Stderr":"","Success":false,"ErrMsg":"ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain"}
{"Type":"FinalReply","TotalTime":0.711877219,"TimedOutHosts":{}}โ
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#7
No, authentication is typical. There is file ~/.ssh/id_rsa.
This is ssh verbose output:
$ ssh webmaster@<host> -v
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to <host> [<host>] port 22.
debug1: Connection established.
debug1: identity file /Users/ilyas/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 136.243.156.103:22 as 'webmaster'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:os47Bokv0tZOYgYTJhyWuEIYn3nvkyWhDlS+OVyOrrA
debug1: Host '136.243.156.103' is known and matches the ECDSA host key.
debug1: Found key in /Users/ilyas/.ssh/known_hosts:159
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/ilyas/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 151
debug1: Authentication succeeded (publickey).
Authenticated to <host> ([<host>]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = ru_RU.UTF-8
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 4.2.0-27-generic x86_64)
* Documentation: https://help.ubuntu.com/
You have new mail.
Last login: Wed Mar 23 15:53:04 2016 from 195.16.110.65
webmaster@environment:~$
Actually your problem is a good reason for having some kind of verbose mode
for GoSSHa as well. I'll try to implement it when I have time
On Wed, 23 Mar 2016 at 16:42, Ilyas Salikhov notifications@github.com
wrote:
No, authentication is typical. There is file ~/.ssh/id_rsa.
This is ssh verbose output:
$ ssh webmaster@ -v
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to [] port 22.
debug1: Connection established.
debug1: identity file /Users/ilyas/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/ilyas/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 136.243.156.103:22 as 'webmaster'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com none
debug1: kex: client->server chacha20-poly1305@openssh.com none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:os47Bokv0tZOYgYTJhyWuEIYn3nvkyWhDlS+OVyOrrA
debug1: Host '136.243.156.103' is known and matches the ECDSA host key.
debug1: Found key in /Users/ilyas/.ssh/known_hosts:159
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/ilyas/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 151
debug1: Authentication succeeded (publickey).
Authenticated to ([]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = ru_RU.UTF-8
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 4.2.0-27-generic x86_64)
- Documentation: https://help.ubuntu.com/
You have new mail.
Last login: Wed Mar 23 15:53:04 2016 from 195.16.110.65
webmaster@environment:~$โ
You are receiving this because you commented.Reply to this email directly or view it on GitHub
#7 (comment)
It seems that it is indeed broken with the most recent version of ssh package. I will investigate a bit later.
You can use old version that does not use current ssh package. It should work:
https://github.com/YuriyNasretdinov/GoSSHa/blob/9965f35583193dd9ffafeafc55f039f991d3abb9/main.go
So the actual problem was probably in that I merged a patch that enables usage of new ssh client without checking that it works in all cases :). It seems that code that should add signers for public keys was missing and actually on ssh-agent was supported. I always use ssh-agent so I did not notice anything. I will make a proper fix in a moment
I am still not sure that it was the reason, sadly. Could you please "go get -u github.com/YuriyNasretdinov/GoSSHa" and try again?
I made go get -u github.com/YuriyNasretdinov/GoSSHa, but problem is the same. Nothing changed.
This issue persists for me as well.
"ErrMsg":"ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain"}
Hi, Yuriy! Any news about this problem?
I am sorry about your issue. It does not seem realted to GoSSHa and I could
not find any kind of verbose mode in ssh package that I use in go. If you
look at error messages, it shows that your keys are used, so it is not
about GoSSHa probably, but about ssh library.
On Mon, 6 Jun 2016 at 08:12, Ilyas Salikhov notifications@github.com
wrote:
Hi, Yuriy! Any news about this problem?
โ
You are receiving this because you commented.Reply to this email directly, view it on GitHub
#7 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AAjJuVDtws10QI7wv2dgDiH6njsBh84qks5qI7o9gaJpZM4H3CRO
.
Do you know about related issue in go-ssh library repo?
I actually was able to get gossha working. Its been a few weeks, so i dont
remember the issue i had, but. Works.
Thanks!
On Jun 6, 2016 2:12 AM, "Ilyas Salikhov" notifications@github.com wrote:
Hi, Yuriy! Any news about this problem?
โ
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#7 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AFDbyjDWhqRDRlfW6rcSUhTAAjyWJ-x3ks5qI7o-gaJpZM4H3CRO
.
@muxx No, I am sorry, I am unaware about any incompatibilities between go.net/ssh and openssh. I am sure they exist though, you should take a look at https://github.com/golang/go/issues?utf8=โ&q=is%3Aissue+is%3Aopen+ssh
It seems that the actual problem is that if you have ssh-agent that has no valid keys but you have valid ssh keys in your ssh directory then only ssh agent will be used for authentication. If it fails then you would get attempted methods [none publickey] error. You could check that it really works by running something like "SSH_AUTH_SOCK= GoSSHa" and thus disabling attempts to use ssh agent first.
There are two debug constants in ssh package that you can use to enable debug:
golang.org/x/crypto/ssh/mux.go:const debugMux = false # change it to true
golang.org/x/crypto/ssh/handshake.go:const debugHandshake = false # also change it to true
It seems that the actual problem is that if you have ssh-agent that has no valid keys but you have valid ssh keys in your ssh directory then only ssh agent will be used for authentication. If it fails then you would get attempted methods [none publickey] error. You could check that it really works by running something like "SSH_AUTH_SOCK= GoSSHa" and thus disabling attempts to use ssh agent first.
Thanks, yes, it works but with warnings:
$ SSH_AUTH_SOCK=GoSSHa bin/GoSSHa
{"Type":"InitializeComplete","InitializeComplete":true}
{"Action":"ssh","Cmd":"uptime","Hosts":["x.x.x.x"]}
{"Type":"UserError","IsCritical":false,"ErrorMsg":"Cannot open connection to SSH agent: dial unix GoSSHa: connect: no such file or directory"}
{"Type":"ConnectionProgress","ConnectedHost":"x.x.x.x"}
{"Type":"Reply","Hostname":"x.x.x.x","Stdout":" 13:32:03 up 140 days, 2:48, 1 user, load average: 0.19, 0.11, 0.08\n","Stderr":"","Success":true,"ErrMsg":""}
{"Type":"FinalReply","TotalTime":0.580638787,"TimedOutHosts":{}}
You could use SSH_AUTH_SOCK= (with no value) and have no warnings. Anyway,
I will fix in the future although I have no estimate yet.
On Mon, 8 Aug 2016 at 13:34, Ilyas Salikhov notifications@github.com
wrote:
It seems that the actual problem is that if you have ssh-agent that has no
valid keys but you have valid ssh keys in your ssh directory then only ssh
agent will be used for authentication. If it fails then you would get
attempted methods [none publickey] error. You could check that it really
works by running something like "SSH_AUTH_SOCK= GoSSHa" and thus disabling
attempts to use ssh agent first.Thanks, yes, it works but with warnings:
$ SSH_AUTH_SOCK=GoSSHa bin/GoSSHa
{"Type":"InitializeComplete","InitializeComplete":true}
{"Action":"ssh","Cmd":"uptime","Hosts":["x.x.x.x"]}
{"Type":"UserError","IsCritical":false,"ErrorMsg":"Cannot open connection to SSH agent: dial unix GoSSHa: connect: no such file or directory"}
{"Type":"ConnectionProgress","ConnectedHost":"x.x.x.x"}
{"Type":"Reply","Hostname":"x.x.x.x","Stdout":" 13:32:03 up 140 days, 2:48, 1 user, load average: 0.19, 0.11, 0.08\n","Stderr":"","Success":true,"ErrMsg":""}
{"Type":"FinalReply","TotalTime":0.580638787,"TimedOutHosts":{}}โ
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#7 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAjJuSULi2y_5-2u618Ng1pPdGWsiXgmks5qdwZGgaJpZM4H3CRO
.
Thanks!