[opensuse-factory] ssh-agent/ssh-add not working
Hi, few days ago after my usual zypper dup ssh-agent stop working on TW. I check all I know ( like that ENV is set properly and so on ) and run out of ideas. So how it looks like: jreidinger@pepa:~/yast/storage-ng> ssh-add Enter passphrase for /home/jreidinger/.ssh/id_dsa: Identity added: /home/jreidinger/.ssh/id_dsa (/home/jreidinger/.ssh/id_dsa) jreidinger@pepa:~/yast/storage-ng> git pull Enter passphrase for key '/home/jreidinger/.ssh/id_dsa': So identity added, but then next attempt to use key ends up with question for passphrase again, which makes e.g. remote virt-manager useless. Thanks for any hints. Josef -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 14 Feb 2018 09:06, Josef Reidinger wrote:
Hi, few days ago after my usual zypper dup ssh-agent stop working on TW. I check all I know ( like that ENV is set properly and so on ) and run out of ideas.
So how it looks like:
jreidinger@pepa:~/yast/storage-ng> ssh-add Enter passphrase for /home/jreidinger/.ssh/id_dsa: Identity added: /home/jreidinger/.ssh/id_dsa (/home/jreidinger/.ssh/id_dsa) jreidinger@pepa:~/yast/storage-ng> git pull Enter passphrase for key '/home/jreidinger/.ssh/id_dsa':
So identity added, but then next attempt to use key ends up with question for passphrase again, which makes e.g. remote virt-manager useless.
Thanks for any hints.
Just a shot from the blue: In the latest versions of ssh the keytype dsa is deprecated / removed. Check via direct "ssh -v user@host" to see the messages at login. If that is the cause, then the best option is to create a new key, rsa >= 4096bit or eliptic curve keys - Yamaban. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 14 Feb 2018 09:45:35 +0100 (CET) Yamaban <foerster@lisas.de> wrote:
On Wed, 14 Feb 2018 09:06, Josef Reidinger wrote:
Hi, few days ago after my usual zypper dup ssh-agent stop working on TW. I check all I know ( like that ENV is set properly and so on ) and run out of ideas.
So how it looks like:
jreidinger@pepa:~/yast/storage-ng> ssh-add Enter passphrase for /home/jreidinger/.ssh/id_dsa: Identity added: /home/jreidinger/.ssh/id_dsa (/home/jreidinger/.ssh/id_dsa) jreidinger@pepa:~/yast/storage-ng> git pull Enter passphrase for key '/home/jreidinger/.ssh/id_dsa':
So identity added, but then next attempt to use key ends up with question for passphrase again, which makes e.g. remote virt-manager useless.
Thanks for any hints.
Just a shot from the blue: In the latest versions of ssh the keytype dsa is deprecated / removed. Check via direct "ssh -v user@host" to see the messages at login.
If that is the cause, then the best option is to create a new key, rsa >= 4096bit or eliptic curve keys
- Yamaban.
This is probably not reason, because when I specify passphrase, then it connect there and do proper git pull. So looks like ssh-agent ignore that key is already confirmed. Josef -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Le mercredi 14 février 2018 à 09:06 +0100, Josef Reidinger a écrit :
Hi, few days ago after my usual zypper dup ssh-agent stop working on TW. I check all I know ( like that ENV is set properly and so on ) and run out of ideas.
So how it looks like:
jreidinger@pepa:~/yast/storage-ng> ssh-add Enter passphrase for /home/jreidinger/.ssh/id_dsa: Identity added: /home/jreidinger/.ssh/id_dsa (/home/jreidinger/.ssh/id_dsa) jreidinger@pepa:~/yast/storage-ng> git pull Enter passphrase for key '/home/jreidinger/.ssh/id_dsa':
So identity added, but then next attempt to use key ends up with question for passphrase again, which makes e.g. remote virt-manager useless.
I've noticed similar issues on SLE15 Beta6: it looks like ssh-agent is not properly started. If I start it manually and export the proper variables, everything works. Didn't had time to investigate further :( -- Frederic Crozat Enterprise Desktop Release Manager SUSE -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Dne středa 14. února 2018 9:06:08 CET, Josef Reidinger napsal(a):
few days ago after my usual zypper dup ssh-agent stop working on TW. I check all I know ( like that ENV is set properly and so on ) and run out of ideas.
jreidinger@pepa:~/yast/storage-ng> ssh-add Enter passphrase for /home/jreidinger/.ssh/id_dsa: Identity added: /home/jreidinger/.ssh/id_dsa (/home/jreidinger/.ssh/id_dsa) jreidinger@pepa:~/yast/storage-ng> git pull Enter passphrase for key '/home/jreidinger/.ssh/id_dsa':
So identity added, but then next attempt to use key ends up with question for passphrase again, which makes e.g. remote virt-manager useless.
Might it happer, that DSA was removed from the target server? I'd try nmap target.server.cz --script ssh-hostkey It should output something like ... 22/tcp open ssh | ssh-hostkey: | 1024 7e:56:5c:12:de:... (RSA) | 256 3e:50:26:60:1f:... (ECDSA) |_ 256 c4:21:84:7f:e0:... (EdDSA) ... (well, some hosts actively blocks nmap, but let's hope it will work...) DSA is missing here. On my TW boxes, I don't use ssh-add, but I directly type 'ssh user@host' and KDE asks for the SSH key password. So it works as expected. -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/
On Wed, 14 Feb 2018 10:00:06 +0100 Vojtěch Zeisek <vojtech.zeisek@opensuse.org> wrote:
Dne středa 14. února 2018 9:06:08 CET, Josef Reidinger napsal(a):
few days ago after my usual zypper dup ssh-agent stop working on TW. I check all I know ( like that ENV is set properly and so on ) and run out of ideas.
jreidinger@pepa:~/yast/storage-ng> ssh-add Enter passphrase for /home/jreidinger/.ssh/id_dsa: Identity added: /home/jreidinger/.ssh/id_dsa (/home/jreidinger/.ssh/id_dsa) jreidinger@pepa:~/yast/storage-ng> git pull Enter passphrase for key '/home/jreidinger/.ssh/id_dsa':
So identity added, but then next attempt to use key ends up with question for passphrase again, which makes e.g. remote virt-manager useless.
Might it happer, that DSA was removed from the target server? I'd try nmap target.server.cz --script ssh-hostkey It should output something like ... 22/tcp open ssh | ssh-hostkey: | 1024 7e:56:5c:12:de:... (RSA) | 256 3e:50:26:60:1f:... (ECDSA) |_ 256 c4:21:84:7f:e0:... (EdDSA) ... (well, some hosts actively blocks nmap, but let's hope it will work...) DSA is missing here. On my TW boxes, I don't use ssh-add, but I directly type 'ssh user@host' and KDE asks for the SSH key password. So it works as expected.
Well, when I manually write passphrase (when asked during git pull), server accept my ssh key. So looks like something is wrong with ssh-agent itself. Josef
On Wed, Feb 14, 2018 at 5:06 AM, Josef Reidinger <jreidinger@suse.cz> wrote:
Hi, few days ago after my usual zypper dup ssh-agent stop working on TW. I check all I know ( like that ENV is set properly and so on ) and run out of ideas.
So how it looks like:
jreidinger@pepa:~/yast/storage-ng> ssh-add Enter passphrase for /home/jreidinger/.ssh/id_dsa: Identity added: /home/jreidinger/.ssh/id_dsa (/home/jreidinger/.ssh/id_dsa) jreidinger@pepa:~/yast/storage-ng> git pull Enter passphrase for key '/home/jreidinger/.ssh/id_dsa':
There is no DSA key support in current openSSH, please create/update Ed25519 keypair and just in case the target server does not support that create an ecdsa keypair too. You could also waste energy and time with larger RSA keys if you wish so. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Feb 14, 2018 at 09:06:08AM +0100, Josef Reidinger wrote:
few days ago after my usual zypper dup ssh-agent stop working on TW. I check all I know ( like that ENV is set properly and so on ) and run out of ideas.
So how it looks like:
jreidinger@pepa:~/yast/storage-ng> ssh-add Enter passphrase for /home/jreidinger/.ssh/id_dsa: Identity added: /home/jreidinger/.ssh/id_dsa (/home/jreidinger/.ssh/id_dsa) jreidinger@pepa:~/yast/storage-ng> git pull Enter passphrase for key '/home/jreidinger/.ssh/id_dsa':
So identity added, but then next attempt to use key ends up with question for passphrase again, which makes e.g. remote virt-manager useless.
Thanks for any hints.
What I would probably check first is if "ssh-add -l" shows the identity after ssh-add claims it added it. That way you would at least know if the problem is in adding it or in using it. I had a different but related problem after a recent 15.0 update: sddm update rewrote /etc/pam.d/sddm (not marked as "noreplace" :-( ) so that pam_ssh didn't work on login to KDE. Perhaps your problem might be also related to some overwritten config files. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (6)
-
Cristian Rodríguez -
Frederic Crozat -
Josef Reidinger -
Michal Kubecek -
Vojtěch Zeisek -
Yamaban