[Bug 3506] Permission denied (publickey) with two -i identity files
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Nov 30 10:00:08 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3506
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 3627
--> https://bugzilla.mindrot.org/attachment.cgi?id=3627
verbose output of ssh attempt
The handling of -i hasn't changed as far as I know.
[...]
>debug1: identity file /Users/steve/.config/zaccess/penguin.randomhostname.com.cert type 4
>debug1: identity file /Users/steve/.config/zaccess/penguin.randomhostname.com.cert-cert type -1
>debug1: identity file /Users/steve/.ssh/vault type 0
>debug1: identity file /Users/steve/.ssh/vault-cert type -1
This doesn't exactly match the example invocation, but it indicates
that two keys were loaded.
[...]
>debug1: Offering public key: /Users/steve/.config/zaccess/penguin.randomhostname.com.cert RSA-CERT SHA256:v1zotU9ug24hc109SJwmsnWA0JQHABY/t2NjMn/SDVM explicit
>debug1: send_pubkey_test: no mutual signature algorithm
I think this is your problem: ssh-rsa was disabled by default in 8.8
(https://www.openssh.com/releasenotes.html#8.8). You can test this by
adding "-oPubkeyAcceptedAlgorithms=+ssh-rsa" to your command line. I'm
not sure why it didn't try one of the stronger RSA SHA256/512 variants.
>debug1: Offering public key: /Users/steve/.ssh/vault RSA SHA256:v1zotU9ug24hc109SJwmsnWA0JQHABY/t2NjMn/SDVM explicit
>debug3: send packet: type 50
>debug2: we sent a publickey packet, wait for reply
>debug3: receive packet: type 51
>debug1: Authentications that can continue: publickey
This key is not in the server's authorized_keys.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list