[Bug 3506] Permission denied (publickey) with two -i identity files

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Nov 30 10:00:08 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3506

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
Comment on attachment 3627
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3627
verbose output of ssh attempt

The handling of -i hasn't changed as far as I know.

[...]
>debug1: identity file /Users/steve/.config/zaccess/penguin.randomhostname.com.cert type 4
>debug1: identity file /Users/steve/.config/zaccess/penguin.randomhostname.com.cert-cert type -1
>debug1: identity file /Users/steve/.ssh/vault type 0
>debug1: identity file /Users/steve/.ssh/vault-cert type -1

This doesn't exactly match the example invocation, but it indicates
that two keys were loaded.

[...]
>debug1: Offering public key: /Users/steve/.config/zaccess/penguin.randomhostname.com.cert RSA-CERT SHA256:v1zotU9ug24hc109SJwmsnWA0JQHABY/t2NjMn/SDVM explicit
>debug1: send_pubkey_test: no mutual signature algorithm

I think this is your problem: ssh-rsa was disabled by default in 8.8
(https://www.openssh.com/releasenotes.html#8.8).  You can test this by
adding "-oPubkeyAcceptedAlgorithms=+ssh-rsa" to your command line.  I'm
not sure why it didn't try one of the stronger RSA SHA256/512 variants.

>debug1: Offering public key: /Users/steve/.ssh/vault RSA SHA256:v1zotU9ug24hc109SJwmsnWA0JQHABY/t2NjMn/SDVM explicit
>debug3: send packet: type 50
>debug2: we sent a publickey packet, wait for reply
>debug3: receive packet: type 51
>debug1: Authentications that can continue: publickey

This key is not in the server's authorized_keys.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list