I recently had to upgrade my version of OpenSSH from 4.7 to 5.0p1 on my MacBook (Darwin). I installed the latest 'portable' tarball and removed the system version: $ ssh -V OpenSSH_5.0p1, OpenSSL 0.9.7l 28 Sep 2006 $ which ssh /usr/bin/ssh sshd is the same version, installed in /usr/sbin/sshd. Now, things are a bit broken: I am able to ssh from another machine into my MacBook, so the server (sshd) is working, but the outgoing client (ssh) hangs indefinitely on connect. ssh-add also hangs on any operation. ssh- agent shows: SSH_AUTH_SOCK=/tmp/ssh-35xNGanxBs/agent.2282; export SSH_AUTH_SOCK; SSH_AGENT_PID=2283; export SSH_AGENT_PID; echo Agent pid 2283; The interesting bits from an 'ssh -vvv localhost' session are: ... debug3: Not a RSA1 key file /Users/jd/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace ... debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype The ssh connection attempt just hangs and sits at: ... debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received I don't know why the error 'Not a RSA1 key file' comes up, as my private key (id_rsa) remains unchanged and begins: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,... Other points of interest: 'ssh-keygen -B' correctly identifies my private key and returns what appears to be a valid bubble-babble digest, beginning with '1024 ...' 'ssh-keygen -l' correctly identifies my private key and returns what appears to be a valid fingerprint, beginning with '1024 ...' 'ssh-keygen -y' correctly identifies my private key, asks for my pass phrase, and returns my public key, beginning with 'ssh-rsa ...' I haven't knowingly enabled any RSA-related settings in sshd_config, and HostKey remains commented out. Any thoughts on what may be wrong, whether this is a bug or something I've screwed up, or what else I can try? Thanks, ~John
Hello, Any help, please? Could this possibly be a bug with 'portable' OpenSSH 5.0p_1 on Mac OS X 10.5.3? I don't understand why the daemon is saying my private key is "Not a RSA1 key file" when it _is_ a valid RSA key file ... or why the daemon is trying to read the private key in the first place: as long as the SSH Agent is working properly, shouldn't it be the _public_ key it looks for? Thanks, ~John On Jun 18, 2008, at 6:16 PM, John DeStefano wrote:> I recently had to upgrade my version of OpenSSH from 4.7 to 5.0p1 on > my > MacBook (Darwin). I installed the latest 'portable' tarball and > removed the system version: > $ ssh -V > OpenSSH_5.0p1, OpenSSL 0.9.7l 28 Sep 2006 > $ which ssh > /usr/bin/ssh > > sshd is the same version, installed in /usr/sbin/sshd. Now, things are > a bit broken: I am able to ssh from another machine into my MacBook, > so the server (sshd) is working, but the outgoing client (ssh) hangs > indefinitely on connect. ssh-add also hangs on any operation. ssh- > agent shows: > SSH_AUTH_SOCK=/tmp/ssh-35xNGanxBs/agent.2282; export SSH_AUTH_SOCK; > SSH_AGENT_PID=2283; export SSH_AGENT_PID; > echo Agent pid 2283; > > The interesting bits from an 'ssh -vvv localhost' session are: > ... > debug3: Not a RSA1 key file /Users/jd/.ssh/id_rsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'Proc-Type:' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'DEK-Info:' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > ... > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > > The ssh connection attempt just hangs and sits at: > ... > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > > I don't know why the error 'Not a RSA1 key file' comes up, as my > private key (id_rsa) remains unchanged and begins: > -----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > DEK-Info: DES-EDE3-CBC,... > > Other points of interest: > 'ssh-keygen -B' correctly identifies my private key and returns what > appears to be a valid bubble-babble digest, beginning with '1024 ...' > 'ssh-keygen -l' correctly identifies my private key and returns what > appears to be a valid fingerprint, beginning with '1024 ...' > 'ssh-keygen -y' correctly identifies my private key, asks for my > pass phrase, and returns my public key, beginning with 'ssh-rsa ...' > I haven't knowingly enabled any RSA-related settings in sshd_config, > and HostKey remains commented out. > > Any thoughts on what may be wrong, whether this is a bug or > something I've screwed up, or what else I can try? > > Thanks, > ~John
Peter Stuge wrote:> On Fri, Jun 20, 2008 at 04:00:16PM -0400, John DeStefano wrote: > > OK; thanks ... but if 'Protocol 2' is specified in sshd_config, > > should sshd be looking for an 'RSA1 key'? > > Protocol is about what sshd speaks on the network. > > But granted - there is no point in dealing with SSH v1 keys when > using protocol version v2. Please send patches. :) > > > And why would it look at .ssh/id_rsa instead of looking for > > .ssh/identity, > > Because .ssh/id_rsa is the default SSH v2 RSA key filename.Yes, but this seems to conflict with the 'RSA1' message I'm getting: if the daemon is truly looking for a protocol v1 key, why would it bother moving past the absence of an 'identity' key file and on to other files (of newer protocols)?> > which doesn't exist on my system but I believe is the file used for > > SSH v1 RSA? Is there a way to prevent it from doing so? > > .ssh/identity is the default SSH v1 key filename.Right; this much I know.> The key thing is not a problem - that's just how sshd looks for keys.I understand what you're saying, but it seems like the key thing _is_ keeping the daemon from functioning properly in my case. Something is telling it to look for a protocol v1 key, and for nothing else, and I can't figure out what it is.> I'm afraid I can't provide any good suggestions about the real > problem. :\Me either; this is really baffling me: I can use the very same key (and other keys I've tested) with the 'ssh' client to connect remotely, and successfully, to other hosts. I just can't connect to my own 'sshd' service. Thanks, ~John