What's the output of `file ~/.ssh/siefke_key; ls -lah ~/.ssh/siefke_key`? Martin On Sat, Jul 22, 2023 at 3:17 PM Silvio Siefke <siefke_listen@xxxxxx> wrote: > > Hello, > > I try to connect remote maschines over SSH but with all servers I become > message: > > Load key ".ssh/siefke_key": error in libcrypto > siefke@192.168.2.250: Permission denied > (publickey,gssapi-keyex,gssapi-with-mic). > > With -vvv > OpenSSH_9.3p2, OpenSSL 3.1.1 30 May 2023 > debug2: resolve_canonicalize: hostname 192.168.2.250 is address > debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> > '/home/siefke/.ssh/known_hosts' > debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> > '/home/siefke/.ssh/known_hosts2' > debug3: ssh_connect_direct: entering > debug1: Connecting to 192.168.2.250 [192.168.2.250] port 12500. > debug3: set_sock_tos: set socket 3 IP_TOS 0x48 > debug1: Connection established. > debug1: identity file .ssh/siefke_key type -1 > debug1: identity file .ssh/siefke_key-cert type -1 > debug1: Local version string SSH-2.0-OpenSSH_9.3 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_8.4p1 Debian-5+deb11u1 > debug1: compat_banner: match: OpenSSH_8.4p1 Debian-5+deb11u1 pat > OpenSSH* compat 0x04000000 > debug2: fd 3 setting O_NONBLOCK > debug1: Authenticating to 192.168.2.250:12500 as 'siefke' > debug3: put_host_port: [192.168.2.250]:12500 > debug3: record_hostkey: found key type ED25519 in file > /home/siefke/.ssh/known_hosts:1 > debug3: load_hostkeys_file: loaded 1 keys from [192.168.2.250]:12500 > debug1: load_hostkeys: fopen /home/siefke/.ssh/known_hosts2: No such > file or directory > debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or > directory > debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or > directory > debug3: order_hostkeyalgs: have matching best-preference key type > ssh-ed25519-cert-v01@xxxxxxxxxxx, using HostkeyAlgorithms verbatim > debug3: send packet: type 20 > debug1: SSH2_MSG_KEXINIT sent > debug3: receive packet: type 20 > debug1: SSH2_MSG_KEXINIT received > debug2: local client KEXINIT proposal > debug2: KEX algorithms: > sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c > debug2: host key algorithms: > ssh-ed25519-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,sk-ssh-ed25519-cert-v01@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-cert-v01@xxxxxxxxxxx,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256 > debug2: ciphers ctos: > chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx > debug2: ciphers stoc: > chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx > debug2: MACs ctos: > umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: MACs stoc: > umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: compression ctos: none,zlib@xxxxxxxxxxx,zlib > debug2: compression stoc: none,zlib@xxxxxxxxxxx,zlib > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug2: peer server KEXINIT proposal > debug2: KEX algorithms: > curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 > debug2: host key algorithms: > rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 > debug2: ciphers ctos: > chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx > debug2: ciphers stoc: > chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx > debug2: MACs ctos: > umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: MACs stoc: > umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: compression ctos: none > debug2: compression stoc: none > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug1: kex: algorithm: curve25519-sha256 > debug1: kex: host key algorithm: ssh-ed25519 > debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC: > <implicit> compression: none > debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC: > <implicit> compression: none > debug3: send packet: type 30 > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > debug3: receive packet: type 31 > debug1: SSH2_MSG_KEX_ECDH_REPLY received > debug1: Server host key: ssh-ed25519 > SHA256:2L6kf42fJXVTes8cWAEHSSXeXVG/bvO1FjBO6kNOUPg > debug3: put_host_port: [192.168.2.250]:12500 > debug3: put_host_port: [192.168.2.250]:12500 > debug3: record_hostkey: found key type ED25519 in file > /home/siefke/.ssh/known_hosts:1 > debug3: load_hostkeys_file: loaded 1 keys from [192.168.2.250]:12500 > debug1: load_hostkeys: fopen /home/siefke/.ssh/known_hosts2: No such > file or directory > debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or > directory > debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or > directory > debug1: Host '[192.168.2.250]:12500' is known and matches the ED25519 > host key. > debug1: Found key in /home/siefke/.ssh/known_hosts:1 > debug3: send packet: type 21 > debug2: ssh_set_newkeys: mode 1 > debug1: rekey out after 134217728 blocks > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug3: receive packet: type 21 > debug1: SSH2_MSG_NEWKEYS received > debug2: ssh_set_newkeys: mode 0 > debug1: rekey in after 134217728 blocks > debug3: ssh_get_authentication_socket_path: path > '/run/user/1500/keyring/ssh' > debug1: get_agent_identities: bound agent to hostkey > debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no > identities > debug1: Will attempt key: .ssh/siefke_key explicit > debug2: pubkey_prepare: done > debug3: send packet: type 5 > debug3: receive packet: type 7 > debug1: SSH2_MSG_EXT_INFO received > debug1: kex_input_ext_info: > server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@xxxxxxxxxxx,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,webauthn-sk-ecdsa-sha2-nistp256@xxxxxxxxxxx> > debug3: receive packet: type 6 > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug3: send packet: type 50 > debug3: receive packet: type 51 > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic > debug3: start over, passed a different list > publickey,gssapi-keyex,gssapi-with-mic > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: .ssh/siefke_key > Load key ".ssh/siefke_key": error in libcrypto > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > siefke@192.168.2.250: Permission denied > (publickey,gssapi-keyex,gssapi-with-mic). > > With mac it works, with pi in other way it works. I not understand what > happen here. > > Thank you for help > Silvio
