Re: Updating from 6.6 - 6.9 SSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 




No I'm referring to "sshd -ddd" (preferrable on a high port like -p 8080 so you don't break your current ability to connect to the machine). As clearly the server is rejecting it. And only the server side debug can tell us that.

- Ben

Nick Stanoszek wrote:
I am using an AWS ubuntu 14.04 server...is that what you are asking?

On Tue, Jul 28, 2015 at 10:00 PM, Ben Lindstrom <mouring@xxxxxxxxxxxxx <mailto:mouring@xxxxxxxxxxxxx>> wrote:

    And Server?


    - Ben

    Nick Stanoszek wrote:
    Please see below :).  Just a note---this is the EXACT command
    that I use to log into the server BEFORE i try to update SSH.  I
    continue to use this same command for other servers.

    Nicks-MacBook-Pro:Downloads$ ssh -i WHATEVERKEY.pem
    ubuntu@54.200.249.185 <mailto:ubuntu@54.200.249.185> -v -v -v -v

    OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

    debug1: Reading configuration data /etc/ssh_config

    debug1: /etc/ssh_config line 20: Applying options for *

    debug2: ssh_connect: needpriv 0

    debug1: Connecting to 54.200.249.185 [54.200.249.185] port 22.

    debug1: Connection established.

    debug3: Incorrect RSA1 identifier

    debug3: Could not load "Payr-SimplicityPOSKey.pem" as a RSA1
    public key

    debug1: identity file Payr-SimplicityPOSKey.pem type -1

    debug1: identity file Payr-SimplicityPOSKey.pem-cert type -1

    debug1: Enabling compatibility mode for protocol 2.0

    debug1: Local version string SSH-2.0-OpenSSH_6.2

    debug1: Remote protocol version 2.0, remote software version
    OpenSSH_6.9

    debug1: match: OpenSSH_6.9 pat OpenSSH*

    debug2: fd 3 setting O_NONBLOCK

    debug3: load_hostkeys: loading entries for host "54.200.249.185"
    from file "/Users/nickstanoszek/.ssh/known_hosts"

    debug3: load_hostkeys: found key type RSA in file
    /Users/nickstanoszek/.ssh/known_hosts:55

    debug3: load_hostkeys: loaded 1 keys

    debug3: order_hostkeyalgs: prefer hostkeyalgs:
    ssh-rsa-cert-v01@xxxxxxxxxxx
    <mailto:ssh-rsa-cert-v01@xxxxxxxxxxx>,ssh-rsa-cert-v00@xxxxxxxxxxx <mailto:ssh-rsa-cert-v00@xxxxxxxxxxx>,ssh-rsa

    debug1: SSH2_MSG_KEXINIT sent

    debug1: SSH2_MSG_KEXINIT received

    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ssh-rsa-cert-v01@xxxxxxxxxxx
    <mailto:ssh-rsa-cert-v01@xxxxxxxxxxx>,ssh-rsa-cert-v00@xxxxxxxxxxx <mailto:ssh-rsa-cert-v00@xxxxxxxxxxx>,ssh-rsa,ssh-dss-cert-v01@xxxxxxxxxxx
    <mailto:ssh-dss-cert-v01@xxxxxxxxxxx>,ssh-dss-cert-v00@xxxxxxxxxxx <mailto:ssh-dss-cert-v00@xxxxxxxxxxx>,ssh-dss

    debug2: kex_parse_kexinit:
    aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@xxxxxxxxxxx
    <mailto:aes128-gcm@xxxxxxxxxxx>,aes256-gcm@xxxxxxxxxxx
    <mailto:aes256-gcm@xxxxxxxxxxx>,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
    <mailto:rijndael-cbc@xxxxxxxxxxxxxx>

    debug2: kex_parse_kexinit:
    aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@xxxxxxxxxxx
    <mailto:aes128-gcm@xxxxxxxxxxx>,aes256-gcm@xxxxxxxxxxx
    <mailto:aes256-gcm@xxxxxxxxxxx>,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@xxxxxxxxxxxxxx
    <mailto:rijndael-cbc@xxxxxxxxxxxxxx>

    debug2: kex_parse_kexinit: hmac-md5-etm@xxxxxxxxxxx
    <mailto:hmac-md5-etm@xxxxxxxxxxx>,hmac-sha1-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-etm@xxxxxxxxxxx>,umac-64-etm@xxxxxxxxxxx
    <mailto:umac-64-etm@xxxxxxxxxxx>,umac-128-etm@xxxxxxxxxxx
    <mailto:umac-128-etm@xxxxxxxxxxx>,hmac-sha2-256-etm@xxxxxxxxxxx
    <mailto:hmac-sha2-256-etm@xxxxxxxxxxx>,hmac-sha2-512-etm@xxxxxxxxxxx
    <mailto:hmac-sha2-512-etm@xxxxxxxxxxx>,hmac-ripemd160-etm@xxxxxxxxxxx
    <mailto:hmac-ripemd160-etm@xxxxxxxxxxx>,hmac-sha1-96-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-96-etm@xxxxxxxxxxx>,hmac-md5-96-etm@xxxxxxxxxxx
    <mailto:hmac-md5-96-etm@xxxxxxxxxxx>,hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx
    <mailto:umac-64@xxxxxxxxxxx>,umac-128@xxxxxxxxxxx
    <mailto:umac-128@xxxxxxxxxxx>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx
    <mailto:hmac-ripemd160@xxxxxxxxxxx>,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5-etm@xxxxxxxxxxx
    <mailto:hmac-md5-etm@xxxxxxxxxxx>,hmac-sha1-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-etm@xxxxxxxxxxx>,umac-64-etm@xxxxxxxxxxx
    <mailto:umac-64-etm@xxxxxxxxxxx>,umac-128-etm@xxxxxxxxxxx
    <mailto:umac-128-etm@xxxxxxxxxxx>,hmac-sha2-256-etm@xxxxxxxxxxx
    <mailto:hmac-sha2-256-etm@xxxxxxxxxxx>,hmac-sha2-512-etm@xxxxxxxxxxx
    <mailto:hmac-sha2-512-etm@xxxxxxxxxxx>,hmac-ripemd160-etm@xxxxxxxxxxx
    <mailto:hmac-ripemd160-etm@xxxxxxxxxxx>,hmac-sha1-96-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-96-etm@xxxxxxxxxxx>,hmac-md5-96-etm@xxxxxxxxxxx
    <mailto:hmac-md5-96-etm@xxxxxxxxxxx>,hmac-md5,hmac-sha1,umac-64@xxxxxxxxxxx
    <mailto:umac-64@xxxxxxxxxxx>,umac-128@xxxxxxxxxxx
    <mailto:umac-128@xxxxxxxxxxx>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx
    <mailto:hmac-ripemd160@xxxxxxxxxxx>,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
    <mailto:zlib@xxxxxxxxxxx>,zlib

    debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
    <mailto:zlib@xxxxxxxxxxx>,zlib

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit: first_kex_follows 0

    debug2: kex_parse_kexinit: reserved 0

    debug2: kex_parse_kexinit: curve25519-sha256@xxxxxxxxxx
    <mailto:curve25519-sha256@xxxxxxxxxx>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

    debug2: kex_parse_kexinit:
    ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519

    debug2: kex_parse_kexinit: chacha20-poly1305@xxxxxxxxxxx
    <mailto:chacha20-poly1305@xxxxxxxxxxx>,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx
    <mailto:aes128-gcm@xxxxxxxxxxx>,aes256-gcm@xxxxxxxxxxx
    <mailto:aes256-gcm@xxxxxxxxxxx>

    debug2: kex_parse_kexinit: chacha20-poly1305@xxxxxxxxxxx
    <mailto:chacha20-poly1305@xxxxxxxxxxx>,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx
    <mailto:aes128-gcm@xxxxxxxxxxx>,aes256-gcm@xxxxxxxxxxx
    <mailto:aes256-gcm@xxxxxxxxxxx>

    debug2: kex_parse_kexinit: umac-64-etm@xxxxxxxxxxx
    <mailto:umac-64-etm@xxxxxxxxxxx>,umac-128-etm@xxxxxxxxxxx
    <mailto:umac-128-etm@xxxxxxxxxxx>,hmac-sha2-256-etm@xxxxxxxxxxx
    <mailto:hmac-sha2-256-etm@xxxxxxxxxxx>,hmac-sha2-512-etm@xxxxxxxxxxx
    <mailto:hmac-sha2-512-etm@xxxxxxxxxxx>,hmac-sha1-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-etm@xxxxxxxxxxx>,umac-64@xxxxxxxxxxx
    <mailto:umac-64@xxxxxxxxxxx>,umac-128@xxxxxxxxxxx
    <mailto:umac-128@xxxxxxxxxxx>,hmac-sha2-256,hmac-sha2-512,hmac-sha1

    debug2: kex_parse_kexinit: umac-64-etm@xxxxxxxxxxx
    <mailto:umac-64-etm@xxxxxxxxxxx>,umac-128-etm@xxxxxxxxxxx
    <mailto:umac-128-etm@xxxxxxxxxxx>,hmac-sha2-256-etm@xxxxxxxxxxx
    <mailto:hmac-sha2-256-etm@xxxxxxxxxxx>,hmac-sha2-512-etm@xxxxxxxxxxx
    <mailto:hmac-sha2-512-etm@xxxxxxxxxxx>,hmac-sha1-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-etm@xxxxxxxxxxx>,umac-64@xxxxxxxxxxx
    <mailto:umac-64@xxxxxxxxxxx>,umac-128@xxxxxxxxxxx
    <mailto:umac-128@xxxxxxxxxxx>,hmac-sha2-256,hmac-sha2-512,hmac-sha1

    debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
    <mailto:zlib@xxxxxxxxxxx>

    debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
    <mailto:zlib@xxxxxxxxxxx>

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit: first_kex_follows 0

    debug2: kex_parse_kexinit: reserved 0

    debug2: mac_setup: found hmac-sha1-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-etm@xxxxxxxxxxx>

    debug1: kex: server->client aes128-ctr hmac-sha1-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-etm@xxxxxxxxxxx> none

    debug2: mac_setup: found hmac-sha1-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-etm@xxxxxxxxxxx>

    debug1: kex: client->server aes128-ctr hmac-sha1-etm@xxxxxxxxxxx
    <mailto:hmac-sha1-etm@xxxxxxxxxxx> none

    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent

    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

    debug2: dh_gen_key: priv key bits set: 163/320

    debug2: bits set: 1029/2048

    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

    debug1: Server host key: RSA
    e1:c5:21:7f:b0:88:7d:9f:b6:e1:de:a4:bc:b5:7a:c0

    debug3: load_hostkeys: loading entries for host "54.200.249.185"
    from file "/Users/nickstanoszek/.ssh/known_hosts"

    debug3: load_hostkeys: found key type RSA in file
    /Users/nickstanoszek/.ssh/known_hosts:55

    debug3: load_hostkeys: loaded 1 keys

    debug1: Host '54.200.249.185' is known and matches the RSA host key.

    debug1: Found key in /Users/nickstanoszek/.ssh/known_hosts:55

    debug2: bits set: 1020/2048

    debug1: ssh_rsa_verify: signature correct

    debug2: kex_derive_keys

    debug2: set_newkeys: mode 1

    debug1: SSH2_MSG_NEWKEYS sent

    debug1: expecting SSH2_MSG_NEWKEYS

    debug2: set_newkeys: mode 0

    debug1: SSH2_MSG_NEWKEYS received

    debug1: Roaming not allowed by server

    debug1: SSH2_MSG_SERVICE_REQUEST sent

    debug2: service_accept: ssh-userauth

    debug1: SSH2_MSG_SERVICE_ACCEPT received

    debug2: key: Payr-SimplicityPOSKey.pem (0x0), explicit

    debug1: Authentications that can continue: publickey

    debug3: start over, passed a different list publickey

    debug3: preferred
    gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password

    debug3: authmethod_lookup publickey

    debug3: remaining preferred: keyboard-interactive,password

    debug3: authmethod_is_enabled publickey

    debug1: Next authentication method: publickey

    debug1: Trying private key: Payr-SimplicityPOSKey.pem

    debug1: read PEM private key done: type RSA

    debug3: sign_and_send_pubkey: RSA
    c6:7b:f7:0f:0e:78:23:83:5a:c8:10:6e:b4:19:f5:97

    debug2: we sent a publickey packet, wait for reply

    debug1: Authentications that can continue: publickey

    debug2: we did not send a packet, disable method

    debug1: No more authentication methods to try.

    Permission denied (publickey).


    On Tue, Jul 28, 2015 at 9:55 PM, Ben Lindstrom
    <mouring@xxxxxxxxxxxxx <mailto:mouring@xxxxxxxxxxxxx>> wrote:


        Sorry that isn't really useful.  You may need to provide the
        ssh -vvv and sshd -ddd outputs on the client and server
        respectively to determine what is going on.

        Normally public key errors means that permissions are wrong
        on the key material or the directory leading to the key
        material in the user's home directory.

        - Ben

        Nick Stanoszek wrote:
        My apologies Darren,

        The error i get is a "PUBLICKEY" error as noted previously.

        Nicks-MacBook-Pro:Downloads$ ssh -i WHATEVERKEY.pem ubuntu@IPADDRESS

        Permission denied (publickey).

        Nicks-MacBook-Pro:Downloads$


        I followed the directions as noted in the previous email to a T.  Just
        copied and pasted---and used v6.9 ssh (which is the latest).  What other
        info do you need?


        Thanks

        Nick




        On Tue, Jul 28, 2015 at 7:19 PM, Darren Tucker<dtucker@xxxxxxxxxx>  <mailto:dtucker@xxxxxxxxxx>  wrote:

        On Wed, Jul 29, 2015 at 12:06 AM, Nick Stanoszek<nstanoszek@xxxxxxxxx>  <mailto:nstanoszek@xxxxxxxxx>
        wrote:

        Hi again,

        I ran the commands exactly.  I see that some keys are not overwritten and
        skipped---but some are still created.

        You may be able to see that, but we can't unless you show us what it said,
        and you didn't.

        I just tried again...and still get an error.
        quoting from my previous response: "Exactly what error?"


        Thoughts to prevent it from overwriting my keys?

        You have not provided sufficient information to do anything more that
        guess, and I've already done that.

        --
        Darren Tucker (dtucker atzip.com.au  <http://zip.com.au>)
        GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
             Good judgement comes with experience. Unfortunately, the experience
        usually comes from bad judgement.

        _______________________________________________
        openssh-unix-dev mailing list
        openssh-unix-dev@xxxxxxxxxxx  <mailto:openssh-unix-dev@xxxxxxxxxxx>
        https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux