Error while SSH(ing)

Stifan Kristi sugizo at japan.com
Thu Jan 14 17:30:09 UTC 2010 

Anthony Gardner wrote:
> I'm not sure what you're suggesting that but it didn't work. Could you 
> explain?
>
> Anyway, I've enclosed the verbose output if anyone is interested.
>
> $ ssh -vvv -p 22000 remote_user at SomeIpAddress
> OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007
> debug1: Reading configuration data /home/ants/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to SomeIpAddress [SomeIpAddress] port 22000.
> debug1: Connection established.
> debug1: identity file /home/ants/.ssh/identity type -1
> debug3: Not a RSA1 key file /home/ants/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug2: key_type_from_name: unknown key type 'Proc-Type:'
> debug3: key_read: missing keytype
> debug2: key_type_from_name: unknown key type 'DEK-Info:'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> ....
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /home/ants/.ssh/id_rsa type 1
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: identity file /home/ants/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version 
> OpenSSH_5.1p1 Debian-6ubuntu2
> debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2
> debug2: fd 3 setting O_NONBLOCK
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: 
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se 
> <mailto:rijndael-cbc at lysator.liu.se>,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se 
> <mailto:rijndael-cbc at lysator.liu.se>,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com 
> <mailto:umac-64 at openssh.com>,hmac-ripemd160,hmac-ripemd160 at openssh.com 
> <mailto:hmac-ripemd160 at openssh.com>,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com 
> <mailto:umac-64 at openssh.com>,hmac-ripemd160,hmac-ripemd160 at openssh.com 
> <mailto:hmac-ripemd160 at openssh.com>,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com 
> <mailto:zlib at openssh.com>,zlib
> debug2: kex_parse_kexinit: none,zlib at openssh.com 
> <mailto:zlib at openssh.com>,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: 
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se 
> <mailto:rijndael-cbc at lysator.liu.se>,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se 
> <mailto:rijndael-cbc at lysator.liu.se>,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com 
> <mailto:umac-64 at openssh.com>,hmac-ripemd160,hmac-ripemd160 at openssh.com 
> <mailto:hmac-ripemd160 at openssh.com>,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com 
> <mailto:umac-64 at openssh.com>,hmac-ripemd160,hmac-ripemd160 at openssh.com 
> <mailto:hmac-ripemd160 at openssh.com>,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com <mailto:zlib at openssh.com>
> debug2: kex_parse_kexinit: none,zlib at openssh.com <mailto:zlib at openssh.com>
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_setup: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_setup: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 126/256
> debug2: bits set: 512/1024
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: put_host_port: [SomeIpAddress]:22000
> debug3: put_host_port: [SomeIpAddress]:22000
> debug3: check_host_in_hostfile: filename /home/ants/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 12
> debug3: check_host_in_hostfile: filename /home/ants/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 12
> debug1: Host '[SomeIpAddress]:22000' is known and matches the RSA host 
> key.
> debug1: Found key in /home/ants/.ssh/known_hosts:12
> debug2: bits set: 513/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /home/ants/.ssh/id_rsa (0x1713a70)
> debug2: key: /home/ants/.ssh/identity ((nil))
> debug2: key: /home/ants/.ssh/id_dsa ((nil))
> debug1: Authentications that can continue: publickey
> debug3: start over, passed a different list publickey
> debug3: preferred 
> gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/ants/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey
> debug1: Trying private key: /home/ants/.ssh/identity
> debug3: no such identity: /home/ants/.ssh/identity
> debug1: Trying private key: /home/ants/.ssh/id_dsa
> debug3: no such identity: /home/ants/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug1: No more authentication methods to try.
> Permission denied (publickey).
>
> 2010/1/13 born <linuxbqj at gmail.com <mailto:linuxbqj at gmail.com>>
>
>     try rename this file
>     mv /etc/ssl/certs/ca-certificates.crt
>     /etc/ssl/certs/ca-certificates.crt.bak
>
>     and have a try
>
>
>
>
>
>     2010/1/13 Anthony Gardner <antsmailinglist at gmail.com
>     <mailto:antsmailinglist at gmail.com>>
>
>         I received the following while trying to SSH onto a machine I
>         haven't accessed for a while.
>
>         the key on the remote machine is good and a friend is able to
>         connect using Putty.
>
>         Both the remote machine and mine are 9.10 and have the latest
>         updates.
>
>         Does anyone have a clue? I have googled and this is the only
>         real info I've found
>         (http://ubuntuforums.org/showthread.php?t=1323517) He talks
>         about libpam-unix2 being the culprit but as far as I can
>         investigate, I don't have that package installed. I can't
>         check the remote machine to see if it has it installed.
>
>         Jan 11 23:01:35 ants gnome-keyring-daemon[1542]: unsupported
>         key algorithm in certificate: 1.2.840.10045.2.1
>         Jan 11 23:01:35 ants gnome-keyring-daemon[1542]: invalid
>         subject public-key info
>         Jan 11 23:01:35 ants gnome-keyring-daemon[1542]: couldn't
>         parse certificate key data
>         Jan 11 23:01:35 ants gnome-keyring-daemon[1542]: couldn't
>         parse certificate(s):
>         /etc/ssl/certs/COMODO_ECC_Certification_Authority.pem
>         Jan 11 23:01:35 ants gnome-keyring-daemon[1542]: couldn't
>         parse certificate data
>         Jan 11 23:01:35 ants gnome-keyring-daemon[1542]: couldn't
>         parse certificate(s):
>         /etc/ssl/certs/COMODO_ECC_Certification_Authority.pem
>         Jan 11 23:01:36 ants gnome-keyring-daemon[1542]: unsupported
>         key algorithm in certificate: 1.2.840.10045.2.1
>         Jan 11 23:01:36 ants gnome-keyring-daemon[1542]: invalid
>         subject public-key info
>         Jan 11 23:01:36 ants gnome-keyring-daemon[1542]: couldn't
>         parse certificate key data
>         Jan 11 23:01:36 ants gnome-keyring-daemon[1542]: couldn't
>         parse certificate(s): /etc/ssl/certs/ca-certificates.crt
>
>         CIA
>
>         -Ants
>
>         -- 
>         100% naturally selected. 0% designed.
>
>         --
>         ubuntu-users mailing list
>         ubuntu-users at lists.ubuntu.com
>         <mailto:ubuntu-users at lists.ubuntu.com>
>         Modify settings or unsubscribe at:
>         https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
>
>     --
>     ubuntu-users mailing list
>     ubuntu-users at lists.ubuntu.com <mailto:ubuntu-users at lists.ubuntu.com>
>     Modify settings or unsubscribe at:
>     https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
>
>
> -- 
> 100% naturally selected. 0% designed.
please try removing openssh server with :
sudo apt-get remove openssh-server

and then please reboot your machine

and then reinstall openssh server with
sudo apt-get install openssh-server

please disable your firewall (ufw, apparmor, shorewall, etc) and ensure 
your network is active..

please let me know if u meet problem anymore.
have a great day...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20100115/86b23824/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sugizo.vcf
Type: text/x-vcard
Size: 204 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20100115/86b23824/attachment.vcf>

More information about the ubuntu-users mailing list