[ssh_x509] Even after the Certificates are setup in Server and client, ssh prompts for password!!!

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Jun 3 23:44:11 EEST 2019


Hello Srini,


I'm back online after holidays.


ssh_x509 at roumenpetrov.info wrote:
[SNIP]
> Trying private key: /usr/local/etc/ssh_hostkey
> *debug2: we sent a publickey packet, wait for reply*
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> Trying private key: /usr/local/etc/id_ed25519
[NIP]
> Server logs:
> ---------------
[SNIP]
> *debug1: trying public key file /root/.ssh/authorized_keys

There is no match between identity send by client and records in 
/root/.ssh/authorized_keys
Please check content of file.

[SNIP]

> debug1: restore_uid: 0/0debug3:
> mm_answer_keyallowed: publickey authentication: ECDSA+cert key is not
> allowed

As result identity is no accepted .


> Failed publickey for root from 192.168.6.197 port 42690 ssh2:
> ECDSA+cert SHA256:woUs+eq/xFIs9s38IHC72wEWUA9kVg8xuGe9hOEvUr4*
[SNIP]


For instance for EC test certificates ~/.ssh/authorized_keys looks like 
(3 lines):
======
x509v3-ecdsa-sha2-nistp256 Subject: emailAddress=email at not.set,CN=SSH 
ECDSA(nistp256) test certificate(rsa_sha1),OU=SSH Testers 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω-3,OU=SSH Testers 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω-1,OU=SSH Testers 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω-2,O=SSH Test Team 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω,ST=World,C=XX
x509v3-ecdsa-sha2-nistp384 Subject: emailAddress=email at not.set,CN=SSH 
ECDSA(nistp384) test certificate(rsa_sha1),OU=SSH Testers 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω-3,OU=SSH Testers 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω-1,OU=SSH Testers 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω-2,O=SSH Test Team 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω,ST=World,C=XX
x509v3-ecdsa-sha2-nistp521 Subject: emailAddress=email at not.set,CN=SSH 
ECDSA(nistp521) test certificate(rsa_sha1),OU=SSH Testers 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω-3,OU=SSH Testers 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω-1,OU=SSH Testers 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω-2,O=SSH Test Team 
cyrillic-АБВ-Яабв-я greek-ΑΒΓ-Ωαβγ-ω,ST=World,C=XX

======
Note that email programs may split lines

Regard,
Roumen Petrov




More information about the ssh_x509 mailing list