[WLUG] remote ssh access problem with gitolite

Carl T. Miller carl at carltm.com
Fri Dec 16 14:46:35 EST 2016 

You could get that error for several reasons.  The
first thing I'd check is the permissions on ~/.ssh
(600) and the key file (600).  Do this for client
and server.

If that doesn't fix it, look at this page.

<http://stackoverflow.com/questions/23392763/aws-ssh-connection-error-permission-denied-publickey>

Good luck!

c


Jim Irrer wrote:
> Hi -
>
> I'm trying to move our gitolite installation, and am having a problem
> getting the remote access via ssh to work.
>
> This was actually working at one point, so there are a lot of things (ssh
> keys) that I believe are set up correctly, but as the ssh log
> below shows, the git server closes the connection, when it should be
> listing the git repositories.
>
> I can't be sure, but it looks like the key exchange is working, and that
> gitolite is shutting down the connection, but its not
> obvious why.
>
> Full disclosure:  The client is Windows running cygwin.  It works on our
> old gitolite installation.
>
> Thanks for any insights - Jim
>
> Jim Irrer     irrer at umich.edu       (734) 647-4409
> University of Michigan Hospital Radiation Oncology
> 519 W. William St.             Ann Arbor, MI 48103
>
>
>
>
> *:ssh -vvv git at git2OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014*
> *debug2: ssh_connect: needpriv 0*
> *debug1: Connecting to git2 [[**redacted server IP address]] port 22.*
> *debug1: Connection established.*
> *debug3: Incorrect RSA1 identifier*
> *debug3: Could not load "/home/irrer/.ssh/id_rsa" as a RSA1 public key*
> *debug1: identity file /home/irrer/.ssh/id_rsa type 1*
> *debug1: identity file /home/irrer/.ssh/id_rsa-cert type -1*
> *debug1: identity file /home/irrer/.ssh/id_dsa type -1*
> *debug1: identity file /home/irrer/.ssh/id_dsa-cert type -1*
> *debug1: identity file /home/irrer/.ssh/id_ecdsa type -1*
> *debug1: identity file /home/irrer/.ssh/id_ecdsa-cert type -1*
> *debug1: identity file /home/irrer/.ssh/id_ed25519 type -1*
> *debug1: identity file /home/irrer/.ssh/id_ed25519-cert type -1*
> *debug1: Enabling compatibility mode for protocol 2.0*
> *debug1: Local version string SSH-2.0-OpenSSH_6.5*
> *debug1: Remote protocol version 2.0, remote software version
> OpenSSH_6.6.1*
> *debug1: match: OpenSSH_6.6.1 pat OpenSSH* compat 0x04000000*
> *debug2: fd 3 setting O_NONBLOCK*
> *debug3: load_hostkeys: loading entries for host "git2" from file
> "/home/irrer/.ssh/known_hosts"*
> *debug3: load_hostkeys: found key type ECDSA in file
> /home/irrer/.ssh/known_hosts:92*
> *debug3: load_hostkeys: loaded 1 keys*
> *debug3: order_hostkeyalgs: prefer hostkeyalgs:
> ecdsa-sha2-nistp256-cert-v01 at openssh.com
> <ecdsa-sha2-nistp256-cert-v01 at openssh.com>,ecdsa-sha2-nistp384-cert-v01 at openssh.com
> <ecdsa-sha2-nistp384-cert-v01 at openssh.com>,ecdsa-sha2-nistp521-cert-v01 at openssh.com
> <ecdsa-sha2-nistp521-cert-v01 at openssh.com>,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521*
> *debug1: SSH2_MSG_KEXINIT sent*
> *debug1: SSH2_MSG_KEXINIT received*
> *debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org
> <curve25519-sha256 at libssh.org>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1*
> *debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com
> <ecdsa-sha2-nistp256-cert-v01 at openssh.com>,ecdsa-sha2-nistp384-cert-v01 at openssh.com
> <ecdsa-sha2-nistp384-cert-v01 at openssh.com>,ecdsa-sha2-nistp521-cert-v01 at openssh.com
> <ecdsa-sha2-nistp521-cert-v01 at openssh.com>,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01 at openssh.com
> <ssh-ed25519-cert-v01 at openssh.com>,ssh-rsa-cert-v01 at openssh.com
> <ssh-rsa-cert-v01 at openssh.com>,ssh-dss-cert-v01 at openssh.com
> <ssh-dss-cert-v01 at openssh.com>,ssh-rsa-cert-v00 at openssh.com
> <ssh-rsa-cert-v00 at openssh.com>,ssh-dss-cert-v00 at openssh.com
> <ssh-dss-cert-v00 at openssh.com>,ssh-ed25519,ssh-rsa,ssh-dss*
> *debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com
> <aes128-gcm at openssh.com>,aes256-gcm at openssh.com
> <aes256-gcm at openssh.com>,chacha20-poly1305 at openssh.com
> <chacha20-poly1305 at openssh.com>,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> <rijndael-cbc at lysator.liu.se>*
> *debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com
> <aes128-gcm at openssh.com>,aes256-gcm at openssh.com
> <aes256-gcm at openssh.com>,chacha20-poly1305 at openssh.com
> <chacha20-poly1305 at openssh.com>,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> <rijndael-cbc at lysator.liu.se>*
> *debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com
> <hmac-md5-etm at openssh.com>,hmac-sha1-etm at openssh.com
> <hmac-sha1-etm at openssh.com>,umac-64-etm at openssh.com
> <umac-64-etm at openssh.com>,umac-128-etm at openssh.com
> <umac-128-etm at openssh.com>,hmac-sha2-256-etm at openssh.com
> <hmac-sha2-256-etm at openssh.com>,hmac-sha2-512-etm at openssh.com
> <hmac-sha2-512-etm at openssh.com>,hmac-ripemd160-etm at openssh.com
> <hmac-ripemd160-etm at openssh.com>,hmac-sha1-96-etm at openssh.com
> <hmac-sha1-96-etm at openssh.com>,hmac-md5-96-etm at openssh.com
> <hmac-md5-96-etm at openssh.com>,hmac-md5,hmac-sha1,umac-64 at openssh.com
> <umac-64 at openssh.com>,umac-128 at openssh.com
> <umac-128 at openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com
> <hmac-ripemd160 at openssh.com>,hmac-sha1-96,hmac-md5-96*
> *debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com
> <hmac-md5-etm at openssh.com>,hmac-sha1-etm at openssh.com
> <hmac-sha1-etm at openssh.com>,umac-64-etm at openssh.com
> <umac-64-etm at openssh.com>,umac-128-etm at openssh.com
> <umac-128-etm at openssh.com>,hmac-sha2-256-etm at openssh.com
> <hmac-sha2-256-etm at openssh.com>,hmac-sha2-512-etm at openssh.com
> <hmac-sha2-512-etm at openssh.com>,hmac-ripemd160-etm at openssh.com
> <hmac-ripemd160-etm at openssh.com>,hmac-sha1-96-etm at openssh.com
> <hmac-sha1-96-etm at openssh.com>,hmac-md5-96-etm at openssh.com
> <hmac-md5-96-etm at openssh.com>,hmac-md5,hmac-sha1,umac-64 at openssh.com
> <umac-64 at openssh.com>,umac-128 at openssh.com
> <umac-128 at openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com
> <hmac-ripemd160 at openssh.com>,hmac-sha1-96,hmac-md5-96*
> *debug2: kex_parse_kexinit: none,zlib at openssh.com <zlib at openssh.com>,zlib*
> *debug2: kex_parse_kexinit: none,zlib at openssh.com <zlib at openssh.com>,zlib*
> *debug2: kex_parse_kexinit: *
> *debug2: kex_parse_kexinit: *
> *debug2: kex_parse_kexinit: first_kex_follows 0 *
> *debug2: kex_parse_kexinit: reserved 0 *
> *debug2: kex_parse_kexinit:
> ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1*
> *debug2: kex_parse_kexinit:
> ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519*
> *debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com
> <aes128-gcm at openssh.com>,aes256-gcm at openssh.com
> <aes256-gcm at openssh.com>,chacha20-poly1305 at openssh.com
> <chacha20-poly1305 at openssh.com>,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> <rijndael-cbc at lysator.liu.se>*
> *debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com
> <aes128-gcm at openssh.com>,aes256-gcm at openssh.com
> <aes256-gcm at openssh.com>,chacha20-poly1305 at openssh.com
> <chacha20-poly1305 at openssh.com>,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> <rijndael-cbc at lysator.liu.se>*
> *debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com
> <hmac-md5-etm at openssh.com>,hmac-sha1-etm at openssh.com
> <hmac-sha1-etm at openssh.com>,umac-64-etm at openssh.com
> <umac-64-etm at openssh.com>,umac-128-etm at openssh.com
> <umac-128-etm at openssh.com>,hmac-sha2-256-etm at openssh.com
> <hmac-sha2-256-etm at openssh.com>,hmac-sha2-512-etm at openssh.com
> <hmac-sha2-512-etm at openssh.com>,hmac-ripemd160-etm at openssh.com
> <hmac-ripemd160-etm at openssh.com>,hmac-sha1-96-etm at openssh.com
> <hmac-sha1-96-etm at openssh.com>,hmac-md5-96-etm at openssh.com
> <hmac-md5-96-etm at openssh.com>,hmac-md5,hmac-sha1,umac-64 at openssh.com
> <umac-64 at openssh.com>,umac-128 at openssh.com
> <umac-128 at openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com
> <hmac-ripemd160 at openssh.com>,hmac-sha1-96,hmac-md5-96*
> *debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com
> <hmac-md5-etm at openssh.com>,hmac-sha1-etm at openssh.com
> <hmac-sha1-etm at openssh.com>,umac-64-etm at openssh.com
> <umac-64-etm at openssh.com>,umac-128-etm at openssh.com
> <umac-128-etm at openssh.com>,hmac-sha2-256-etm at openssh.com
> <hmac-sha2-256-etm at openssh.com>,hmac-sha2-512-etm at openssh.com
> <hmac-sha2-512-etm at openssh.com>,hmac-ripemd160-etm at openssh.com
> <hmac-ripemd160-etm at openssh.com>,hmac-sha1-96-etm at openssh.com
> <hmac-sha1-96-etm at openssh.com>,hmac-md5-96-etm at openssh.com
> <hmac-md5-96-etm at openssh.com>,hmac-md5,hmac-sha1,umac-64 at openssh.com
> <umac-64 at openssh.com>,umac-128 at openssh.com
> <umac-128 at openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com
> <hmac-ripemd160 at openssh.com>,hmac-sha1-96,hmac-md5-96*
> *debug2: kex_parse_kexinit: none,zlib at openssh.com <zlib at openssh.com>*
> *debug2: kex_parse_kexinit: none,zlib at openssh.com <zlib at openssh.com>*
> *debug2: kex_parse_kexinit: *
> *debug2: kex_parse_kexinit: *
> *debug2: kex_parse_kexinit: first_kex_follows 0 *
> *debug2: kex_parse_kexinit: reserved 0 *
> *debug2: mac_setup: found hmac-md5-etm at openssh.com
> <hmac-md5-etm at openssh.com>*
> *debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com
> <hmac-md5-etm at openssh.com> none*
> *debug2: mac_setup: found hmac-md5-etm at openssh.com
> <hmac-md5-etm at openssh.com>*
> *debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com
> <hmac-md5-etm at openssh.com> none*
> *debug1: sending SSH2_MSG_KEX_ECDH_INIT*
> *debug1: expecting SSH2_MSG_KEX_ECDH_REPLY*
> *debug1: Server host key: ECDSA
> e4:23:6e:5e:df:55:60:13:67:fc:76:bf:89:a0:e8:be*
> *debug3: load_hostkeys: loading entries for host "git2" from file
> "/home/irrer/.ssh/known_hosts"*
> *debug3: load_hostkeys: found key type ECDSA in file
> /home/irrer/.ssh/known_hosts:92*
> *debug3: load_hostkeys: loaded 1 keys*
> *debug3: load_hostkeys: loading entries for host "**[redacted server IP
> address]" from file "/home/irrer/.ssh/known_hosts"*
> *debug3: load_hostkeys: found key type ECDSA in file
> /home/irrer/.ssh/known_hosts:92*
> *debug3: load_hostkeys: loaded 1 keys*
> *debug1: Host 'git2' is known and matches the ECDSA host key.*
> *debug1: Found key in /home/irrer/.ssh/known_hosts:92*
> *debug1: ssh_ecdsa_verify: signature correct*
> *debug2: kex_derive_keys*
> *debug2: set_newkeys: mode 1*
> *debug1: SSH2_MSG_NEWKEYS sent*
> *debug1: expecting SSH2_MSG_NEWKEYS*
> *debug2: set_newkeys: mode 0*
> *debug1: SSH2_MSG_NEWKEYS received*
> *debug1: Roaming not allowed by server*
> *debug1: SSH2_MSG_SERVICE_REQUEST sent*
> *debug2: service_accept: ssh-userauth*
> *debug1: SSH2_MSG_SERVICE_ACCEPT received*
> *debug2: key: /home/irrer/.ssh/id_rsa (0x80061df0),*
> *debug2: key: /home/irrer/.ssh/id_dsa (0x0),*
> *debug2: key: /home/irrer/.ssh/id_ecdsa (0x0),*
> *debug2: key: /home/irrer/.ssh/id_ed25519 (0x0),*
> *debug1: Authentications that can continue:
> publickey,password,keyboard-interactive,hostbased*
> *debug3: start over, passed a different list
> publickey,password,keyboard-interactive,hostbased*
> *debug3: preferred publickey,keyboard-interactive,password*
> *debug3: authmethod_lookup publickey*
> *debug3: remaining preferred: keyboard-interactive,password*
> *debug3: authmethod_is_enabled publickey*
> *debug1: Next authentication method: publickey*
> *debug1: Offering RSA public key: /home/irrer/.ssh/id_rsa*
> *debug3: send_pubkey_test*
> *debug2: we sent a publickey packet, wait for reply*
> *debug1: Server accepts key: pkalg ssh-rsa blen 279*
> *debug2: input_userauth_pk_ok: fp
> 4c:08:22:1b:d2:36:de:f2:79:20:03:37:0a:de:0d:6c*
> *debug3: sign_and_send_pubkey: RSA
> 4c:08:22:1b:d2:36:de:f2:79:20:03:37:0a:de:0d:6c*
> *debug1: key_parse_private2: missing begin marker*
> *debug1: read PEM private key done: type RSA*
> *Connection closed by [redacted server IP address]*
> ______________________________________________________
> washlug mailing list    washlug web site
> washlug at washlug.org     www.washlug.org
> http://linux.marcdatabase.com/mailman/listinfo/washlug
>

More information about the washlug mailing list