If using identity, always prompted for passphrase, but passphrase doesn't work

[Bud Spencer]

Hi,

I've been trying to connect to my Compute Engine, which needs publickey authentication, however without success. I've pinned down the problem to the following symptoms using a different non-GCE OpenSSH server. When using any imported publickey identity, I am asked for a passphrase (independent of whether the private key is encrypted or not). When using a key with a passphrase and I type  the correct passphrase, it asks me again for a passphrase (3 times or until I press enter). When using a key without a passphrase, I'm asked for a passphrase and when I type enter, it continues with password authentication.

When I use the same keys (passphrase, non-passphrase) on my server with 'ssh -i blah localhost', it works using the local openssh ssh client.

I've imported the keys by saving the private and public key to two Google documents and then downloading the txts. I've verified using file:// that the txts looks well formatted. The imported keys show nicely in the UI. When using password authentication on my OpenSSH server it works well. Unfortunately, password authentication doesn't fly for GCE

Is there a way to get more debug messages with a ssh option or using the javascript console?

Is there a command to inspect the current keys in the HTML5 filesystem?

Thank you in advance for any help and pointers,

Bud

Welcome to Secure Shell version 0.8.27.

Answers to Frequently Asked Questions: http://goo.gl/TK7876

Connecting to b...@x.x.x.x...

Loading NaCl plugin... done.

Enter passphrase for key '/.ssh/buddy': # no passphrase in this key, pressing enter

Password: # correct password

Last login: Sat Jul 26 09:57:02 2014 from localhost

bud:~ bud$ 

[Bud Spencer]

Are keypairs without a passphrase unsupported?

debug1: Found key in /.ssh/known_hosts:2

debug2: bits set: 524/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /.ssh/buddy_nokey (0x0)

debug1: Authentications that can continue: publickey,keyboard-interactive

debug3: start over, passed a different list publickey,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /.ssh/buddy_nokey

debug1: key_parse_private_pem: PEM_read_PrivateKey failed

debug1: read PEM private key done: type <unknown>

Enter passphrase for key '/.ssh/buddy_nokey': 

debug2: no passphrase given, try next key

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password:

[Bud Spencer]

Something seems to be wrong. I've typed in the correct passphrase but ssh won't take it. I've previously deleted some keys, maybe the storage is mixed up. I'll delete the App's data.

debug1: Next authentication method: publickey

debug1: Trying private key: /.ssh/buddy_key

debug1: key_parse_private_pem: PEM_read_PrivateKey failed

debug1: read PEM private key done: type <unknown>

Enter passphrase for key '/.ssh/buddy_key':  // correct passphrase

debug1: key_parse_private_pem: PEM_read_PrivateKey failed

debug1: read PEM private key done: type <unknown>

debug2: bad passphrase given, try again...

Enter passphrase for key '/.ssh/buddy_key': // correct again

debug1: key_parse_private_pem: PEM_read_PrivateKey failed

debug1: read PEM private key done: type <unknown>

debug2: bad passphrase given, try again...

Enter passphrase for key '/.ssh/buddy_key':  // just enter

[Bud Spencer]

Still no luck. I've also verified that the .pub file contains the public key. JS console also doesn't throw any errors:

Imported: /.ssh/buddy_nokey.pub: [object ProgressEvent]

Imported: /.ssh/buddy_nokey: [object ProgressEvent]

[Bud Spencer]

well, doh. Google Docs adds a UTF-8 BOM and \r\n which apparently breaks ssh's key parser. If you download the key from a gist for example, you can store in plain old ascii and it's usable within hterm.