CoreOS SSH client asking for passphrase. No passphrase on key.

[Daniel Case]

Hi All,

I've pushed an SSH key and config for root using cloud-config (in the userdata on EC2) - but the key is asking for a passphrase when I try to ssh to my git repository using it. I've just generated it and it doesn't have a passphrase. I can try it from any other server and it'll work fine. I can also download to my local machine and import it into Puttygen. I can then export it and login just fine without a private key.

This is one of my traditional datacenter servers:

root@kvp-image01:~/.ssh#ssh g...@git.monotoko.net -i ./git

PTY allocation request failed on channel 0

Welcome to GitLab, Administrator!

Connection to git.monotoko.net closed.

root@kvp-image01:~/.ssh#head -2 ./git

-----BEGIN RSA PRIVATE KEY-----

MIIJKQIBAAKCAgEAuH/1Tz0DPSIfU8JAQU/DYOQZZfrbtQSeOiR8Nt9UJbR3HpIY

This is from the CoreOS instance I've just brought up. Any ideas why the coreos instance would be asking for a passphrase? I've had a glance through the SSH config but haven't seen anything that would suggest why this is the case.

ip-172-31-38-173 .ssh # ssh g...@git.monotoko.net -i ./git

Enter passphrase for key './git':

ip-172-31-38-173 .ssh # head -2 ./git

-----BEGIN RSA PRIVATE KEY-----

MIIJKQIBAAKCAgEAuH/1Tz0DPSIfU8JAQU/DYOQZZfrbtQSeOiR8Nt9UJbR3HpIY

ip-172-31-38-173 .ssh # ssh g...@git.monotoko.net -i ./git -v

OpenSSH_6.7p1, OpenSSL 1.0.1o 12 Jun 2015

debug1: Reading configuration data /root/.ssh/config

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Connecting to git.monotoko.net [149.202.136.92] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug1: key_load_public: No such file or directory

debug1: identity file ./git type -1

debug1: key_load_public: No such file or directory

debug1: identity file ./git-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /root/.ssh/monotoko.key type -1

debug1: key_load_public: No such file or directory

debug1: identity file /root/.ssh/monotoko.key-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.7

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5

debug1: match: OpenSSH_6.7p1 Debian-5 pat OpenSSH* compat 0x04000000

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr umac-...@openssh.com none

debug1: kex: client->server aes128-ctr umac-...@openssh.com none

debug1: sending SSH2_MSG_KEX_ECDH_INIT

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ED25519 6e:30:be:e4:25:00:ac:9b:23:ba:8b:45:53:17:59:3e

debug1: Host 'git.monotoko.net' is known and matches the ED25519 host key.

debug1: Found key in /root/.ssh/known_hosts:1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: ./git

debug1: key_load_private_type: incorrect passphrase supplied to decrypt private key

Enter passphrase for key './git':

[Daniel Case]

Please note where it says "I can also download to my local machine and import it into Puttygen. I can then export it and login just fine without a private key." I meant passphrase, not private key :)

[Brandon Philips]

Can you run with -v on the kvp-image01 host? Perhaps it is using a passphrase cached in an ssh-agent and you don't realize it?

Thanks!

Brandon

--
You received this message because you are subscribed to the Google Groups "CoreOS User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coreos-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.