PEM_read_PrivateKey failed
Vit
me for some time but suddenly I've started getting "PEM_read_PrivateKey
failed" message:
18223: debug1: try privkey: /root/.ssh/identity
18223: debug1: PEM_read_PrivateKey failed
I've copied /root/.ssh/identity to anothe box and passwordless ssh
worked flawlessly. I've also regenerated passwordless keys on my
original box but it did not help. So I'm quite sure that the problem is
not releated to the key itself.
What other reasons can lead to failure in reading private key?
Below is the full session log:
[Mon Mar 27 23:11:41] root@iceweasel:~ # ssh -v r...@149.131.196.116
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
18223: debug1: Reading configuration data /etc/ssh/ssh_config
18223: debug1: Applying options for *
18223: debug1: Rhosts Authentication disabled, originating port will
not be trusted.
18223: debug1: ssh_connect: needpriv 0
18223: debug1: Connecting to 149.131.196.116 [149.131.196.116] port 22.
18223: debug1: Connection established.
18223: debug1: identity file /root/.ssh/identity type -1
18223: debug1: identity file /root/.ssh/id_rsa type 1
18223: debug1: identity file /root/.ssh/id_dsa type -1
18223: debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.4p1
18223: debug1: match: OpenSSH_3.4p1 pat OpenSSH*
18223: Enabling compatibility mode for protocol 2.0
18223: debug1: Local version string SSH-2.0-OpenSSH_3.4p1
18223: debug1: SSH2_MSG_KEXINIT sent
18223: debug1: SSH2_MSG_KEXINIT received
18223: debug1: kex: server->client aes128-cbc hmac-md5 none
18223: debug1: kex: client->server aes128-cbc hmac-md5 none
18223: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
18223: debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
18223: debug1: dh_gen_key: priv key bits set: 129/256
18223: debug1: bits set: 1599/3191
18223: debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
18223: debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
18223: debug1: Host '149.131.196.116' is known and matches the RSA host
key.
18223: debug1: Found key in /root/.ssh/known_hosts:1
18223: debug1: bits set: 1579/3191
18223: debug1: ssh_rsa_verify: signature correct
18223: debug1: kex_derive_keys
18223: debug1: newkeys: mode 1
18223: debug1: SSH2_MSG_NEWKEYS sent
18223: debug1: waiting for SSH2_MSG_NEWKEYS
18223: debug1: newkeys: mode 0
18223: debug1: SSH2_MSG_NEWKEYS received
18223: debug1: done: ssh_kex2.
18223: debug1: send SSH2_MSG_SERVICE_REQUEST
18223: debug1: service_accept: ssh-userauth
18223: debug1: got SSH2_MSG_SERVICE_ACCEPT
18223: debug1: authentications that can continue: publickey,password
18223: debug1: next auth method to try is publickey
18223: debug1: try privkey: /root/.ssh/identity
18223: debug1: PEM_read_PrivateKey failed
18223: debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/root/.ssh/identity':
Thank you,
Vitali
Chuck
>
> What other reasons can lead to failure in reading private key?
File permissions?
Vit
permissions are too open:
Sun Apr 02 14:01:28] root@catc0:~/.ssh # ls -lrt identity; ssh
9.148.41.60
-rw-rw-rw- 1 root root 887 Apr 1 21:37 identity
12610: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
12610: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
12610: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
12610: Permissions 0666 for '/root/.ssh/identity' are too open.
12610: It is recommended that your private key files are NOT accessible
by others.
12610: This private key will be ignored.
12610: bad permissions: ignore key: /root/.ssh/identity
Enter passphrase for key '/root/.ssh/identity':
In my case it's something more tricky. And I cannot figure out what it
is.
Richard E. Silverman
> debug1: try pubkey: /<path_to_home_dir>/.ssh/id_dsa
> debug1: input_userauth_pk_ok: pkalg ssh-dss blen 433 lastkey 20035b38 hint 2
> debug1: PEM_read_PrivateKey failed
This is not an error. OpenSSH first tries to read the private key with a
no encryption. That fails, so it prompts for a passphrase.
--
Richard Silverman
r...@qoxp.net
Vit
me for some time but suddenly I've started getting "PEM_read_PrivateKey
failed" message:
18223: debug1: try privkey: /root/.ssh/identity
18223: debug1: PEM_read_PrivateKey failed
I've copied /root/.ssh/identity to anothe box and passwordless ssh
worked flawlessly. I've also regenerated passwordless keys on my
original box but it did not help. So I'm quite sure that the problem is
not releated to the key itself.
What other reasons can lead to failure in reading private key?
Below is the full session log:
18223: debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/root/.ssh/identity':
Thank you,
Vitali
Darren Tucker
> I have two linux boxes with passwordless SSH key setup. It worked for
> me for some time but suddenly I've started getting "PEM_read_PrivateKey
> failed" message:
> 18223: debug1: try privkey: /root/.ssh/identity
> 18223: debug1: PEM_read_PrivateKey failed
>
> I've copied /root/.ssh/identity to anothe box and passwordless ssh
> worked flawlessly. I've also regenerated passwordless keys on my
> original box but it did not help. So I'm quite sure that the problem is
> not releated to the key itself.
"identity" is (usually) a SSHv1 key, however...
> 18223: Enabling compatibility mode for protocol 2.0
You're making an sshv2 connection.
> 18223: debug1: try privkey: /root/.ssh/identity
> 18223: debug1: PEM_read_PrivateKey failed
> 18223: debug1: read PEM private key done: type <unknown>
> Enter passphrase for key '/root/.ssh/identity':
I'm not sure why ssh is prompting for a passphrase here.
Check the file formats of your keys. They should be similar to:
$ head -1 identity
SSH PRIVATE KEY FILE FORMAT 1.1
$ head -2 id_rsa
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.