Can't authenticate with any new public keys
623 views
Skip to first unread message
David McMurray
Sep 1, 2013, 8:44:20 PM9/1/13
to connectb...@googlegroups.com
I've been using ConnectBot for some time with one Amazon AWS account. I imported the .pem file, let's call it first.pem, and I've had no trouble connecting to the server with that key.
I wanted to add hosts from another Amazon AWS account that uses a different key file, let's call it second.pem, and I can't get any host to even try second.pem, all hosts are only trying first.pem.
The first host connection is set to use any unlocked key, but even when I set the second host connection to use second.pem specifically it's still trying first.pem. Also both of these keys have the red 'locked' padlock next to them but I've also tried all combinations of locked and unlocked, and I've tried loading second.pem into memory as well (which I gather is the same as unlocking it since choosing to load the key into memory turns the red locked padlock to a green unlocked one).
I then tried deleting the first.pem key, but the first host connection still logs in as normal with first.pem and the second host connection still fails while trying to use first.pem instead of second.pem.
Here's the output when connecting to the second host...
Connecting to <IP> via ssh
The authenticity of host '<IP>' can't be established.
Host RSA key fingerprint is <fingerprint>
Using algorithm: aes256-ctr hmac-sha1-96
Trying to authenticate
Attempting 'publickey' authentication with any in-memory public keys
Authentication method 'publickey' with key 'first.pem' failed
Trying to authenticate
[Your host doesn't support 'password' or 'keyboard-interactive' authentication.]
Trying to authenticate
[Your host doesn't support 'password' or 'keyboard-interactive' authentication.]
Trying to authenticate
[Your host doesn't support 'password' or 'keyboard-interactive' authentication.]
...and so on
Where am I going wrong here? How do I get the second host connection to use the public key I'm selecting when editing the host settings?
I wanted to add hosts from another Amazon AWS account that uses a different key file, let's call it second.pem, and I can't get any host to even try second.pem, all hosts are only trying first.pem.
The first host connection is set to use any unlocked key, but even when I set the second host connection to use second.pem specifically it's still trying first.pem. Also both of these keys have the red 'locked' padlock next to them but I've also tried all combinations of locked and unlocked, and I've tried loading second.pem into memory as well (which I gather is the same as unlocking it since choosing to load the key into memory turns the red locked padlock to a green unlocked one).
I then tried deleting the first.pem key, but the first host connection still logs in as normal with first.pem and the second host connection still fails while trying to use first.pem instead of second.pem.
Here's the output when connecting to the second host...
Connecting to <IP> via ssh
The authenticity of host '<IP>' can't be established.
Host RSA key fingerprint is <fingerprint>
Using algorithm: aes256-ctr hmac-sha1-96
Trying to authenticate
Attempting 'publickey' authentication with any in-memory public keys
Authentication method 'publickey' with key 'first.pem' failed
Trying to authenticate
[Your host doesn't support 'password' or 'keyboard-interactive' authentication.]
Trying to authenticate
[Your host doesn't support 'password' or 'keyboard-interactive' authentication.]
Trying to authenticate
[Your host doesn't support 'password' or 'keyboard-interactive' authentication.]
...and so on
Where am I going wrong here? How do I get the second host connection to use the public key I'm selecting when editing the host settings?
Karl Pearson
Sep 1, 2013, 11:28:13 PM9/1/13
to connectb...@googlegroups.com
Maybe I'm somewhat naive, but I only ever use the first key, and edit
.ssh/authorized_keys(2) and add the key from my phone/table there, and
do that on each system to which I must access.
But, your situation does seem to be uniquely different from mine. I
don't use AmazonAWS. I have my own server farm and host all my own
things.
Sorry to not be very helpful...
Karl
---
Karl L. Pearson | ka...@ourldsfamily.com | Owner/Admin:
OurLDSFamily.com | LDSMissionaryMoms.com | LDSMilitaryMoms.com
Support for any service we offer: Support.OurLDSFamily.com
My "Mormon.org" profile: http://mormon.org/me/1GCM
---
.ssh/authorized_keys(2) and add the key from my phone/table there, and
do that on each system to which I must access.
But, your situation does seem to be uniquely different from mine. I
don't use AmazonAWS. I have my own server farm and host all my own
things.
Sorry to not be very helpful...
Karl
---
Karl L. Pearson | ka...@ourldsfamily.com | Owner/Admin:
OurLDSFamily.com | LDSMissionaryMoms.com | LDSMilitaryMoms.com
Support for any service we offer: Support.OurLDSFamily.com
My "Mormon.org" profile: http://mormon.org/me/1GCM
---
Shai Ayal
Sep 2, 2013, 12:45:21 PM9/2/13
to connectb...@googlegroups.com
Works for me:
I long press host1 in the hosts list , and choose the specific key, key1 in the "Use pubkey authentication" -- not the "Use any unlocked key"
option
I long press host2 in the hosts list , and choose the specific key, key2 in the "Use pubkey authentication" -- not the "Use any unlocked key"
option
works for logging into 2 linux boxes
--
You received this message because you are subscribed to the Google Groups "ConnectBot Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to connectbot-use...@googlegroups.com.
To post to this group, send email to connectb...@googlegroups.com.
Visit this group at http://groups.google.com/group/connectbot-users.
For more options, visit https://groups.google.com/groups/opt_out.
SPT - persistent SSH tunnels for android.
David McMurray
Sep 2, 2013, 7:43:13 PM9/2/13
to connectb...@googlegroups.com
Thanks anyway, connecting to Amazon AWS instances is no different really, with username@hostname-or-ip and a key file.
Unfortunately I can't expect all my customers to use the same key file, that wouldn't be very secure.
Unfortunately I can't expect all my customers to use the same key file, that wouldn't be very secure.
David McMurray
Sep 2, 2013, 7:55:48 PM9/2/13
to connectb...@googlegroups.com
Thanks,
I just ran through those steps exactly and it's still not using the selected key. The first host was set up previously with "Use any unlock key", but as I said I tried changing it to each of the other keys and in all cases it uses the first key. No matter what I choose for either host it only uses the first key. I've tried deleting the second host entry and creating it again and to no avail.
I just ran through those steps exactly and it's still not using the selected key. The first host was set up previously with "Use any unlock key", but as I said I tried changing it to each of the other keys and in all cases it uses the first key. No matter what I choose for either host it only uses the first key. I've tried deleting the second host entry and creating it again and to no avail.
Brett Shepard
Sep 2, 2013, 7:59:31 PM9/2/13
to connectb...@googlegroups.com
You might want to try "VX ConnectBot".
It's a fork from ConnectBot, seems to have a bit more active development, and allowed me to connect to my home machines, which I was not able to do with ConnectBot, despite being able to connect to them with an SSH client from my desktop at home.David McMurray
Sep 3, 2013, 8:22:52 PM9/3/13
to connectb...@googlegroups.com
Thank you, I'll try that as I do have it installed already but didn't think to try it.
Reply all
Reply to author
Forward
0 new messages