System Configuration:
MAC Version : 10.10.5
uname -a
Darwin xxxxx-xxxx 14.5.0 Darwin Kernel Version 14.5.0: Tue Sep 1 21:23:09 PDT 2015; root:xnu-2782.50.1~1/RELEASE_X86_64 x86_64
Issue:
Not able to connect to a server using the SSH private keys with user mode. However same command with same SSH keys (at same location as that of user) works fine with root authentication.
Failed Output logs (User level command):
> ssh -v -2A 198.18.144.158
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/userxyz/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 198.18.144.158 [198.18.144.158] port 22.
debug1: Connection established.
debug1: identity file /Users/userxyz/.ssh/internal/2009-01-01.ppk type -1
debug1: identity file /Users/userxyz/.ssh/internal/2009-01-01.ppk-cert type -1
debug1: identity file /Users/userxyz/.ssh/internal/2009-01-01.ppk type -1
debug1: identity file /Users/userxyz/.ssh/internal/2009-01-01.ppk-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version Server-VIII-hpn14v2
debug1: no match: Server-VIII-hpn14v2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: DSA ee:33:bd:ac:7b:6e:bd:0b:60:6e:49:20:56:cb:00:d3
debug1: Host '198.18.144.158' is known and matches the DSA host key.
debug1: Found key in /Users/userxyz/.ssh/known_hosts:1
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/userxyz/.ssh/internal/2009-01-01.ppk
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/kimanjun/.ssh/internal/2015-11-16.ppk
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: No more authentication methods to try.
Permission denied (publickey).
User level config changes
pwd
/Users/userxyz/.ssh
> cat config
IdentityFile ~/.ssh/internal/2009-01-01.ppk
>
Success Output logs (Root level command):
sudo ssh -v -2A 198.18.144.158
Password:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 198.18.144.158 [198.18.144.158] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /Users/userxyz/.ssh/internal/2009-01-01.ppk type -1
debug1: identity file /Users/userxyz/.ssh/internal/2009-01-01.ppk-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version Server-VIII-hpn14v2
debug1: no match: Server-VIII-hpn14v2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: DSA ee:33:bd:ac:7b:6e:bd:0b:60:6e:49:20:56:cb:00:d3
debug1: Host '198.18.144.158' is known and matches the DSA host key.
debug1: Found key in /var/root/.ssh/known_hosts:1
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/userxyz/.ssh/internal/2009-01-01.ppk
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 198.18.144.158 ([198.18.144.158]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: SSH2_MSG_KEXINIT received
debug1: SSH2_MSG_KEXINIT sent
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: DSA ee:33:bd:ac:7b:6e:bd:0b:60:6e:49:20:56:cb:00:d3
debug1: Host '198.18.144.158' is known and matches the DSA host key.
debug1: Found key in /var/root/.ssh/known_hosts:1
debug1: ssh_dss_verify: signature correct
debug1: set_newkeys: rekeying
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: rekeying
debug1: SSH2_MSG_NEWKEYS received
debug1: Requesting authentication agent forwarding.
This is a private system. No unauthorized use is permitted; if you are
not an authorized user, please log off now.
root@198.18.144.158:~# exit
Root level config changes:
I have changed the root level ssh_config to point to the private key to user level account instead of default rsa key.
What I have tried:
a. Tried different permission of the .ssh and internal at user level folder but does not impact.
b. Tried ssh-add but see the output which looks ok.
c. checked the known_hosts at both user level and root level and looks identical.
Not sure what is causing the issue - since at root level I am able to authenticate the key and at user level not able to do the same.
Any help is welcome.
