3

I can not login to my server with public key.

Server details:

  • Ubuntu Server 16.04LTS
  • SSHd: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016

My public key is added to /home/user/.ssh/authorized_keys, but publickey authentication method is dropped when I try to connect.

Only one line in the /var/log/auth.log is corresponded:

sshd[3830]: error: key_verify: error in libcrypto

Ubuntu on the server is fresh, just upgraded to the latest kernel and packages.

Anybody has any idea how can I overcome on this situation?

Daniel
  • 193
  • 1
  • 2
  • 8
  • 1
    It's pretty unlikely that this is the result of a bug. Please add the actual configuration of your server to your question. The rest of the log file related to your login attempt might be relevant as well. – Gerald Schneider Feb 06 '18 at 14:16
  • You may want to increase the [LogLevel](https://linux.die.net/man/5/sshd_config) to one of the debug levels in your `sshd_config` to get more detailed/useful information that will help you debug the issue. (It might be as simple as for instance missing/extra character(s) in the authorized_keys entry) – HBruijn Feb 06 '18 at 14:52
  • I have the same issue, did you find a solution? – the_nuts Apr 11 '18 at 13:53
  • You will need to recreate the keys and then it will be fine. – Daniel Apr 12 '18 at 14:49

1 Answers1

1

Actually, increasing the log level does not showed up anything related.

It only seems the client just jumped over the next possible key (DSA) which I have not got and then the method was dropped and password has been asked.

My client is a 14.04LTS, server is 16.04LTS.

The key was generated long time ago (by the time I was installed 14.04LTS).

The solution was to regenerate the RSA keys on the client and now it works as intended. Somehow the 16.04LTS is not backward compatible with the keys generated long time ago.

Daniel
  • 193
  • 1
  • 2
  • 8
  • 1
    How long ago? Keys generated between 2006-2008 on Debian-based systems were [weak due to a bug](https://github.com/g0tmi1k/debian-ssh), and get rejected today. – Michael Hampton Feb 07 '18 at 19:37