What does "key_load_public: no such file or directory" mean?

43

4

I've been troubleshooting a PubkeyAuthentication-only issue. When I use verbose mode, I see a lot of "key_load_public: no such file or directory".

Obviously, the keys exits on the filesystem, so that message does not appear to have a customary meaning:

$ ls -al ~/.ssh/id_*
-rw-------  1 jwalton  staff   751 Feb  4  2013 id_dsa
-rw-------  1 jwalton  staff   608 Feb 18  2015 id_dsa.pub
-rw-------  1 jwalton  staff   314 Feb  4  2013 id_ecdsa
-rw-------  1 jwalton  staff   180 Feb 18  2015 id_ecdsa.pub
-rw-------  1 jwalton  staff   464 Aug 23 18:15 id_ed25519
-rw-------  1 jwalton  staff   103 Aug 23 18:15 id_ed25519.pub
-rw-------  1 jwalton  staff  2546 Feb  4  2013 id_rsa
-rw-------  1 jwalton  staff   572 Feb 18  2015 id_rsa.pub

What, exactly, does "key_load_public: no such file or directory" mean?

My .ssh/config file has:

$ cat ~/.ssh/config
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_ecdsa
IdentityFile ~/.ssh/id_dsa
IdentityFile ~/.ssh/id_rsa

Adding the *.pub extension has no effect. I tried both with and without *.pub because the man page is ambiguous with respect to which key needs to be specified - public or private. (A pubic key is all that's needed for an identity; a private key is needed to prove ownership of the key in a challenge/response):

IdentityFile
    Specifies a file from which the user's DSA, ECDSA or DSA authen-
    tication identity is read...

$ ssh -v -p 1522 jwalton@192.168.1.11
OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /Users/jwalton/.ssh/config
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 192.168.1.11 [192.168.1.11] port 1522.
debug1: Connection established.
debug1: identity file /Users/jwalton/.ssh/id_ed25519.pub type 4
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jwalton/.ssh/id_ed25519.pub-cert type -1
debug1: identity file /Users/jwalton/.ssh/id_ecdsa.pub type 3
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jwalton/.ssh/id_ecdsa.pub-cert type -1
debug1: identity file /Users/jwalton/.ssh/id_dsa.pub type 2
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jwalton/.ssh/id_dsa.pub-cert type -1
debug1: identity file /Users/jwalton/.ssh/id_rsa.pub type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jwalton/.ssh/id_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
...

jww

Posted 2015-08-26T06:14:37.497

Reputation: 1

Answers

67

It means literally what it says: there is no such file or directory that ssh wanted to access.

However, it talks about the file mentioned below, not above. You have just the regular public keys, but you do not have the SSH certificates for them (presumably because you just don't need them). OpenSSH however will always try to load the associated .pub-cert file for each identity key.

The ssh-keygen(1) manual talks about creating an OpenSSH cert authority and signing certificates, should you be interested. (Note: this doesn't use X.509, only OpenSSH's own cert format.)

Usually the certificates are only useful if you have a massive amount of users (and/or servers) but don't want to use Kerberos.

user1686

Posted 2015-08-26T06:14:37.497

Reputation: 283 655

Thanks Grawity. For IdentityFile, what should I specify? The public key or the private key? – jww – 2015-08-26T06:58:57.707

It should be the private key file (which actually contains the whole keypair – the extra .pub file is only for [sort of] convenience). – user1686 – 2015-08-26T13:03:16.900

5Ooph, now that's confusing. Someone should really file a bug report :-( – einpoklum – 2015-12-03T15:17:19.440

1

If by "file a bug report" you mean "submit the fix", then feel free to do so: https://github.com/openssh/openssh-portable/blob/master/README#L38 :). Here's a place to start looking: https://github.com/openssh/openssh-portable/blob/master/key.c#L342 and https://github.com/openssh/openssh-portable/blob/master/ssh.c#L2091 .

– Alexander Bird – 2016-08-03T19:11:49.577

14Sometimes "bug report" literally means "bug report". Not every openssh user is a C programmer. – user1686 – 2018-04-18T08:35:15.860

Asked: 2015-08-26T06:14:37.497

Viewed: 86 751 times

Active: 2015-08-26T17:59:27.900