[aur-general] SSH Key Denied Problem

Eli Schwartz eschwartz at archlinux.org
Fri Jul 9 01:25:47 UTC 2021


On 7/8/21 8:58 PM, Matt Spaulding via aur-general wrote:
> Here's the information you asked for.  I will probably hop on IRC tomorrow
> if this isn't enough information to solve the problem.
> 
> This is the public key I am attempting to use.  I will note that it's RSA
> 4096-bit.
> 
> ssh-rsa
> AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8DiUij7l3vQKeHSaKo2xRHvAOWri2yUV4Y0O0sFrVY68ehSeCYTuk05DJEfwOsMB4ihHWWh65hPxapr3g9bNl/3Wb6HhbPHb/1JNAuVT9wKTyafKInX3675q5JjZcxXPl0UFYgZU9JDVQHxUEIvNLEVY4aa+FiMtDNIWi4wyGjboIO0eWjMrG6W2isPvO7y4PipwrXIfB8aBYMv6yUGswechlVe0tEOWh8fDGRDa3ByqLdg76LPPWFd5Cz7s6i8CwAKwHMkWJ3XjZykTsHONgQ2w8lzcHcdLdZG/wEuT5PP3/2PuOcPeor6LsQN7I9Ds3moqYlIrY6jZAiwP3YO3MRoePOHluBNuOt4MOZnruMbQJgZgDb8JyFLqIhZiJ9eBR8TK2jI0lhcl8rDr0VZZtzdO2+jFT+iGAv6eOYnK+xrAq+yK4YHHnglIn9rJAlyNTHaBR53NwifYRmdOD1ZvfKkertejWnOlcLigEKgQk+51l/vKwvhdVbfpaBEpcTWxuZLqOs6CE94I6HWo1IVbpMxOWErxVeaXqTDTPWFeTFCh9DnA7/TIc129HO9WINd3yZ+zX05PQaKxqAr8klJwyxwkrXJ97xeY9AXjL1AANW7g84fKlF7QdxVSbfGa+544HBr0fXV1BGlGv4EkPCYmvDKH5HIc003kJdcdy6ictQ==
> 
> And I also tried running the diagnostic command mentioned.  Here's the
> output I got, though it doesn't appear to show anything of particular
> interest.
> 
> OpenSSH_8.6p1, OpenSSL 1.1.1k  25 Mar 2021
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to aur.archlinux.org [95.216.144.15] port 22.
> debug1: Connection established.
> debug1: identity file /home/binary/.ssh/id_rsa type 0
> debug1: identity file /home/binary/.ssh/id_rsa-cert type -1
> debug1: identity file /home/binary/.ssh/id_dsa type -1
> debug1: identity file /home/binary/.ssh/id_dsa-cert type -1
> debug1: identity file /home/binary/.ssh/id_ecdsa type -1
> debug1: identity file /home/binary/.ssh/id_ecdsa-cert type -1
> debug1: identity file /home/binary/.ssh/id_ecdsa_sk type -1
> debug1: identity file /home/binary/.ssh/id_ecdsa_sk-cert type -1
> debug1: identity file /home/binary/.ssh/id_ed25519 type -1
> debug1: identity file /home/binary/.ssh/id_ed25519-cert type -1
> debug1: identity file /home/binary/.ssh/id_ed25519_sk type -1
> debug1: identity file /home/binary/.ssh/id_ed25519_sk-cert type -1
> debug1: identity file /home/binary/.ssh/id_xmss type -1
> debug1: identity file /home/binary/.ssh/id_xmss-cert type -1
> debug1: Local version string SSH-2.0-OpenSSH_8.6
> debug1: Remote protocol version 2.0, remote software version OpenSSH_8.6
> debug1: compat_banner: match: OpenSSH_8.6 pat OpenSSH* compat 0x04000000
> debug1: Authenticating to aur.archlinux.org:22 as 'aur'
> debug1: load_hostkeys: fopen /home/binary/.ssh/known_hosts2: No such file
> or directory
> debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
> directory
> debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or
> directory
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: curve25519-sha256
> debug1: kex: host key algorithm: ssh-ed25519
> debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
> <implicit> compression: none
> debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
> <implicit> compression: none
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: SSH2_MSG_KEX_ECDH_REPLY received
> debug1: Server host key: ssh-ed25519
> SHA256:RFzBCUItH9LZS0cKB5UE6ceAYhBD5C8GeOBip8Z11+4
> debug1: load_hostkeys: fopen /home/binary/.ssh/known_hosts2: No such file
> or directory
> debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
> directory
> debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or
> directory
> debug1: Host 'aur.archlinux.org' is known and matches the ED25519 host key.
> debug1: Found key in /home/binary/.ssh/known_hosts:1
> debug1: rekey out after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: rekey in after 134217728 blocks
> debug1: Will attempt key: /home/binary/.ssh/id_rsa RSA
> SHA256:1hBIpVzuvjyd456bVOYfK+XgZQbH6LoAvlrbv8xexpE
> debug1: Will attempt key: /home/binary/.ssh/id_dsa
> debug1: Will attempt key: /home/binary/.ssh/id_ecdsa
> debug1: Will attempt key: /home/binary/.ssh/id_ecdsa_sk
> debug1: Will attempt key: /home/binary/.ssh/id_ed25519
> debug1: Will attempt key: /home/binary/.ssh/id_ed25519_sk
> debug1: Will attempt key: /home/binary/.ssh/id_xmss
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,
> sk-ssh-ed25519 at openssh.com
> ,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
> sk-ecdsa-sha2-nistp256 at openssh.com,
> webauthn-sk-ecdsa-sha2-nistp256 at openssh.com>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/binary/.ssh/id_rsa RSA
> SHA256:1hBIpVzuvjyd456bVOYfK+XgZQbH6LoAvlrbv8xexpE


If you hadn't figured out the problem on your own, I was going to
respond -- yeah, the public key you have in your account settings has a
different fingerprint:

RSA 4096 SHA256:MfAc/Q/F2r2ZUWuAYAJ5cAGotZSCvuYgzZJrWGYuqI8

Anyway, glad you figured it out. ;)


> debug1: Authentications that can continue: publickey
> debug1: Trying private key: /home/binary/.ssh/id_dsa
> debug1: Trying private key: /home/binary/.ssh/id_ecdsa
> debug1: Trying private key: /home/binary/.ssh/id_ecdsa_sk
> debug1: Trying private key: /home/binary/.ssh/id_ed25519
> debug1: Trying private key: /home/binary/.ssh/id_ed25519_sk
> debug1: Trying private key: /home/binary/.ssh/id_xmss
> debug1: No more authentication methods to try.
> aur at aur.archlinux.org: Permission denied (publickey).

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20210708/be327169/attachment.sig>


More information about the aur-general mailing list