New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSH Client fails to use existing id_rsa key #973

Open
connerbw opened this Issue Nov 29, 2017 · 23 comments

Comments

Projects
None yet
10 participants
@connerbw

connerbw commented Nov 29, 2017

"OpenSSH for Windows" version
Client: 0.0.18.0

Client OperatingSystem
Windows 10 Pro

What is failing
I installed the client, not the server, following these steps.
Previously, I am a Git for Windows user and I already have an id_rsa key in ~/.ssh. It is paraphrase protected.

Expected output
The client should ask me for my paraphrase. Ie.

Enter passphrase for /c/Users/ME/.ssh/id_rsa:
Identity added: /c/Users/ME/.ssh/id_rsa (/c/Users/ME/.ssh/id_rsa)

Actual output
key_load_public: invalid format
Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256

@manojampalam

This comment has been minimized.

Show comment
Hide comment
@manojampalam

manojampalam Dec 4, 2017

Collaborator

Windows inbox Beta version currently supports one key type (ed25519).
Please stay tuned for more info from @joeyaiello

Also, as @drichardson found below, there is an issue with passphrase protected private keys. As a work around, create passphrase-less private keys and register them with ssh-agent (this will encrypt and persistently store the private keys, so you don't have to register them again). Once the private key is registered, it could be deleted or moved to a safer location.

Collaborator

manojampalam commented Dec 4, 2017

Windows inbox Beta version currently supports one key type (ed25519).
Please stay tuned for more info from @joeyaiello

Also, as @drichardson found below, there is an issue with passphrase protected private keys. As a work around, create passphrase-less private keys and register them with ssh-agent (this will encrypt and persistently store the private keys, so you don't have to register them again). Once the private key is registered, it could be deleted or moved to a safer location.

@drichardson

This comment has been minimized.

Show comment
Hide comment
@drichardson

drichardson Dec 12, 2017

I have the same problem with RSA and ed25519 keys that have passphrases on them. It seems that the beta version only supports keys without passphrases.

drichardson commented Dec 12, 2017

I have the same problem with RSA and ed25519 keys that have passphrases on them. It seems that the beta version only supports keys without passphrases.

@bagajjal

This comment has been minimized.

Show comment
Hide comment
@bagajjal

bagajjal Dec 12, 2017

Collaborator

@drichardson - Are you using windows inbox openssh (or) you downloaded from our GitHub page?

Collaborator

bagajjal commented Dec 12, 2017

@drichardson - Are you using windows inbox openssh (or) you downloaded from our GitHub page?

@drichardson

This comment has been minimized.

Show comment
Hide comment
@drichardson

drichardson Dec 12, 2017

I installed OpenSSH Client (Beta) from Apps & features > Manage optional features on Window 10. I assumed this github project is the source for that, but perhaps I'm mistaken.

PS> Get-Command ssh

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     ssh.exe                                            0.0.18.0   C:\WINDOWS\System32\OpenSSH\ssh.exe

PS> C:\WINDOWS\System32\OpenSSH\ssh.exe -V
OpenSSH_7.5p1, without OpenSSL

drichardson commented Dec 12, 2017

I installed OpenSSH Client (Beta) from Apps & features > Manage optional features on Window 10. I assumed this github project is the source for that, but perhaps I'm mistaken.

PS> Get-Command ssh

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     ssh.exe                                            0.0.18.0   C:\WINDOWS\System32\OpenSSH\ssh.exe

PS> C:\WINDOWS\System32\OpenSSH\ssh.exe -V
OpenSSH_7.5p1, without OpenSSL
@DrPizza

This comment has been minimized.

Show comment
Hide comment
@DrPizza

DrPizza Dec 14, 2017

It's failing to work with either my RSA key or my ed25519 key.


C:\Users\DrPizza\.ssh>dir
 Volume in drive C has no label.
 Volume Serial Number is 200D-0382

 Directory of C:\Users\DrPizza\.ssh

14/12/2017  12:00    <DIR>          .
14/12/2017  12:00    <DIR>          ..
14/12/2017  12:01               420 id_ed25519
14/12/2017  12:00             3,239 id_rsa
14/12/2017  11:33               126 known_hosts
               3 File(s)          3,785 bytes
               2 Dir(s)  2,573,890,686,976 bytes free

C:\Users\DrPizza\.ssh>ssh -v user@lunix.quiscalusmexicanus.org
OpenSSH_7.5p1, without OpenSSL
debug1: Connecting to lunix.quiscalusmexicanus.org [137.135.108.74] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to lunix.quiscalusmexicanus.org:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:58qRN+qo2e6TjHcYFfwy4F6+cl1ec4MCZoorWuuF+G0
debug1: Host 'lunix.quiscalusmexicanus.org' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\DrPizza/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_fetch_identitylist: communication with agent failed
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\DrPizza/.ssh/id_rsa
Load key "C:\\Users\\DrPizza/.ssh/id_rsa": invalid format
debug1: Trying private key: C:\\Users\\DrPizza/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\DrPizza/.ssh/id_ed25519
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
user@lunix.quiscalusmexicanus.org: Permission denied (publickey).

Both keys (in putty format) work fine in PuTTY.

DrPizza commented Dec 14, 2017

It's failing to work with either my RSA key or my ed25519 key.


C:\Users\DrPizza\.ssh>dir
 Volume in drive C has no label.
 Volume Serial Number is 200D-0382

 Directory of C:\Users\DrPizza\.ssh

14/12/2017  12:00    <DIR>          .
14/12/2017  12:00    <DIR>          ..
14/12/2017  12:01               420 id_ed25519
14/12/2017  12:00             3,239 id_rsa
14/12/2017  11:33               126 known_hosts
               3 File(s)          3,785 bytes
               2 Dir(s)  2,573,890,686,976 bytes free

C:\Users\DrPizza\.ssh>ssh -v user@lunix.quiscalusmexicanus.org
OpenSSH_7.5p1, without OpenSSL
debug1: Connecting to lunix.quiscalusmexicanus.org [137.135.108.74] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\DrPizza/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to lunix.quiscalusmexicanus.org:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:58qRN+qo2e6TjHcYFfwy4F6+cl1ec4MCZoorWuuF+G0
debug1: Host 'lunix.quiscalusmexicanus.org' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\DrPizza/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_fetch_identitylist: communication with agent failed
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\DrPizza/.ssh/id_rsa
Load key "C:\\Users\\DrPizza/.ssh/id_rsa": invalid format
debug1: Trying private key: C:\\Users\\DrPizza/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\DrPizza/.ssh/id_ed25519
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
user@lunix.quiscalusmexicanus.org: Permission denied (publickey).

Both keys (in putty format) work fine in PuTTY.

@bagajjal

This comment has been minimized.

Show comment
Hide comment
@bagajjal

bagajjal Dec 14, 2017

Collaborator

@robertpeteuil - Different delimiters is a display issue but not a functionality issue.
As @manojampalam mentioned, Windows inbox Beta version currently supports one key type (ed25519).

One key thing to focus is we support only utf-8 encoding file format .

Collaborator

bagajjal commented Dec 14, 2017

@robertpeteuil - Different delimiters is a display issue but not a functionality issue.
As @manojampalam mentioned, Windows inbox Beta version currently supports one key type (ed25519).

One key thing to focus is we support only utf-8 encoding file format .

@robertpeteuil

This comment has been minimized.

Show comment
Hide comment
@robertpeteuil

robertpeteuil Dec 14, 2017

@bagajjal - thanks for the clarification. I'm guessing you saw my post via email notification?

I deleted it almost immediately as I realized the key was sucesfully read earlier in the log.

robertpeteuil commented Dec 14, 2017

@bagajjal - thanks for the clarification. I'm guessing you saw my post via email notification?

I deleted it almost immediately as I realized the key was sucesfully read earlier in the log.

@bagajjal

This comment has been minimized.

Show comment
Hide comment
@bagajjal

bagajjal Dec 15, 2017

Collaborator

@DrPizza - As per logs ed25519 is not found.
debug1: identity file C:\Users\DrPizza/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory

Collaborator

bagajjal commented Dec 15, 2017

@DrPizza - As per logs ed25519 is not found.
debug1: identity file C:\Users\DrPizza/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory

@DrPizza

This comment has been minimized.

Show comment
Hide comment
@DrPizza

DrPizza Dec 15, 2017

@bagajjal Yes, that's why I included the directory listing before the log. Why is the file not found? It's there, as the directory listing shows.

DrPizza commented Dec 15, 2017

@bagajjal Yes, that's why I included the directory listing before the log. Why is the file not found? It's there, as the directory listing shows.

@bagajjal

This comment has been minimized.

Show comment
Hide comment
@bagajjal

bagajjal Dec 15, 2017

Collaborator

@DrPizza - ah, missed that (directory listing)..
can you please share DEBUG3 (-vvv) enabled ssh logs
"ssh -vvv user@lunix.quiscalusmexicanus.org"

Collaborator

bagajjal commented Dec 15, 2017

@DrPizza - ah, missed that (directory listing)..
can you please share DEBUG3 (-vvv) enabled ssh logs
"ssh -vvv user@lunix.quiscalusmexicanus.org"

@DrPizza

This comment has been minimized.

Show comment
Hide comment
@DrPizza

DrPizza Dec 15, 2017

I'm not sure I can. It's now connecting without issue, using the ed25519 key. I haven't knowingly changed anything since yesterday, so I'm not sure what's making it work now.

DrPizza commented Dec 15, 2017

I'm not sure I can. It's now connecting without issue, using the ed25519 key. I haven't knowingly changed anything since yesterday, so I'm not sure what's making it work now.

@bagajjal

This comment has been minimized.

Show comment
Hide comment
@bagajjal

bagajjal Dec 15, 2017

Collaborator

@DrPizza - Good to know that its working now.. It would be great if you can update your blog so that people will not be missguided.

Collaborator

bagajjal commented Dec 15, 2017

@DrPizza - Good to know that its working now.. It would be great if you can update your blog so that people will not be missguided.

@Cambridgeport90

This comment has been minimized.

Show comment
Hide comment
@Cambridgeport90

Cambridgeport90 Dec 16, 2017

Cambridgeport90 commented Dec 16, 2017

@massimonewsuk

This comment has been minimized.

Show comment
Hide comment
@massimonewsuk

massimonewsuk Feb 16, 2018

Is there any update on when RSA keys will be supported? So for example the standard ones that AWS generates for you.

massimonewsuk commented Feb 16, 2018

Is there any update on when RSA keys will be supported? So for example the standard ones that AWS generates for you.

@manojampalam

This comment has been minimized.

Show comment
Hide comment
@manojampalam

manojampalam Feb 16, 2018

Collaborator

GitHub releases have full support for all key types. RSA keys are supported too.

Collaborator

manojampalam commented Feb 16, 2018

GitHub releases have full support for all key types. RSA keys are supported too.

@Cambridgeport90

This comment has been minimized.

Show comment
Hide comment
@Cambridgeport90

Cambridgeport90 Feb 16, 2018

Cambridgeport90 commented Feb 16, 2018

@Suncatcher

This comment has been minimized.

Show comment
Hide comment
@Suncatcher

Suncatcher Mar 16, 2018

@bagajjal

Windows inbox Beta version currently supports one key type (ed25519)

Can one convert existing RSA key (generated by Ubuntu) to ed25519? Or it is required to generate ed25519 only in Windows?

@manojampalam

GitHub releases have full support for all key types. RSA keys are supported too.

You mean OpenSSH installed from this GIT repo and installed from Windows Settings are different?

Suncatcher commented Mar 16, 2018

@bagajjal

Windows inbox Beta version currently supports one key type (ed25519)

Can one convert existing RSA key (generated by Ubuntu) to ed25519? Or it is required to generate ed25519 only in Windows?

@manojampalam

GitHub releases have full support for all key types. RSA keys are supported too.

You mean OpenSSH installed from this GIT repo and installed from Windows Settings are different?

@manojampalam

This comment has been minimized.

Show comment
Hide comment
@manojampalam

manojampalam Mar 16, 2018

Collaborator

You cannot convert keys from one type to another.

OpenSSH installed from Windows settings is a limited version (supports only one key type and a limited set of crypto algorithms) of the more comprehensive version released on GitHub

Collaborator

manojampalam commented Mar 16, 2018

You cannot convert keys from one type to another.

OpenSSH installed from Windows settings is a limited version (supports only one key type and a limited set of crypto algorithms) of the more comprehensive version released on GitHub

@Suncatcher

This comment has been minimized.

Show comment
Hide comment
@Suncatcher

Suncatcher Mar 16, 2018

Thx for info. Should I delete built-in Windows client prior to installing Git version?

Suncatcher commented Mar 16, 2018

Thx for info. Should I delete built-in Windows client prior to installing Git version?

@manojampalam

This comment has been minimized.

Show comment
Hide comment
@manojampalam

manojampalam Mar 16, 2018

Collaborator

They can work side by side but may be end up causing confusion. If you don't need the built-in client, recommend uninstalling it.

Collaborator

manojampalam commented Mar 16, 2018

They can work side by side but may be end up causing confusion. If you don't need the built-in client, recommend uninstalling it.

@Suncatcher

This comment has been minimized.

Show comment
Hide comment
@Suncatcher

Suncatcher Mar 17, 2018

of the more comprehensive version released on GitHub

@manojampalam, okay, I read this stuff and they say:

Win32-OpenSSH will be deprecated once changes in PowerShell/openssh-portable are integrated back into openssh/openssh-portable

So I wanna ask, should I install the client from Win32-OpenSSH or better use openssh-portable? Do they differ in features?

Suncatcher commented Mar 17, 2018

of the more comprehensive version released on GitHub

@manojampalam, okay, I read this stuff and they say:

Win32-OpenSSH will be deprecated once changes in PowerShell/openssh-portable are integrated back into openssh/openssh-portable

So I wanna ask, should I install the client from Win32-OpenSSH or better use openssh-portable? Do they differ in features?

@manojampalam

This comment has been minimized.

Show comment
Hide comment
@manojampalam

manojampalam Mar 19, 2018

Collaborator

Win32-OpenSSH and PowerShell/openssh-portable are the same. We do development in PowerShell/openssh-portable and maintain issues, do releases in Win32-OpenSSH (we are stuck this way for legacy reasons).

Collaborator

manojampalam commented Mar 19, 2018

Win32-OpenSSH and PowerShell/openssh-portable are the same. We do development in PowerShell/openssh-portable and maintain issues, do releases in Win32-OpenSSH (we are stuck this way for legacy reasons).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment