Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl: SSH remote key was not okay #591

Closed
saptarshiguha opened this issue Nov 5, 2018 · 9 comments
Closed

curl: SSH remote key was not okay #591

saptarshiguha opened this issue Nov 5, 2018 · 9 comments

Comments

@saptarshiguha
Copy link

saptarshiguha commented Nov 5, 2018
edited

Hello,
I am using the latest testflight version of blink. I can ssh into a server (called rguha) but scp fails.

blink> scp -vvvv test.jpg rguha:/tmp/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Trying X.Y...
* TCP_NODELAY set
* Connected to rguha.*  port 22 (#0)
* SSH MD5 fingerprint: 1f7008db6e153d674e1fe920615d16b9
* SSH host check: 2, key: <none>
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (51) SSL peer certificate or SSH remote key was not OK
blink>

What could be wrong? Termius seems to be able to transfer this file to the same server which indicates the server does understand SCP/SFTP (whatever termius uses).

Would be super happy to have it work in blink so i can uninstall Termius
@yury
Copy link
Collaborator

yury commented Nov 5, 2018

Hi @saptarshiguha.
This is know issue. As a workaround you can ssh2 to that host first, so ssh2 will add host to known hosts file in format scp understands.

@saptarshiguha
Copy link
Author

Thanks! Tried

blink> ssh2 rguha
Connected to 66.228.35.34
The authenticity of host rguha  can't be established.
RSA key fingerprint is PGOgoW@&*@(!@^@&*@
Are you sure you want to continue connecting (yes/no)?yes
Permanently added key for rguha  to list of known hosts.
Last login: Mon Nov  5 20:25:25 2018 from guest.net
[joy@li285-34 ~]$ logout

And then

blink> scp -vvvv test.jpg rguha:/tmp/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
*  Trying XYZ
* TCP_NODELAY set
* Connected to rguha port 22 (#0)
* SSH MD5 fingerprint: 1f7008db6.....15d16b9
* SSH host check: 0, key: AAAA.....JRlP6mBqL
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using private key stored in BlinkShell keys: 'mouchak'
* SSH public key authentication failed: Username/PublicKey combination invalid
* Failure connecting to agent
* Authentication failure
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (67) Authentication failure

but i can ssh and ssh2 into the above host just fine.

@yury
Copy link
Collaborator

yury commented Nov 5, 2018

What type of the key you are using? RSA?

@saptarshiguha
Copy link
Author

DSA.

@saptarshiguha
Copy link
Author

Hmm, switched to a RSA key and it worked fine.
Closing this issue
Thanks much

@jay-hankins
Copy link

jay-hankins commented Nov 15, 2018
edited

I’m using an ECDSA key and can’t use scp currently. Is there a way to specify an override key, one that is configured in Blink? I don’t see an id_ecdsa in the filesystem, so overriding with —key in scp/curl doesn’t seem right.

The output shows that key is <none>:

blink> scp file nuc.local:~/file -v
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 10.42.69.11...
* TCP_NODELAY set
* Connected to nuc.local (10.42.69.11) port 22 (#0)
* SSH MD5 fingerprint: 6e2814b3ace9570abc909b1158ac89a8
* SSH host check: 2, key: <none>
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (51) SSL peer certificate or SSH remote key was not OK

Switching to an RSA key could be a workaround, but I’d prefer to keep my ECDSA key.

@timothybasanov
Copy link

I have the same issue. I think my host key may be in a wrong format, but Imhave no control over it. All my iOS keys are RSA and generated by Blink itself.
This is a very frustrating issue as it misdirected to try to debug curl issues with scp, which even sounds weird.
Workaround with ssh2 unifi worked.

Here is an example output:

blink> ssh -v unifi ls -l /srv/unifi/data/sites/default/config.gateway.json
socket_callback_connected: Socket connection callback: 1 (0)
ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u7
ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u7
ssh_analyze_banner: We are talking to an OpenSSH client version: 6.7 (60700)
blink: setting socket keepalive: 1
ssh_userauth_request_service: Failed to request "ssh-userauth" service
ssh_packet_userauth_failure: Access denied. Authentication that can continue: publickey,password
blink: import key timothy@iOS
blink: open channels
blink: open session
-rw------- 1 unifi unifi 1019 Jul 12 15:25 /srv/unifi/data/sites/default/

blink> scp -vvv unifi:/srv/unifi/data/sites/default/config.gateway.json ./
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 192.168.0.149...
* TCP_NODELAY set
* Connected to unifi.home.timothybasanov.com (192.168.0.149) port 22 (#0)
* SSH MD5 fingerprint: 5a36644047814e202a86b22088ac5198
* SSH host check: 2, key: <none>
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (51) SSL peer certificate or SSH remote key was not OK

@isaacirosado
Copy link

Switching to RSA didn't work for me, but in case it helps, removing the certificate check with --insecure (a standard CURL option) AND being explicit with the username and remote target path worked to get past the "SSL peer certificate or SSH remote key" error:

scp --insecure -vvv <local-file-path> <user>@<host name or IP>:<remote-file-path>

@altech-stack
Copy link

Had an error exactly like this, turns out the ssh I used in the blink shell for ssh-keygen is a different SSH key when I go through config > Keys. After adding the actual public key to my destination host (and making sure the authorized_keys and .ssh folder has the correct permissions), I was able to use scp and sftp without issues! Hope this helps anyone else with similar issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@yury @saptarshiguha @timothybasanov @altech-stack @jay-hankins @isaacirosado