lunes, 1 de enero de 2018

Solucion de errores: SSH "Permission denied (publickey)". Luego de upgrade. Facil y rapido

En caso de que estes recibiendo el siguiente error al hacer un ssh:


"Permission denied (publickey)."

pero extrañamente venía funcionando todo quizás fue por un upgrade de openssh o del sistema operativo.
Lo primero que te recomiendo es realizar un ssh y con algo de debug (por ejemplo con el -v)

Quedarías así:


$ ssh -v -l alejandro miserver.com

Verás algo así:

$ ssh -v -l alejandro miserver.com
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/alejandroacosta/.ssh/config
debug1: /Users/alejandroacosta/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 49: Applying options for *
debug1: Connecting to miserver port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/alejandroacosta/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/alejandroacosta/.ssh/id_rsa-cert type -1
debug1: identity file /Users/alejandroacosta/.ssh/id_dsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/alejandroacosta/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/alejandroacosta/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/alejandroacosta/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/alejandroacosta/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/alejandroacosta/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to miserver.com:22 as 'alejandro'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:0CjzVIchz9571bMTChmp6cMZ+9QVogt9mHSaK8JA5VQ
debug1: Host '[miserver.com]:22' is known and matches the ECDSA host key.
debug1: Found key in /Users/alejandroacosta/.ssh/known_hosts:20
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Skipping ssh-dss key /Users/alejandroacosta/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/alejandroacosta/.ssh/id_rsa
debug1: Trying private key: /Users/alejandroacosta/.ssh/id_ecdsa
debug1: Trying private key: /Users/alejandroacosta/.ssh/id_ed25519
debug1: No more authentication methods to try.
alejandro@miserver.com: Permission denied (publickey).


La linea mas importante es:

"debug1: Skipping ssh-dss key /Users/alejandroacosta/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes"


Existen varias maneras de solucionarlo, muchas estan mencionadas en:

https://stackoverflow.com/questions/39715135/problems-deploying-code-with-capistrano-since-upgrading-to-macos-10-12-sierra

y

https://rolfje.wordpress.com/2016/11/12/macos-sierra-ssh-permission-denied/


Sin embargo si estas urgido, corriendo puedes solucionarlo inmediatamente haciendo esto:

Solución

echo "Host *" >> ~/.ssh/config
echo "PubkeyAcceptedKeyTypes=+ssh-dss" >> ~/.ssh/config


Mas información:

https://ro-che.info/articles/2015-12-21-permission-denied-publickey-ssh-update












No hay comentarios:

Publicar un comentario

¿Algo adicional que quieras mencionar? ¿Algun consejo?, ¿truco? Gracias!

BGP Stream: un año de análisis sobre incidentes BGP

BGP Stream: un año de análisis sobre incidentes BGP 04/03/2024 Por  Alejandro Acosta , Coordinador de I+D en LACNIC LACNIC presenta  la prim...