Caution on ssh in mixed configuration

To: debian-user@lists.debian.org
Cc: ross@biostat.ucsf.edu
Subject: Caution on ssh in mixed configuration
From: Ross Boylan <ross@biostat.ucsf.edu>
Date: Sat, 10 Oct 2009 10:17:50 -0700
Message-id: <[🔎] 1255195070.30192.74.camel@corn.betterworld.us>

A few weeks ago, just after an upgrade, ssh stopped working, that is, it
my passphrase did not work:
ross@markov:~/.ssh$ ssh-keygen -v -v -v -y -f id_rsa
debug3: Not a RSA1 key file id_rsa.
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase:
debug3: Not a RSA1 key file id_rsa.
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
load failed

The upgrade made the following packages post-lenny:
kvm/sid upgradeable from 72+dfsg-5 to 85+dfsg-4
libgcrypt11/sid uptodate 1.4.4-4
libgnutls26/sid upgradeable from 2.8.3-3 to 2.8.4-1
libgpg-error0/sid uptodate 1.6-1
libtasn1-3/sid uptodate 2.3-1
linux-headers-2.6.30-2-amd64/sid upgradeable from 2.6.30-7 to 2.6.30-8
linux-headers-2.6.30-2-common/sid upgradeable from 2.6.30-7 to 2.6.30-8
linux-image-2.6.30-1-amd64 2.6.30-5 installed: No available version in
archive
linux-image-2.6.30-2-amd64/sid upgradeable from 2.6.30-7 to 2.6.30-8
linux-kbuild-2.6.30/sid uptodate 2.6.30-1
linux-libc-dev/sid upgradeable from 2.6.30-1 to 2.6.30-8
linux-source-2.6.30/sid upgradeable from 2.6.30-5 to 2.6.30-8

I updated my 2.6.30 kernel and tried a newer kvm version, which drew in
the other packages.

I tried deleting my key and regenerating; it was still unreadable.

Today I downgraded, successively,
2009-10-10 09:48:05 status installed linux-libc-dev 2.6.26-17lenny2
2009-10-10 09:50:26 status installed man-db 2.5.2-4
2009-10-10 09:50:28 status installed libgnutls26 2.4.2-6+lenny1
2009-10-10 09:50:29 status installed kvm 72+dfsg-5~lenny2
2009-10-10 09:52:03 status installed libgcrypt11 1.4.1-1
2009-10-10 09:54:17 status installed libgpg-error0 1.4-2
2009-10-10 09:54:17 status installed libtasn1-3 1.4-1

After each package downgrade I tried verifying the key and failed.
Finally, after all the downgrades I made another new key.  This time it
was readable.

I couldn't find any bugs in the obvious package suspects, but there was
something about this combination that didnt work.

If anyone has insights into what was going on, I'd love to hear them.

Reply to:

Prev by Date: Re: D-Link's Shareport USB Utility
Next by Date: Re: Could you recommend CD/DVD writer program?
Previous by thread: Re: virtualbox: RTR3Init failed with rc=-1912 (rc=-1912)
Next by thread: Looking for simple s2disk implementation
Index(es):
- Date
- Thread