Bug#801150: openssh-client: PubkeyAuthentication not working when ~/.ssh/id_rsa.pub is present
retitle 801150 PubkeyAuthentication not working when ~/.ssh/id_rsa.pub is present
(I let you adjust the severity as you see fit)
Hi Colin, thanks for your prompt answer!
Colin Watson <firstname.lastname@example.org> wrote:
> Do you have a good reason to still be using the RSAAuthentication
> option? It's protocol 1 only, which has been obsolete for a decade or
> so, and your -vv transcript shows that you're using protocol 2 so
> RSAAuthentication cannot possibly work. Since you're communicating with
> a server version that is substantially less than a decade old, there
> should be no reason to try to use protocol 1 with it. The protocol 2
> equivalent is PubkeyAuthentication.
Ah, right, then I meant PubkeyAuthentication, sorry for the confusion.
> You will of course need to make sure that you aren't using an RSA1 key
> (ssh-keygen -t rsa1 vs. -t rsa).
I generated a new key with '-t rsa' but it doesn't change anything.
After some trial and error, I determined that authentication works iff I
rename ~/.ssh/id_rsa.pub to something else (e.g., 'disabled.pub', or
moved to a different directory). This is on the client, of course.
I got this idea because ssh-add(1) now says:
After loading a private key, ssh-add will try to load
corresponding certificate information from the filename obtained by
appending -cert.pub to the name of the private key file.
so I first tried id_rsa-cert.pub, then found out that anything other
than ~/.ssh/id_rsa.pub appears to work. BTW, I have no idea what this
new -cert.pub suffix is about.
If you think this would be useful, I can send you logs of the sshd
server in debug mode by private mail.
Thanks for your support.