ssh cannot use the IdentityFile config in file ~/.ssh/config
Solution 1
I found the answer to my problem here: https://superuser.com/a/436015.
In short, IdentitiesOnly yes
needs to be specified on either the host or the global SSH client configuration because otherwise, unspecified keys may also be tried, including keys in the ssh-agent
if one is running.
Solution 2
I think the answer lies in the mechanism of .ssh/config
file.
If you try ssh root@popo
, it should work.
The command ssh name@host
first match the host
in the Host
field in .ssh/config
, not the HostName
sub-field.
It puzzles me for several weeks......
Solution 3
If your ~/.ssh/config is all on one line (as your post suggests) like this:
Host popo Hostname popo.net User root PreferredAuthentications publickey IdentityFile /Users/phenix/.ssh/poponet_rsa
then that won't work. You need to split each directive onto its own line, like this:
Host popo
Hostname popo.net
User root
PreferredAuthentications publickey
IdentityFile /Users/phenix/.ssh/poponet_rsa
zgia
Updated on May 31, 2020Comments
-
zgia about 4 years
client:Mac 10.8,server:Ubuntu 10.04 LTS 64bit
I use 'ssh-keygen -t rsa' generate public/private keys.
First, I input: ssh -i /Users/phenix/.ssh/poponet_rsa [email protected], I can login to the server with the private key 'poponet_rsa'
Next, I create a config file: /Users/phenix/.ssh/config, with content:
Host popo Hostname popo.net User root PreferredAuthentications publickey IdentityFile /Users/phenix/.ssh/poponet_rsa
and I input ssh [email protected], the Terminal ask me the password.
Next, I change poponet_rsa filename to id_rsa, and input ssh [email protected], OK, I login.
My question: ssh cannot use the IdentityFile config in file ~/.ssh/config, why?
$ ssh -vvv [email protected] OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Reading configuration data /Users/phenix/.ssh/config debug1: /Users/phenix/.ssh/config line 1: Applying options for popo.net debug1: /Users/phenix/.ssh/config line 2: Applying options for popo.net debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to popo.net [111.111.111.111] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/Users/phenix/.ssh/id_rsa" as a RSA1 public key debug1: identity file /Users/phenix/.ssh/id_rsa type -1 debug1: identity file /Users/phenix/.ssh/id_rsa-cert type -1 debug1: identity file /Users/phenix/.ssh/id_dsa type -1 debug1: identity file /Users/phenix/.ssh/id_dsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7 debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "popo.net" from file "/Users/phenix/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /Users/phenix/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: **too much init, i delete them.** debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 135/256 debug2: bits set: 468/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx debug3: load_hostkeys: loading entries for host "popo.net" from file "/Users/phenix/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /Users/phenix/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: load_hostkeys: loading entries for host "111.111.111.111" from file "/Users/phenix/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /Users/phenix/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug1: Host 'popo.net' is known and matches the RSA host key. debug1: Found key in /Users/phenix/.ssh/known_hosts:1 debug2: bits set: 516/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/phenix/.ssh/id_rsa (0x0) debug2: key: /Users/phenix/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /Users/phenix/.ssh/id_rsa debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> debug2: no passphrase given, try next key debug1: Trying private key: /Users/phenix/.ssh/id_dsa debug3: no such identity: /Users/phenix/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password [email protected]'s password:
-
zgia about 11 yearsI try it, but the Terminal ask me the password again. Only 'debug2: key: /Users/liyuntian/.ssh/id_rsa (0x0)', and no 'poponet_rsa'
-
jeffcook2150 about 10 yearsThese "errors" are not actually problems. RSA1 is rarely used anymore. This will be displayed most of the time when a key specified by IdentityFile is loaded.
-
Sylar almost 5 yearsThank you so much! I've upgraded my MBP and getting all sorts of errors.
-
Laurent about 4 yearssame here, not very intuitive. Based on the OP's issue I think this should be the accepted answer