Ubuntu
eucalyptus package

SSH key stopped working

Bug #514198 reported by Torsten Spindler
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eucalyptus (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

On UEC on Ubuntu 9.10 the following problem occured during last week's training session:

A student created a key and it worked fine. After some time it stopped working, e.g. the key can no longer be used to log into an instance. The key is named mykey and specific for a certain user - note that multiple users have all a key called 'mykey', maybe this is where Eucalyptus gets confused?

$ ssh -vi ./mykey.priv ubuntu@172.24.129.139
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 172.24.129.139 [172.24.129.139] port 22.
debug1: Connection established.
debug1: identity file ./mykey.priv type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-6ubuntu2
debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '172.24.129.139' is known and matches the RSA host key.
debug1: Found key in /home/student/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ./mykey.priv
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Each student should be able to create and use a key called "mykey" as long as they're unique users with unique keys on a give machine (or separate machines).

What do you mean by "stopped working"?

Did the user have a running instance that they were able to login with that key, and then later, couldn't log in with the same key to the same running instance?

Or, rather, did they create and use instances with that key, and then later, create instances but not be able to use that key?

Changed in eucalyptus (Ubuntu):
status: New → Incomplete
importance: Undecided → Medium
Revision history for this message
Torsten Spindler (tspindler) wrote : Re: [Bug 514198] Re: SSH key stopped working

On Fri, 2010-01-29 at 19:26 +0000, Dustin Kirkland wrote:
...
> Or, rather, did they create and use instances with that key, and then
> later, create instances but not be able to use that key?

This I meant with stopped working.

Revision history for this message
Mathias Gug (mathiaz) wrote :

On Fri, Jan 29, 2010 at 08:28:42PM -0000, Torsten Spindler wrote:
> On Fri, 2010-01-29 at 19:26 +0000, Dustin Kirkland wrote:
> ...
> > Or, rather, did they create and use instances with that key, and then
> > later, create instances but not be able to use that key?
>
> This I meant with stopped working.
>

Where you able to check the instance console log to see if the sshd daemon had
started on the failing instances?

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

Revision history for this message
Torsten Spindler (tspindler) wrote :

The sshd is started, the last few lines from euca-get-console-output:

ec2:
ec2: #############################################################
ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
ec2: 2048 c5:e6:f6:21:16:bf:b4:d8:00:fa:1b:ad:29:12:86:de /etc/ssh/ssh_host_rsa_key.pub (RSA)
ec2: 1024 b9:c0:86:af:2f:70:8b:58:0e:65:90:c8:96:1e:53:9d /etc/ssh/ssh_host_dsa_key.pub (DSA)
ec2: -----END SSH HOST KEY FINGERPRINTS-----
ec2: #############################################################
 * Starting OpenBSD Secure Shell server sshd
 * Running EC2 user data

Revision history for this message
Thierry Carrez (ttx) wrote :

Apparently there /was/ a known issue in eucalyptus 1.6 where if someone was to create the same key twice, eucalyptus would end up having a private key that no longer matches the public key. Could that be what happened here ?

Revision history for this message
Torsten Spindler (tspindler) wrote :

Quite possible, the students are instructed to create a key called
'mykey' in the exercise. With this the problem can be reproduced:

$ euca-add-keypair mykey2 > mykey2.priv
$ euca-add-keypair mykey2 > mykey2.priv
$ euca-run-instances -t c1.medium -k mykey2 emi-DF481077
$ ssh -i mykey2.priv 172.24.129.128
Permission denied (publickey).

Revision history for this message
Thierry Carrez (ttx) wrote :

If that was the issue, it's now fixed in lucid/1.6.2.
Please reopen if this can be triggered /without/ creating two times the same key.

Changed in eucalyptus (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.