[Developers] Failed to Add All Keys

TjL luomat at gmail.com
Tue Sep 18 19:35:18 CEST 2007 

On 9/18/07, Eric Warnke <ericew at gmail.com> wrote:

> Have you recently changed your .ssh/config file? "debug1: An invalid
> name was supplied Configuration file does not specify default realm"
> makes me think that your config might be broken.

That's been like that for a long time.  I'm not sure what the problem
is, but it pre-dates this issue.

I don't have a file ~/.ssh/config

$ ls -l ~/.ssh/
total 72
-rw-------  1 luomat luomat   736 Jun 14  2005 id_dsa
-rw-r--r--  1 luomat luomat   608 Jan 16  2005 id_dsa.pub
-rw-------  1 luomat luomat   951 Jan 16  2005 id_rsa
-rw-r--r--  1 luomat luomat   228 Jan 16  2005 id_rsa.pub
-rw-------  1 luomat luomat   963 Jan 16  2005 identity
-rw-r--r--  1 luomat luomat   228 Jan 16  2005 identity.pub
-rw-r--r--  1 luomat luomat 48407 Sep 10 19:46 known_hosts

and my /etc/ssh_config has only commented-out lines in it



> I'm confused... if you removed ( from Keychain ) the SSHKeychain
> entries the only way to read your keys is with a password, the fact
> that you didn't get prompted leads me to believe you did something
> wrong.

Oh. from "Keychain Access".  I see.  I thought that you meant removing
the SSH Keys from the 3rd panel (SSH Keys) of the SSHKeychain
preferences.

Oooh, I think that did it.

There were only 2 entries for 'sshkeychain' in Keychain Access.  I
deleted them and then restarted SSHKeychain, which then asked me for
my passphrase 3 times (one for id_rsa.pub, id_dsa.pub, and identity).

When I look at the Agent Status I see all 3 of them as current keys.

And it is working again!

I still get the:

debug1: An invalid name was supplied
Configuration file does not specify default realm

debug1: An invalid name was supplied
Configuration file does not specify default realm

as well as

debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

but I'm not sure what they are referring to and it seems to work, so
I'm going to let it be for now :-)

> Cheers,
> Eric

Thanks!

TjL

>
> On 9/18/07, TjL <luomat at gmail.com> wrote:
> >
> > I deleted them both and then added
> >
> > ~/.ssh/id_dsa
> > ~/.ssh/id_rsa
> > ~/.ssh/identity
> >
> > it did NOT prompt me for my password or anything else.
> >
> > I went to the Security Options and turned on confirmation so that I
> > could see if it was even being asked (it was).
> >
> > Here's the result of my attempts to 'ssh -vvv' to my FreeBSD machine
> > from my OS X machine:
> >
> > (Apologies if this is information overkill, I didn't want to edit it
> > and cut out something that was meaningful to you, because very little
> > of it means anything to me)
> >
> > OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
> > debug1: Reading configuration data /etc/ssh_config
> > debug1: Connecting to compaq [192.168.1.200] port 32873.
> > debug1: Connection established.
> > debug1: identity file /Users/luomat/.ssh/identity type 1
> > debug1: identity file /Users/luomat/.ssh/id_rsa type 1
> > debug1: identity file /Users/luomat/.ssh/id_dsa type 2
> > debug1: Remote protocol version 2.0, remote software version
> > OpenSSH_3.8.1p1 FreeBSD-20040419
> > debug1: match: OpenSSH_3.8.1p1 FreeBSD-20040419 pat OpenSSH_3.*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_4.5
> > debug1: An invalid name was supplied
> > Configuration file does not specify default realm
> >
> > debug1: An invalid name was supplied
> > Configuration file does not specify default realm
> >
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug1: checking without port identifier
> > debug1: Host 'compaq' is known and matches the DSA host key.
> > debug1: Found key in /Users/luomat/.ssh/known_hosts:63
> > debug1: found matching key w/out port
> > debug1: ssh_dss_verify: signature correct
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug1: Authentications that can continue: publickey,keyboard-
> > interactive
> > debug1: Next authentication method: publickey
> > debug1: Offering public key: /Users/luomat/.ssh/identity
> > debug1: Authentications that can continue: publickey,keyboard-
> > interactive
> > debug1: Offering public key: /Users/luomat/.ssh/id_rsa
> > debug1: Authentications that can continue: publickey,keyboard-
> > interactive
> > debug1: Offering public key: /Users/luomat/.ssh/id_dsa
> > debug1: Server accepts key: pkalg ssh-dss blen 433
> > debug1: PEM_read_PrivateKey failed
> > debug1: read PEM private key done: type <unknown>
> > Enter passphrase for key '/Users/luomat/.ssh/id_dsa':
> >
> >
> >
> > HOWEVER (and I hadn't noticed this before) if I ssh to my website
> > (Linux/Debian, in case it matters) it WORKS:
> >
> >
> > OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
> > debug1: Reading configuration data /etc/ssh_config
> > debug1: Connecting to tntluoma.com [66.33.222.245] port 22.
> > debug1: Connection established.
> > debug1: identity file /Users/luomat/.ssh/identity type 1
> > debug1: identity file /Users/luomat/.ssh/id_rsa type 1
> > debug1: identity file /Users/luomat/.ssh/id_dsa type 2
> > debug1: Remote protocol version 2.0, remote software version
> > OpenSSH_3.8.1p1 Debian-8.sarge.6
> > debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.6 pat OpenSSH_3.*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_4.5
> > debug1: Miscellaneous failure
> > No credentials cache found
> >
> > debug1: Miscellaneous failure
> > No credentials cache found
> >
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug1: Host 'tntluoma.com' is known and matches the RSA host key.
> > debug1: Found key in /Users/luomat/.ssh/known_hosts:84
> > debug1: ssh_rsa_verify: signature correct
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug1: Authentications that can continue:
> > publickey,password,keyboard-interactive
> > debug1: Next authentication method: publickey
> > debug1: Offering public key: /Users/luomat/.ssh/identity
> > debug1: Server accepts key: pkalg ssh-rsa blen 149
> > debug1: Authentication succeeded (publickey).
> > debug1: channel 0: new [client-session]
> > debug1: Entering interactive session.
> >
> >
> > Does that shed any light?
> >
> > TjL
> >
> >
> >
> > On Sep 17, 2007, at 7:50 PM, Eric Warnke wrote:
> >
> > > Hmmm.... interesting.
> > >
> > > I would start by deleting the Keychain entries for SSHKeychain and try
> > > re-adding all of your keys.  This will re-prompt you for your
> > > password, but should clear any issues with your stored password.  If
> > > that doesn't work, let us know and I'llsee what else might have caused
> > > the problem.
> > >
> > > Cheers,
> > > Eric
> > >
> > > On 9/17/07, TjL <luomat at gmail.com> wrote:
> > >>
> > >> I checked the bug tracker and didn't get even 1 match, so I hope I'm
> > >> asking in the right place.
> > >>
> > >> I'm running 0.8.2 on a MacBook running 10.4.10 w/ all updates.
> > >>
> > >> SSHKeychain runs on login.  However, recently it has started working
> > >> only sporadically after a long period of flawless work.
> > >>
> > >> By "sporadically working" I mean that when I ssh (via Terminal) I get
> > >> asked for my pass phrase sometimes, but not always.  Previously it
> > >> always worked w/o any intervention on my behalf.
> > >>
> > >> I tried to manually load all keys and SSHKeychain tells me
> > >>
> > >>         Add all keys to agent
> > >>
> > >>         Failed to add all keys to the agent
> > >>
> > >> but no error code or anything else to go on.
> > >>
> > >>
> > >> Keys are defined as ~/.ssh/identity and ~/.ssh/id_dsa
> > >>
> > >> I have the default security settings on.
> > >>
> > >> SSHKeychain is set to manage global environmental variables.
> > >>
> > >> I have run Keychain First Aid.
> > >>
> > >> Any help would be appreciated.
> > >>
> > >> Thanks!
> > >>
> > >> TjL
> > _______________________________________________
> > developers mailing list
> > developers at sshkeychain.org
> > http://www.sshkeychain.org/cgi-bin/mailman/listinfo/developers
> >
> _______________________________________________
> developers mailing list
> developers at sshkeychain.org
> http://www.sshkeychain.org/cgi-bin/mailman/listinfo/developers
>

More information about the developers mailing list