Cannot log in as vsedach at common-lisp.net after added SSH key to Gitlab

Erik Huelsmann ehuels at gmail.com
Sat Jul 15 14:19:25 UTC 2017


Hi Vladimir,

Sorry for the long response time.

The problem was that the .ssh directory as well as the authorized_keys (and
authorized_keys2) file were group and world readable. OpenSSH will deny
entry when they are.

I've fixed that and installed the t43 RSA key in your authorized_keys file
as per your request (and deleted the authorized_keys2 file).


Hope it works now!


Regards,


Erik.



On Mon, Jul 3, 2017 at 8:34 PM, Vladimir Sedach <vsedach at gmail.com> wrote:

> Hi,
>
> I still cannot connect - thanks for the heads up on the Debian
> distribution issue. There might be two problems: 1.
> .ssh/authorized_keys2 is still there and still trashed 2. old OpenSSH
> version that does not support ED25519 keys.
>
> I think the problem was caused because I had ControlMaster on in the SSH
> config on the machine I was using - I trashed the authorized_keys2 file
> when trying to add the new SSH key (there was probably a newline missing
> at the end) and I did not notice until the ControlMaster connection
> expired.
>
> If you remove vsedach/.ssh/authorized_keys2 and put my new RSA key
> (attached) in .ssh/authorized_keys I should be able to get back in.
>
> Thank you!
>
>
>
>
> Mark Evenson <evenson at panix.com> writes:
>
> > On 7/1/17 23:12, Vladimir Sedach wrote:
> >> ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDc+4x1XblOzyfHAzOCbM00FB/VglYg0PvOSL8FuQKQ/
> vas at t43.lan
> >
> > Added the key to
> > <file://comon-lisp.net/home/vsedach/.ssh/authorized_keys>, and hopefully
> > didn't munge the permissions too badly.
> >
> > Let us know if you need more help re-establishing control.
> >
> > In general, I find our SSH situation a bit wonky, presumably as we are
> > still running an older Debian distribution that doesn't have all the
> > latest SSH conventions well established.  Erik has been working on
> > moving us over to the latest Debian ("Stretch") which I would argue
> > would be the sane point to try to figure out why sshd on that host
> > behaves the way it does.
>
>


-- 
Bye,

Erik.

http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/clo-devel/attachments/20170715/47f2e629/attachment.html>


More information about the clo-devel mailing list