[Pkg-ganeti-devel] Bug#853129: ganeti: Ganeti depends on SSH-DSS public keys to work

Georg Faerber georg at riseup.net
Mon Jan 30 11:53:30 UTC 2017 

On 17-01-30 12:27:06, Apollon Oikonomopoulos wrote:
> On 11:09 Mon 30 Jan     , Georg Faerber wrote:
> > You mean the error messages of ganeti if running on stretch with
> > unmodified sshd config?
> 
> Precisely :)

- gnt-cluster init and gnt-node add don't throw any errors.
- gnt-cluster verify gives:
  [...]
  Mon Jan 30 11:48:00 2017   - ERROR: node test2: Could not verify the SSH setup of this node.
  Mon Jan 30 11:48:00 2017   - ERROR: node test2: Node did not return file checksum data
  Mon Jan 30 11:48:00 2017   - ERROR: node test1: Node did not return file checksum data
  [...]

- Using the generated ssh key directly, doing ssh from one node to the
  other, gives:

  # ssh -v -i id_dsa.pub root at test1
  OpenSSH_7.4p1 Debian-5, OpenSSL 1.0.2j  26 Sep 2016
  debug1: Connecting to test1 [10.10.40.24] port 22.
  debug1: Connection established.
  debug1: permanently_set_uid: 0/0
  debug1: identity file id_dsa.pub type 2
  debug1: key_load_public: No such file or directory
  debug1: identity file id_dsa.pub-cert type -1
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-5
  debug1: Remote protocol version 2.0, remote software version
  OpenSSH_7.4p1 Debian-5
  debug1: match: OpenSSH_7.4p1 Debian-5 pat OpenSSH* compat 0x04000000
  debug1: Authenticating to test1:22 as 'root'
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: algorithm: curve25519-sha256
  debug1: kex: host key algorithm: ecdsa-sha2-nistp256
  debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
  <implicit> compression: none
  debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
  <implicit> compression: none
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  debug1: Server host key: ecdsa-sha2-nistp256
  SHA256:fskcl0/B5VVPSQgHVQhav8lFnjS9wqOUJTpukgwSzvw
  debug1: Host 'test1' is known and matches the ECDSA host key.
  debug1: Found key in /root/.ssh/known_hosts:2
  debug1: rekey after 134217728 blocks
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug1: SSH2_MSG_NEWKEYS received
  debug1: rekey after 134217728 blocks
-> debug1: Skipping ssh-dss key id_dsa.pub - not in PubkeyAcceptedKeyTypes
  debug1: SSH2_MSG_EXT_INFO received
  debug1: kex_input_ext_info:
  server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug1: Authentications that can continue: publickey,password
  debug1: Next authentication method: publickey
  debug1: Next authentication method: password

Apollon, if you need anything else, please speak out!
The setup is still in place, I'm able to do more tests or check an
updated packaged, etc.

Cheers,
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ganeti-devel/attachments/20170130/3b64af35/attachment.sig>

More information about the Pkg-ganeti-devel mailing list