[Pkg-ganeti-devel] Bug#853129: ganeti: Ganeti depends on SSH-DSS public keys to work
Georg Faerber
georg at riseup.net
Mon Jan 30 11:53:30 UTC 2017
On 17-01-30 12:27:06, Apollon Oikonomopoulos wrote:
> On 11:09 Mon 30 Jan , Georg Faerber wrote:
> > You mean the error messages of ganeti if running on stretch with
> > unmodified sshd config?
>
> Precisely :)
- gnt-cluster init and gnt-node add don't throw any errors.
- gnt-cluster verify gives:
[...]
Mon Jan 30 11:48:00 2017 - ERROR: node test2: Could not verify the SSH setup of this node.
Mon Jan 30 11:48:00 2017 - ERROR: node test2: Node did not return file checksum data
Mon Jan 30 11:48:00 2017 - ERROR: node test1: Node did not return file checksum data
[...]
- Using the generated ssh key directly, doing ssh from one node to the
other, gives:
# ssh -v -i id_dsa.pub root at test1
OpenSSH_7.4p1 Debian-5, OpenSSL 1.0.2j 26 Sep 2016
debug1: Connecting to test1 [10.10.40.24] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file id_dsa.pub type 2
debug1: key_load_public: No such file or directory
debug1: identity file id_dsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-5
debug1: Remote protocol version 2.0, remote software version
OpenSSH_7.4p1 Debian-5
debug1: match: OpenSSH_7.4p1 Debian-5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to test1:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:fskcl0/B5VVPSQgHVQhav8lFnjS9wqOUJTpukgwSzvw
debug1: Host 'test1' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
-> debug1: Skipping ssh-dss key id_dsa.pub - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Next authentication method: password
Apollon, if you need anything else, please speak out!
The setup is still in place, I'm able to do more tests or check an
updated packaged, etc.
Cheers,
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ganeti-devel/attachments/20170130/3b64af35/attachment.sig>
More information about the Pkg-ganeti-devel
mailing list