PEM_read_PrivateKey failed - SSH

This is a discussion on PEM_read_PrivateKey failed - SSH ; I have two linux boxes with passwordless SSH key setup. It worked for me for some time but suddenly I've started getting "PEM_read_PrivateKey failed" message: 18223: debug1: try privkey: /root/.ssh/identity 18223: debug1: PEM_read_PrivateKey failed I've copied /root/.ssh/identity to anothe box ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: PEM_read_PrivateKey failed

  1. PEM_read_PrivateKey failed

    I have two linux boxes with passwordless SSH key setup. It worked for
    me for some time but suddenly I've started getting "PEM_read_PrivateKey
    failed" message:
    18223: debug1: try privkey: /root/.ssh/identity
    18223: debug1: PEM_read_PrivateKey failed

    I've copied /root/.ssh/identity to anothe box and passwordless ssh
    worked flawlessly. I've also regenerated passwordless keys on my
    original box but it did not help. So I'm quite sure that the problem is
    not releated to the key itself.

    What other reasons can lead to failure in reading private key?

    Below is the full session log:

    [Mon Mar 27 23:11:41] root@iceweasel:~ # ssh -v r...@149.131.196.116
    OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
    18223: debug1: Reading configuration data /etc/ssh/ssh_config
    18223: debug1: Applying options for *
    18223: debug1: Rhosts Authentication disabled, originating port will
    not be trusted.
    18223: debug1: ssh_connect: needpriv 0
    18223: debug1: Connecting to 149.131.196.116 [149.131.196.116] port 22.
    18223: debug1: Connection established.
    18223: debug1: identity file /root/.ssh/identity type -1
    18223: debug1: identity file /root/.ssh/id_rsa type 1
    18223: debug1: identity file /root/.ssh/id_dsa type -1
    18223: debug1: Remote protocol version 1.99, remote software version
    OpenSSH_3.4p1
    18223: debug1: match: OpenSSH_3.4p1 pat OpenSSH*
    18223: Enabling compatibility mode for protocol 2.0
    18223: debug1: Local version string SSH-2.0-OpenSSH_3.4p1
    18223: debug1: SSH2_MSG_KEXINIT sent
    18223: debug1: SSH2_MSG_KEXINIT received
    18223: debug1: kex: server->client aes128-cbc hmac-md5 none
    18223: debug1: kex: client->server aes128-cbc hmac-md5 none
    18223: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    18223: debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    18223: debug1: dh_gen_key: priv key bits set: 129/256
    18223: debug1: bits set: 1599/3191
    18223: debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    18223: debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    18223: debug1: Host '149.131.196.116' is known and matches the RSA host
    key.
    18223: debug1: Found key in /root/.ssh/known_hosts:1
    18223: debug1: bits set: 1579/3191
    18223: debug1: ssh_rsa_verify: signature correct
    18223: debug1: kex_derive_keys
    18223: debug1: newkeys: mode 1
    18223: debug1: SSH2_MSG_NEWKEYS sent
    18223: debug1: waiting for SSH2_MSG_NEWKEYS
    18223: debug1: newkeys: mode 0
    18223: debug1: SSH2_MSG_NEWKEYS received
    18223: debug1: done: ssh_kex2.
    18223: debug1: send SSH2_MSG_SERVICE_REQUEST
    18223: debug1: service_accept: ssh-userauth
    18223: debug1: got SSH2_MSG_SERVICE_ACCEPT
    18223: debug1: authentications that can continue: publickey,password
    18223: debug1: next auth method to try is publickey
    18223: debug1: try privkey: /root/.ssh/identity
    18223: debug1: PEM_read_PrivateKey failed
    18223: debug1: read PEM private key done: type
    Enter passphrase for key '/root/.ssh/identity':

    Thank you,

    Vitali


  2. Re: PEM_read_PrivateKey failed

    Vit wrote:

    >
    > What other reasons can lead to failure in reading private key?


    File permissions?

  3. Re: PEM_read_PrivateKey failed

    If it's file permissions you get an explicit error message that
    permissions are too open:

    Sun Apr 02 14:01:28] root@catc0:~/.ssh # ls -lrt identity; ssh
    9.148.41.60
    -rw-rw-rw- 1 root root 887 Apr 1 21:37 identity
    12610: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    12610: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
    12610: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
    12610: Permissions 0666 for '/root/.ssh/identity' are too open.
    12610: It is recommended that your private key files are NOT accessible
    by others.
    12610: This private key will be ignored.
    12610: bad permissions: ignore key: /root/.ssh/identity
    Enter passphrase for key '/root/.ssh/identity':

    In my case it's something more tricky. And I cannot figure out what it
    is.


  4. Re: PEM_read_PrivateKey failed


    > debug1: try pubkey: //.ssh/id_dsa
    > debug1: input_userauth_pk_ok: pkalg ssh-dss blen 433 lastkey 20035b38 hint 2
    > debug1: PEM_read_PrivateKey failed
    > debug1: read PEM private key done: type
    > Enter passphrase for key '//.ssh/id_dsa':


    This is not an error. OpenSSH first tries to read the private key with a
    no encryption. That fails, so it prompts for a passphrase.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread