On 11.05.2015 11:41 PM, Real, Elizabeth (392K) wrote:
Permissions seem ok: -rw-r-----. 1 root ssh_keys 227 Aug 21 2014 ssh_host_ecdsa_key -rw-r--r--. 1 root root 162 Aug 21 2014 ssh_host_ecdsa_key.pub -rw-r-----. 1 root ssh_keys 1.7K Aug 21 2014 ssh_host_rsa_key -rw-r--r--. 1 root root 382 Aug 21 2014 ssh_host_rsa_key.pub
Also looked like that on my RH 7 machine. It's weird that the private keys have group-readable permissions, especially given that the sshd_config man page states "Note that sshd(8) will refuse to use a file if it is group/world-accessible."
It doesn't seem like sshd cares too much, though. It still loads up the private key and seems to ignore the "faulty" permissions. I assume the daemon has been patched by Red Hat to support this.
THE RSA key error came up again: debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
I think we are all misinterpreting the error. Naturally, /etc/ssh/ssh_host_rsa_key is NOT a public key, but a private key, so the error message is accurate.
It loaded up the private key correctly:
debug1: private host key: #0 type 1 RSA
FWIW, the same error message(s) show up on Ubuntu machines, so I guess that's not the problem.
What is currently still missing (or have I just overlooked it?) is the sshd output for a connection attempt via X2Go Client.
Can you please provide that?
Mihai