Launchpad itself

Unable to use ecdsa SSH key with bazaar.launchpad.net

Bug #1802642 reported by James McCoy
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Colin Watson

Bug Description

I generated an ecdsa ssh key to use with Launchpad since ed25519 keys aren't yet working.

$ ssh-keygen -l
Enter file in which the key is (/home/jamessan/.ssh/id_rsa): /home/jamessan/.ssh/lp+id_ecdsa.pub
521 SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc jamessan@odin (ECDSA)

I can successfully use this to access git.launchpad.net:

$ ssh -v -i ~/.ssh/lp+id_ecdsa git.launchpad.net
OpenSSH_7.9p1 Debian-1, OpenSSL 1.1.1 11 Sep 2018
...
debug1: Connecting to git.launchpad.net [162.213.33.96] port 22.
debug1: Connection established.
...
debug1: Server host key: ssh-rsa SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo
debug1: Host 'git.launchpad.net' is known and matches the RSA host key.
...
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jamessan/.ssh/lp+id_ecdsa ECDSA SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc explicit agent
debug1: Server accepts key: /home/jamessan/.ssh/lp+id_ecdsa ECDSA SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc explicit agent
debug1: Authentication succeeded (publickey).
Authenticated to git.launchpad.net ([162.213.33.95]:22).

However, I can't use the same key to access bazaar.launchpad.net:

$ ssh -v -i ~/.ssh/lp+id_ecdsa bazaar.launchpad.net
OpenSSH_7.9p1 Debian-1, OpenSSL 1.1.1 11 Sep 2018
...
debug1: Connecting to bazaar.launchpad.net [91.189.95.84] port 22.
debug1: Connection established.
...
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:dS2DmMhdbMsWaFP4HOF7A/ut73ozMR/gDL2Xxs01/7A
debug1: Host 'bazaar.launchpad.net' is known and matches the RSA host key.
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jamessan/.ssh/lp+id_ecdsa ECDSA SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc explicit agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: /home/jamessan/.ssh/lp+id_ecdsa ECDSA SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
<email address hidden>: Permission denied (publickey).

Tags: lp-code
Revision history for this message
Colin Watson (cjwatson) wrote :

Ah, my fault - I apparently forgot to deploy the relevant code upgrade to bazaar.launchpad.net when I deployed it everywhere else a few months ago. I've filed a ticket with our sysadmins to do this. Thanks for the heads-up.

Changed in launchpad:
assignee: nobody → Colin Watson (cjwatson)
importance: Undecided → High
status: New → Fix Committed
Revision history for this message
Colin Watson (cjwatson) wrote :

This works now.

Changed in launchpad:
status: Fix Committed → Fix Released
tags: added: lp-code
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.