Unable to use ecdsa SSH key with bazaar.launchpad.net

Bug #1802642 reported by James McCoy on 2018-11-10
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
High
Colin Watson

Bug Description

I generated an ecdsa ssh key to use with Launchpad since ed25519 keys aren't yet working.

$ ssh-keygen -l
Enter file in which the key is (/home/jamessan/.ssh/id_rsa): /home/jamessan/.ssh/lp+id_ecdsa.pub
521 SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc jamessan@odin (ECDSA)

I can successfully use this to access git.launchpad.net:

$ ssh -v -i ~/.ssh/lp+id_ecdsa git.launchpad.net
OpenSSH_7.9p1 Debian-1, OpenSSL 1.1.1 11 Sep 2018
...
debug1: Connecting to git.launchpad.net [162.213.33.96] port 22.
debug1: Connection established.
...
debug1: Server host key: ssh-rsa SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo
debug1: Host 'git.launchpad.net' is known and matches the RSA host key.
...
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jamessan/.ssh/lp+id_ecdsa ECDSA SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc explicit agent
debug1: Server accepts key: /home/jamessan/.ssh/lp+id_ecdsa ECDSA SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc explicit agent
debug1: Authentication succeeded (publickey).
Authenticated to git.launchpad.net ([162.213.33.95]:22).

However, I can't use the same key to access bazaar.launchpad.net:

$ ssh -v -i ~/.ssh/lp+id_ecdsa bazaar.launchpad.net
OpenSSH_7.9p1 Debian-1, OpenSSL 1.1.1 11 Sep 2018
...
debug1: Connecting to bazaar.launchpad.net [91.189.95.84] port 22.
debug1: Connection established.
...
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:dS2DmMhdbMsWaFP4HOF7A/ut73ozMR/gDL2Xxs01/7A
debug1: Host 'bazaar.launchpad.net' is known and matches the RSA host key.
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jamessan/.ssh/lp+id_ecdsa ECDSA SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc explicit agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: /home/jamessan/.ssh/lp+id_ecdsa ECDSA SHA256:sqp9ccc6nBR0BgBJnMcD4iUD+bKKtf6vaakI31md4Gc explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
<email address hidden>: Permission denied (publickey).

Colin Watson (cjwatson) wrote :

Ah, my fault - I apparently forgot to deploy the relevant code upgrade to bazaar.launchpad.net when I deployed it everywhere else a few months ago. I've filed a ticket with our sysadmins to do this. Thanks for the heads-up.

Changed in launchpad:
assignee: nobody → Colin Watson (cjwatson)
importance: Undecided → High
status: New → Fix Committed
Colin Watson (cjwatson) wrote :

This works now.

Changed in launchpad:
status: Fix Committed → Fix Released
tags: added: lp-code
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers