#2772: Can't login to download.osgeo.org
---------------------------+-----------------------
Reporter: kbevers | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Unplanned
Component: Systems Admin | Keywords:
---------------------------+-----------------------
I seem to have lost scp/ssh access to download.osgeo.org. It last worked
for me in March but now suddenly I am given a
{{{
kbevers@download.osgeo.org: Permission denied (publickey)
}}}
error.
My public key is
{{{
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC6huCQZud1biYqfsK8YreRjU8dOj5sKCJnmtTdw2O41ghHKwWo7OP5HbQ3lsXqlwVdR9jStOfx9wcWsAv6su64NXA1oJ8JYAn7TOtDx62XTXbMHrDrK3t/VFR4WL/sK9RvE9QSKxF3xRPj8tTYN+zfP0LKc5Gr8biWsngDxdVsLjm2TRqutLZGctgowGmNbFUENIeyTCgaZIjyjSCeP0UInaQD6yVmctiVWyiII/L5KDRzeZUA0p4dwoRJkpetN5RkeE8EdoGApk/jDKrMDlhyzZTkF9M8NVhXWDJiS+J8Vw/VmwXidIBLEkQuX9kg1mG0OJZgSCKJxVZJIgOwdxVr
kevers@falcon.local
}}}
and my ssh config file is set up like this:
{{{
Host *.github.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_github
Host download.osgeo.org
HostName download.osgeo.org
User kbevers
IdentityFile ~/.ssh/id_rsa
}}}
I get the following debug output from scp:
{{{
$ scp -v proj-9.0.1RC1.* kbevers@download.osgeo.org:/osgeo/download/proj
Executing: program /usr/bin/ssh host download.osgeo.org, user kbevers,
command scp -v -d -t /osgeo/download/proj
OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /Users/kevers/.ssh/config
debug1: /Users/kevers/.ssh/config line 6: Applying options for
download.osgeo.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/*
matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to download.osgeo.org port 22.
debug1: Connection established.
debug1: identity file /Users/kevers/.ssh/id_rsa type 0
debug1: identity file /Users/kevers/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1
Debian-10+deb10u2
debug1: compat_banner: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH*
compat 0x04000000
debug1: Authenticating to download.osgeo.org:22 as 'kbevers'
debug1: load_hostkeys: fopen /Users/kevers/.ssh/known_hosts2: No such file
or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or
directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519
SHA256:yGV1O4bToglGuipRw0YLsOmFgzG5wz3t6BcP1KsEp4g
debug1: load_hostkeys: fopen /Users/kevers/.ssh/known_hosts2: No such file
or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or
directory
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:yGV1O4bToglGuipRw0YLsOmFgzG5wz3t6BcP1KsEp4g.
Please contact your system administrator.
Add correct host key in /Users/kevers/.ssh/known_hosts to get rid of this
message.
Offending ED25519 key in /Users/kevers/.ssh/known_hosts:12
Host key for download.osgeo.org has changed and you have requested strict
checking.
Host key verification failed.
lost connection
}}}
I have tried removing the download.osgeo.org entry in the known_hosts but
without any luck. It seems to want to use a ED25519 key instead of the RSA
key that I normally use. Has some settings changed on the server that I am
unaware of?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2772>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.