Trying to SSH into server and getting key_load_public: No such file or directory error

debug1: key_load_public: No such file or directory

The line above is not error, but just simple debug log saying that ssh client is not able to find separate public key (named ~/.ssh/id_rsa.pub). This file is not needed to connect to the remote server, but it can be useful.

The actual error

ssh_exchange_identification: read: Connection reset by peer

points to error in server configuration. The server is running, but fails to accept the SSH connection. Check the server log for more information. Similar problems


Problem: bastion host IP mismatch on ~/.ssh/known_hosts

I had the known_hosts file old as the IP address of the bastion changed... 

$ ssh 10.82.49.24
ssh_exchange_identification: Connection closed by remote host

Did not give me any information. Looking at the verbose output leads to the same thing:

$ ssh -v 10.82.49.24
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/mdesales/.ssh/config
debug1: /Users/mdesales/.ssh/config line 1: Applying options for 10.82.*.*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Executing proxy command: exec ssh -q -W 10.82.49.24:22 [email protected] -i ~/.ssh/xxxconfig-xxxx.pem
debug1: key_load_public: No such file or directory
debug1: identity file ~/.ssh/xxxconfig-xxxx.pem
debug1: key_load_public: No such file or directory
debug1: identity file ~/.ssh/xxxconfig-xxxx.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: permanently_drop_suid: 1647059022
ssh_exchange_identification: Connection closed by remote host

At this point, since it is a proxy to another host through the bastion, I could see the bastion being a problem:

$ ssh [email protected] -i ~/.ssh/xxxconfig-xxxx.pem
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:Z8X1UlIgQ94BKJ7NA/oQi7v0NL4IlFeO7Ou4j76Zphk.
Please contact your system administrator.
Add correct host key in /Users/mdesales/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/mdesales/.ssh/known_hosts:238
ECDSA host key for [email protected] has changed and you have requested strict checking.
Host key verification failed.

Solution

Removing the entry on line 238 solved the problem... I could ssh to the bastion and I could ssh to the hosts.

$ vim /Users/mdesales/.ssh/known_hosts

$ ssh [email protected] -i ~/.ssh/xxxconfig-xxxx.pem
The authenticity of host '[email protected] (34.x.x.y)' can't be established.
ECDSA key fingerprint is SHA256:Z8X1UlIgQ94BKJ7NA/oQi7v0NL4IlFeO7Ou4j76Zphk.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[email protected] -i ~/.ssh/xxxconfig-xxxx.pem,34.213.y.x' (ECDSA) to the list of known hosts.
********************************************************************************
This is a private computer system containing information that is proprietary
and confidential to the owner of the system.  Only individuals or entities
authorized by the owner of the system are allowed to access or use the system.
Any unauthorized access or use of the system or information is strictly
prohibited.

All violators will be prosecuted to the fullest extent permitted by law.
********************************************************************************
Last login: Wed Aug  2 20:35:55 2017 from 10.81.31.115
[ec2-user@ip-10-82-50-142 ~]$

There was the same problem. Decided her like that:

chmod 0600 /home/<user>/.ssh/*

Tags:

Ssh

Recent Posts