Apache OpenOffice (AOO) Bugzilla – Issue 12644
Change ssh2 key
Last modified: 2012-01-29 22:12:59 UTC
Is it possible to change the ssh2 key that we initially submitted with another one?
Yes we can replace it. What was the problem with the original key?
We have had a security breech. We would like to replace the current key to fix this.
Kenneth, We have had a security breech. We would like to replace the current key to fix this.
louis is more likely to deal with this in a timely fashion. apologies for the delay
thanks, martijn, but simon and support needs to handle this. Simon, just attach the new key and reassign to support. -louis
Created attachment 5589 [details] new ssh2 public key
Reassigned to support@openoffice.org with new key attached.
Opened internal issue to get key on system. timeframe: will update by 04/14/03.
Simon, we need the key attachment as a 1-line with no line-break key instead of the public key footer. Could you please reattach your key? fyi- you'll notice the actual key won't have "---BEGIN---" or the subject. It should start "ssh-dss" and will end with something similar to == simon@
Kenneth, I don't understand what you are asking for. ssh-keygen created the id_dsa.pub file, that contains the key, that I placed in a zip file for you to use. This is exactly the same way that I created the last key and sent to OpenOffice. Why is there a difference this time? Please advise.
there's a small difference, but nothing wrong with the key itself, just the way the data is exported (and then presented to us as text). what program did you use to generate your keypair? If you let me know what you used I can look up how to export the data in the format we need.
Like I stated in my previous message I used the ssh-keygen program to generate the key. The public and private keys are placed in the .ssh2 folder in the home directory, and that is what I sent you.
ssh-keygen -i -f oookeys/id_dsa_2048_c.pub > id_dsa_2048_c.pub did the trick. please test your tunneling access and verify you can connect.
Kenneth, Tried to login to tunnel today but password not accepted. Here is the session: $ ssh2 -x -L 2401:localhost:2401 tunnel@openoffice.org Host key not found from database. Key fingerprint: xoziv-tovup-kovib-lucud-fubub-mudyl-rucid-docir-rapad-celed-fexux You can get a public key's fingerprint by running % ssh-keygen -F publickey.pub on the keyfile. Are you sure you want to continue connecting (yes/no)? yes Host key saved to /boot/home/.ssh2/hostkeys/key_22_openoffice.org.pub host key for openoffice.org, accepted by simon Wed Apr 23 2003 13:45:42 -0300 tunnel's password: tunnel's password: tunnel's password: warning: Authentication failed. Disconnected; no more authentication methods available (No further authentication methods available.). $
Simon, Could you please re-run the tunnel command and paste the output in the issue again. I'd like to have a more recent copy of an attempt. After posting this, do not assign this issue to any individual, reassign it to the appropriate issue alias so that it won't get lost in any individual queue. Thanks
simon - also add the -vvv (a lot of verbosity) in the command, for additional output
Here is the output from another attempt: Note, I hit Ctrl-C at the end after attempting to login twice. ------------ $ ssh2 -vvv -x -L 2401:localhost:2401 tunnel@openoffice.org debug: Connecting to openoffice.org, port 22... (SOCKS not used) debug: Ssh2/ssh2.c:2311/main: Entering event loop. debug: BeOSfdStream/sshbeosfdstream.c:221/beos_write_fd_func: Write thread for filedescriptor 1 started. thread=930 debug: BeOSfdStream/sshbeosfdstream.c:183/beos_read_fd_func: Read thread for filedescriptor 0 started. thread=929 debug: Ssh2Client/sshclient.c:1421/ssh_client_wrap: Creating transport protocol. debug: SshAuthMethodClient/sshauthmethodc.c:85/ ssh_client_authentication_initialize: Added "publickey" to usable methods. debug: SshAuthMethodClient/sshauthmethodc.c:85/ ssh_client_authentication_initialize: Added "keyboard-interactive" to usable methods. debug: SshAuthMethodClient/sshauthmethodc.c:85/ ssh_client_authentication_initialize: Added "password" to usable methods. debug: Ssh2Client/sshclient.c:1462/ssh_client_wrap: Creating userauth protocol. debug: client supports 3 auth methods: 'publickey,keyboard- interactive,password' debug: Ssh2Common/sshcommon.c:530/ssh_common_wrap: local ip = 129.173.67.61, local port = 49165 debug: Ssh2Common/sshcommon.c:532/ssh_common_wrap: remote ip = 64.125.133.202, remote port = 22 debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping... debug: SshReadLine/sshreadline.c:2420/ssh_readline_eloop_initialize: Initializing ReadLine... debug: Remote version: SSH-1.99-OpenSSH_3.4p1 debug: OpenSSH: Major: 3 Minor: 4 Revision: 0 debug: Ssh2Transport/trcommon.c:1518/ssh_tr_input_version: All versions of OpenSSH handle kex guesses incorrectly. debug: Ssh2Transport/trcommon.c:1901/ssh_tr_negotiate: lang s to c: `', lang c to s: `' debug: Ssh2Transport/trcommon.c:1967/ssh_tr_negotiate: c_to_s: cipher aes128- cbc, mac hmac-sha1, compression none debug: Ssh2Transport/trcommon.c:1970/ssh_tr_negotiate: s_to_c: cipher aes128- cbc, mac hmac-sha1, compression none debug: Remote host key found from database. debug: Ssh2Common/sshcommon.c:331/ssh_common_special: Received SSH_CROSS_STARTUP packet from connection protocol. debug: Ssh2Common/sshcommon.c:381/ssh_common_special: Received SSH_CROSS_ALGORITHMS packet from connection protocol. debug: server offers auth methods 'publickey,password'. debug: SshConfig/sshconfig.c:2704/ssh2_parse_config_ext: Unable to open /boot/ home/.ssh2/identification debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 'publickey' disabled. debug: server offers auth methods 'publickey,password'. debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting password query... tunnel's password: debug: server offers auth methods 'publickey,password'. debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting password query... tunnel's password: debug: server offers auth methods 'publickey,password'. debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting password query... tunnel's password: Received signal 2. (no core) Received signal 2. (no core) Received signal 2. (no core) Received signal 6. (no core) Received signal 6. (no core) Received signal 6. (no core) Kill Thread
simon: 1) are you sure you're using the right pw? 2) does the user account you're using have the correct permissions to use the key? debug: SshConfig/sshconfig.c:2704/ssh2_parse_config_ext: Unable to open /boot/home/.ssh2/identification debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 'publickey' disabled.
> 1) are you sure you're using the right pw? Yes. It's the same one that was used to create the key... >debug: SshConfig/sshconfig.c:2704/ssh2_parse_config_ext: Unable to >open /boot/home/.ssh2/identification ... but I don't have this 'identification' file, if it is supposed to exist. >2) does the user account you're using have the correct permissions to >use the key? >debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method >'publickey' disabled. There are no other accounts other than the one I have, and the files and directory are set as my account as the owner with full permission.
Simon: can you try the "-i keyname" option as well? when using the -i option you'll have to use the full path to your key
I added the -i option and it seems to fail to read the file... ---------------------------------------------- $ ssh2 -vvv -x -i /boot/home/.ssh2/id_dsa_2048_c.pub -L 2401:localhost:2401 tunnel@openoffice.org debug: Connecting to openoffice.org, port 22... (SOCKS not used) debug: Ssh2/ssh2.c:2311/main: Entering event loop. debug: BeOSfdStream/sshbeosfdstream.c:221/beos_write_fd_func: Write thread for filedescriptor 1 started. thread=34172 debug: Ssh2Client/sshclient.c:1421/ssh_client_wrap: Creating transport protocol. debug: BeOSfdStream/sshbeosfdstream.c:183/beos_read_fd_func: Read thread for filedescriptor 0 started. thread=34171 debug: SshAuthMethodClient/sshauthmethodc.c:85/ ssh_client_authentication_initialize: Added "publickey" to usable methods. debug: SshAuthMethodClient/sshauthmethodc.c:85/ ssh_client_authentication_initialize: Added "keyboard-interactive" to usable methods. debug: SshAuthMethodClient/sshauthmethodc.c:85/ ssh_client_authentication_initialize: Added "password" to usable methods. debug: Ssh2Client/sshclient.c:1462/ssh_client_wrap: Creating userauth protocol. debug: client supports 3 auth methods: 'publickey,keyboard- interactive,password' debug: Ssh2Common/sshcommon.c:530/ssh_common_wrap: local ip = 129.173.67.61, local port = 50646 debug: Ssh2Common/sshcommon.c:532/ssh_common_wrap: remote ip = 64.125.133.202, remote port = 22 debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping... debug: SshReadLine/sshreadline.c:2420/ssh_readline_eloop_initialize: Initializing ReadLine... debug: Remote version: SSH-1.99-OpenSSH_3.4p1 debug: OpenSSH: Major: 3 Minor: 4 Revision: 0 debug: Ssh2Transport/trcommon.c:1518/ssh_tr_input_version: All versions of OpenSSH handle kex guesses incorrectly. debug: Ssh2Transport/trcommon.c:1901/ssh_tr_negotiate: lang s to c: `', lang c to s: `' debug: Ssh2Transport/trcommon.c:1967/ssh_tr_negotiate: c_to_s: cipher aes128- cbc, mac hmac-sha1, compression none debug: Ssh2Transport/trcommon.c:1970/ssh_tr_negotiate: s_to_c: cipher aes128- cbc, mac hmac-sha1, compression none debug: Remote host key found from database. debug: Ssh2Common/sshcommon.c:331/ssh_common_special: Received SSH_CROSS_STARTUP packet from connection protocol. debug: Ssh2Common/sshcommon.c:381/ssh_common_special: Received SSH_CROSS_ALGORITHMS packet from connection protocol. debug: server offers auth methods 'publickey,password'. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 4: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 5: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 6: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 7: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 8: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 9: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 10: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 11: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 12: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 13: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 14: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 15: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 16: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 17: parsing line failed. warning: /boot/home/.ssh2/id_dsa_2048_c.pub: 18: parsing line failed. debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method 'publickey' disabled. debug: server offers auth methods 'publickey,password'. debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting password query... tunnel's password: debug: server offers auth methods 'publickey,password'. debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting password query... tunnel's password: debug: server offers auth methods 'publickey,password'. debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd: Starting password query... tunnel's password:
Simon, could you please generate a new key by typing: "ssh-keygen -d" and attaching the key to this issue please? Once we get that we'll put it on the server.
I don't have a -d option... here is what I have in BeOS. $ssh-keygen2 --help Usage: ssh-keygen [options] [key1 key2 ...] Where `options' are: -b nnn Specify key strength in bits (e.g. 1024) -t dsa | rsa Choose the key type. -c comment Provide the comment. -e file Edit the comment/passphrase of the key. -p passphrase Provide passphrase. -P Assume empty passphrase. -? -h Print this help text. -q Suppress the progress indicator. -1 Convert a SSH 1.x key. -i file Load and display information on `file'. -D file Derive the public key from the private key 'file'. -B number The number base for displaying key information (default 10). -V Print ssh-keygen version number. -r file Stir data from file to random pool. -F file Dump fingerprint of file.
I took the -d options from the cygwin instructions here- http://www.openoffice.org/docs/ddSSHGuide.html as I thought you were using cygwin to generate your key. Just make a new dsa key per those instructions using the options specific to your OS. Do not add any extra options or extend the key size.
Here is the public key file. It was generated using the -t dsa option as per the Linux instructions, which the BeOS ssh-keygen is a ported from. ---- BEGIN SSH2 PUBLIC KEY ---- Subject: simon Comment: "2048-bit dsa, simon@SGauvin, Thu Jun 05 2003 17:01:31 -0300" AAAAB3NzaC1kc3MAAAEBANfRveaQqYMDcPRSMctUOMsOdSPfdUjym12IRxHdTbfjNAbHQa QJTQnXdqUjxB3iBsR0bPlhWFeKTT2ojP9g64wRL6NJU0xyvSKhxLX/tkE+s0gYehPGjj3n G4etZvUL179d7BaHhbhYuERbOk+qn4uNNqW2Qm3jiqfMBHs0mDdb3BNNo/fBwgKEmNzNQW V//h3fz/M4mzIbgDtJsm5NX1jzaQIESKegRO/d7UFPP9nCsEyz5Ys5DT9Sv1GuNu/SDYqd uH1aWDZzjLmjpBlJHz56uT6WhS+WlZP15M3n021GUUTANrvk2EHPfxKEoltG78LkVSTLVw i3JXmMh7iVIbcAAAAVANMgOxaQwag/Cxl/8FckSmnOxdSlAAABAQCainMW2mRzZSuWO1xY HH8/cWkZ9l1/X16VOZ4p/hbFpLMjFMmpSFXDbG/iv3jG1EnmbriTamhoEYbu1B0lRr+5DC MmnYpI4IsUukNTuu3r58u6HpWht/elgQUDyY+xooEegAgrXJ1QtaAobX5lat5jjQaUB3w3 yTAHF1+xtNNB72zj2/SHVc6+WWzy45L4rQjxeQYESb180BgsNh7arpUu8maAEji3tpWOyL sQtGcvQlCfQIE0HQlzdg95/e+/beGvGTgyXeX1huokw7o9tmitcovWdaRuuW29KmIjtNd5 Kfk5gCRnkJ03P0TqeHrvOFlVP+IYJlmff1bWdHVhszJYAAABAQCPZM9zKoIO6frieXmVMK 7G6sEBXK62rsmEMjyiduPHGIRXws5OI/ZTYdI/RTqxpNiLo8INUzksA03Ww+KNukS/zy+D C/T2T+KVxd6rMmKEDkKbyp+/k1CtOgEtk5MBb+Wb1n06vMVPlhTOlcYB4gqRtcbz4pS0cI duN1z0ELOmVENF0gKtmevXaOxBWqYU2VjVks+jqZ6Lol1OoBEh4DrIghJakh6Y0Tzwn5ti /79hqR0teQ3+m/T3u8Ck7CmJI4QjqYeAwMDEX2P2NECDmHsRgQsxxovCK+O0T1ynZuFCL5 Frf1xayaTmcfDukbT/OEm4QqJSE3Y5O/MR9z3alnyM ---- END SSH2 PUBLIC KEY ----
again, this key is in the improper format, and I cannot accept this for usage. I'd recommend that you convert the pub key to openssh format. (I tried again, as I had back on 4/15 but was not successful). If you cat the key file it'll be one line and usually end w/ simon@machinename. Here's a copy of mine: [kenneth@dhcp117 oookeys]$ cat ~/personal/keys/kenneth-oo.pub ssh-dss AAAAB3NzaC1kc3MAAACBAMGJTWa3yZ1i8pH4emE9MimDSgMIpnP+Wugu/+LNJijPxxbCVS+2dZSaJvulf0ekEZZqr2nFyv+dTqs6pQmaBb2mPhoQQvOdnw/5srJcR0tnplheiKf+MH1jdfCbTfRSQNCuM8kNgLb5vAqDlaFqUuZNk8wBLv8WkI5OmBPv5JdDAAAAFQCIT6e9LBXa66rIZW/Uwsey/QoZbQAAAIAG4eZotYF77Msm/U2LZQdhb3yKLRaTajCZFMMKBnYdIe1ONwkd3PDRIn/5QQjzglaTkxLwQH311Jx+nnOF2vwRMhltbAt+DwcCDShgBSsfF42KAIFLZ9C5I96yTbV0Xmzi4YPsyVWNouYiBEs4iAyOt5udL1CL6p+x7x6ARxKxyAAAAIAvlOXIo7f6kU1naZnaEdoHyyx3lFVkjC1PMCiGkgGANugeszZNug6KTD6Mm9EwlzDX/TWNMW1RB1fzpkdMc5Vt4fGZs7MTJo42DL079YmDU8vipL/HKBMCIoKgks8Gf0iRY23BrGbjj/Tv2ecTpm+HHnEY8gUviHwzrv54V9MQ7A== Kenneth@NEWUSER1 reassigning to Simon, cc'ing Louis. He may be able to provide more guidance.
simon, eliminating the comment might help matters but it is possible that the key was generated using a different version of OpenSSH. Can you enter bash and try the command there? louis
This file was created by the ssh-keygen program that ran in a bash shell on BeOS. All I did was open the file and copy/paste it into this web page as it appeared in the file... perhaps the problem is the ssh-keygen program?
hi it may be, but I have not had issues, but am using mac os x. try this: ssh-keygen -d louis
Louis, I think we're going in circles now. That's what Kenneth asked me to do 7 messages ago... and BeOS does not have a -d option. It used -t dsa, which is the same thing, and what I used that last key I created. Please advise.
hi well, I did get a chuckle out of your last message :) first, please confirm that the -d does not work. It is not stipulated as working on my system anyway but it works all the same. Second, is there any way to simply use a linux box (or some other) to generate the key that you then keep in your .ssh folder? I'll even do it for you. louis ps, please don't reassign to support, but to me.
Louis: fyi- in some cases you can convert the keys for the end users by typing: %ssh-keygen -i -f oookeys/keyname.pub > keyname.pub but for some reason I can't get it to convert correctly in this case. I don't know if it's the bytesize of the key or something else.
Louis, Here is a key that was generated on another machine. Let's see if this works... ssh-dss AAAB3NzaC1kc3MAAACBAMvKx6CeH8KuZht1nm100Eldt+RhnGIPU60BseY2FCf7tM4CRxjByKk/qavFbUa/+GT07DW670jDxbqyQPc8wX/Gi4y+RZnZ7gd2dI1BtSeX533Sm/aFawb88w4URZK13UqC+1p8f3RSW89mTrpSk1YR5f1NmZZ8JgKsxHKDu60/AAAAFQCRy1Zwn5ScbT65Nb9lBb4Z59P9RwAAAIAPsIXIayqRuiFnIP3bKY3BEVgftOOufBKKk2qQjipB63NyFWeZ4lyUscpu9QQTQhg/xuIwa9CAVqM12msXLP6Ar/RY50mTp+NCtWwBGrJk8+sAYX9Xbo3MvRdeeLYkJjOz2yYP4gq+t8UJaD92oS803UFEZrF7bRS+1/duUEUZigAAAIEAxZj6MgGVitOTNwkQSqOQTN/v1dZPpmNGn7XsUI3ppD7BlfRZmOCtj5IfWqQQmSdcdbeEACiKtrp8KXOKvFYsAeYbgg7ekzW9cNbFwnnh2min/bWF/yjSumaDw71z20XdTIvodD3JfxSlwtmS0um0TNRh9ryEmY1rgZ6RuiHSsr0=gauvins@locutus
hi, simon, can you send it as an attachment? sorry louis
Created attachment 8090 [details] Public ssh2 key
Louis, Key is now attached. Simon
hi, thanks reassigning to support. louis
Updated the internal issue with the new key. Action Plan: Assigned the issue to operations and am waiting for their response. Next Update: By end of day Wednesday. Thanks, Kristen
The new key has been put in place. Thanks, Kristen
Simon, Could you verify and mark this issue Closed? Thanks, Kristen
This issue is not resolved. As per your previous suggestion I created new keys using another system (SunOS) and transfered the keys to my BeOS system to use to login. The files, called openoffice and openoffice.pub, have been copied to the /home/ .ssh2 directory. Running ssh2 with the following command line: $ssh2 -x -L 2401:localhost:2401 tunnel@openoffice.org creates a new connection, asks for the password, and fails to let me in by repeatedly asking for the password. At this point I am completely lost...
Simon, Could you purge your .known_hosts file and try again? Requesting information from operations on anything else we can try. Noting that Simon's original key was submitted in issue 11641. Thanks, Kristen
7521 was the OO issue number. 11641 was the CollabNet tracking number.
Simon, If purging your known_hosts file doesn't work, you could also try: ssh -v -i identity_file tunnel@openoffice.org to make sure that the correct public key is getting presented. I'll attach an example. Thanks, Kristen
Created attachment 8324 [details] example
simon, this problem intrigues me. out of curiosity, is your passphrase a real phrase or just one word? I ask b/c sometimes phrases as such are actually *not* accepted; try a simple word or series of characters uninterrupted by spaces. louis
Kristen, I did remove all previous host files before trying to tunnel in on BeOS but this did not work. At this point I am resigned that BeOS will not work with ssh2 and the port we have is not working. To continue I will use OpenSSH on Linux to do our work, and tranfer files to BeOS when we start our port. Curious though, using SunOS I was able to establish a tunnel but never let go of the connection... any ideas? Louise, The passphrase is a single word.
Reasign to Kristen....
reassigning to support louis
The user needs to re-read the Beos documentation for ssh as well as instructions for generating the appropriate keys. End user training is out of the scope of what we're doing, so I'm closing this as wontfix (although the user's key was added long ago).
Closing this.