sorry yes, shell command.
the logs say no mutual signature algorithm?
stderr: OpenSSH_9.7p1, OpenSSL 3.3.2 3 Sep 2024\r\n
debug1: Reading configuration data /etc/ssh/ssh_config\r\n
debug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files\r\n
debug1: Connecting to 192.168.0.101 [192.168.0.101] port 22.\r\n
debug1: Connection established.\r\n
debug1: identity file /config/.ssh/id_rsa type 0\r\n
debug1: identity file /config/.ssh/id_rsa-cert type -1\r\n
debug1: Local version string SSH-2.0-OpenSSH_9.7\r\n
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1-hpn14v5 Debian-5+deb8u7.netgear1\r\n
debug1: compat_banner: match: OpenSSH_6.7p1-hpn14v5 Debian-5+deb8u7.netgear1 pat OpenSSH* compat 0x04000000\r\n
debug1: Authenticating to 192.168.0.101:22 as 'hassio'\r\n
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory\r\n
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\r\n
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\r\n
debug1: SSH2_MSG_KEXINIT sent\r\n
debug1: SSH2_MSG_KEXINIT received\r\n
debug1: kex: algorithm: [email protected]\r\n
debug1: kex: host key algorithm: ecdsa-sha2-nistp256\r\n
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none\r\n
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none\r\n
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\n
debug1: SSH2_MSG_KEX_ECDH_REPLY received\r\n
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:oB4XU6ZVNRZljTeaeFKxlSj+Hb+RW0Tffanx9JaqFz4\r\n
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory\r\n
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\r\n
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\r\n
debug1: Host '192.168.0.101' is known and matches the ECDSA host key.\r\n
debug1: Found key in /root/.ssh/known_hosts:1\r\n
debug1: rekey out after 134217728 blocks\r\n
debug1: SSH2_MSG_NEWKEYS sent\r\n
debug1: expecting SSH2_MSG_NEWKEYS\r\n
debug1: SSH2_MSG_NEWKEYS received\r\n
debug1: rekey in after 134217728 blocks\r\n
debug1: SSH2_MSG_SERVICE_ACCEPT received\r\n
debug1: Authentications that can continue: publickey\r\n
debug1: Next authentication method: publickey\r\n
debug1: Will attempt key: /config/.ssh/id_rsa RSA SHA256:JyOOXgXFq05iwbY1uiYJ3K5oyweKLGMMyKqB6cfCc04 explicit\r\n
debug1: Offering public key: /config/.ssh/id_rsa RSA SHA256:JyOOXgXFq05iwbY1uiYJ3K5oyweKLGMMyKqB6cfCc04 explicit\r\n
debug1: send_pubkey_test: no mutual signature algorithm\r\n
debug1: No more authentication methods to try.\r\[email protected]: Permission denied (publickey)."
returncode: 255
yes it’s a weak key, I believe that is all that will work with the readynas.
but it’s not exposed outside the local network so I’m not concerned with that.
Using the code from Terminal & SSH addon it all works fine ( I generated the key in HA Terminal & SSH).
It’s only when I try and run it from the shell it fails
Thanks Martin,
I’ve sorted that (i’ve been trying a few things and must of messed that up) keys are correct but it’s still the same HA:
debug1: SSH2_MSG_SERVICE_ACCEPT received\r\n
debug1: Authentications that can continue: publickey\r\n
debug1: Next authentication method: publickey\r\n
debug1: Will attempt key: /config/.ssh/id_rsa RSA SHA256:HXFoAPg7I9wmYDBlu3tw+smlQGXG56QZmdSN++hl8tM explicit\r\n
debug1: Offering public key: /config/.ssh/id_rsa RSA SHA256:HXFoAPg7I9wmYDBlu3tw+smlQGXG56QZmdSN++hl8tM explicit\r\n
debug1: send_pubkey_test: no mutual signature algorithm\r\n
debug1: No more authentication methods to try.\r\[email protected]: Permission denied (publickey)."
Versus terminal:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Will attempt key: /config/.ssh/id_rsa RSA SHA256:HXFoAPg7I9wmYDBlu3tw+smlQGXG56QZmdSN++hl8tM explicit
debug2: pubkey_prepare: done
debug1: Offering public key: /config/.ssh/id_rsa RSA SHA256:HXFoAPg7I9wmYDBlu3tw+smlQGXG56QZmdSN++hl8tM explicit
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /config/.ssh/id_rsa RSA SHA256:HXFoAPg7I9wmYDBlu3tw+smlQGXG56QZmdSN++hl8tM explicit
Authenticated to 192.168.0.101 ([192.168.0.101]:22) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug1: Sending command: rnutil
debug2: channel 0: request exec confirm 1
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 87380
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
have you any idea what the difference is between explicit and explicit\r\n?
or should I have my config file somewhere other than config/.ssh/
I’ve spent 2 days on this, I hate being beaten by this stuff.
I did as Martin suggested and upgraded the encryption to id_ed25519 and all is working now from the terminal AND the shell.
I have no idea why id_rsa would work from the terminal but NOT HA, but it’s working and I need a beer