Devin Reade wrote:
--On Friday, May 08, 2015 09:58:32 AM -0400 "James B. Byrne" byrnejb@harte-lyne.ca wrote:
While attempting to debug something else I ran across this:
ssh -vvv somehost . . . debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/identity-cert type -1 debug3: Not a RSA1 key file /root/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace
[snip]
The password-less connections complete in any case but I am perplexed as to what is the problem with the root identity key that ssh is reporting.
Can anyone explain to me what this means?
IIRC there was a time when id_rsa could refer to either an RSA1 key or RSA2 key. I believe ssh is first trying to read the file as an RSA1 key, finding problems, and then opening it as an RSA2 key. In fact, if you scroll down from there you probably see a line like the following:
debug1: identity file /home/somebody/.ssh/id_rsa type 1
which is a successful read (note the type is 1 and not -1).
In other words, it's nothing to worry about. The messages are a bit different under CentOS 7 (I suspect you're running CentOS 6 on the client), but they say about the same thing.
<snip> I would *strongly* recommend editing your /etc/ssh/sshd_config, and comment or delete the fallback, and replace it, like: #Protocol 2,1 Protocol 2
That way, it won't even try.
mark