[savannah-help-public] problem with tunnel + ssh

[Julien Cohen]

Hello,

I cannot manage to connect to svn.savannah.nongnu.org by a ssh tunnel.

To go out from my university, I need to pass threw an ssh tunnel on the machine 
bastion-out.univ-nantes.fr

I make that tunnel (on my local machine) with the following command as 
recommanded by my university administrators :

ssh  -N -L 5678:svn.savannah.nongnu.org:22 address@hidden

after that I use ssh -p 5678 address@hidden

jcohen is my login on savannah servers. I managed to use it to connect with ssh 
from my home (no tunnel).

cohen-j is my login on the university system.

I end with a "Permission denied (publickey)." error.

I have 700 permissions on my homedir, on my .ssh dir and on the id_rsa file (I 
made ssh-keygen recently). My public key is similar to the one on the key 
config page on savannah :

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt2U0NCnbm5+G4kQDIxIj0h0E0dnVLfWglFVjxgexJDRq
FWNNMzoUZhqVPiYnqxc2jPt+us8qaBniCn8ejhOh8b1r3hYcWthDwDP6h03se0yzKS1qY4buUx+VVJZz
Wcb7MtzSzUh9kzdIMbxXnt8M0QX0KNj0XHK4ygXqPmEOTz07POHWtNXvdxKtFvRLQRC7U/2I7rUZSvoI
mfsk1v/d7/WHoYIRqwjkl/8nygHFiPD4jSb73bAwfz33Nw8tBN9kfIoNj/SIrfHURMDNAn/TD5Oay2rv
TrfUTy2UdeA6qndOv5/32Aj978be0HZOpevuTjCpkvznMpX3VHZX3XfwPQ== address@hidden


I have waited more than an hour.

I use the following ssh versions, with ssh2 and ipv4 (I tried to force this 
with ssh options) :

OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009

The tunnel session asks me for a password, which succeeds. The second ssh 
doesn't ask for a password or a passphrase. I have tried to desactivate the 
gnome-keyring.

Here are the -vvv debug messages for the tunnel and then for the second ssh :

address@hidden:~$ ssh  -N -L 5678:svn.savannah.nongnu.org:22 address@hidden -vvv
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to bastion-out.univ-nantes.fr [193.52.101.170] port 22.
debug1: Connection established.
debug1: identity file /home/cohen-j/.ssh/identity type -1
debug3: Not a RSA1 key file /home/cohen-j/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/cohen-j/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/cohen-j/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 
Debian-6+squeeze2
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,address@hidden
debug2: kex_parse_kexinit: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,address@hidden
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,address@hidden,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,address@hidden,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,address@hidden,zlib
debug2: kex_parse_kexinit: none,address@hidden,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc
debug2: kex_parse_kexinit: aes128-cbc
debug2: kex_parse_kexinit: hmac-sha1
debug2: kex_parse_kexinit: hmac-sha1
debug2: kex_parse_kexinit: none,address@hidden
debug2: kex_parse_kexinit: none,address@hidden
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 151/320
debug2: bits set: 1024/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 272 bytes for a total of 1127
debug3: check_host_in_hostfile: filename /home/cohen-j/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename /home/cohen-j/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 3
debug1: Host 'bastion-out.univ-nantes.fr' is known and matches the RSA host key.
debug1: Found key in /home/cohen-j/.ssh/known_hosts:2
debug2: bits set: 1076/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1143
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1195
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/cohen-j/.ssh/identity ((nil))
debug2: key: /home/cohen-j/.ssh/id_rsa (0x20eb8388)
debug2: key: /home/cohen-j/.ssh/id_dsa ((nil))
debug3: Wrote 68 bytes for a total of 1263
debug3: input_userauth_banner
--------------------------------------------------------------------
ACCES RESTREINT - RESTRICTED ACCESS
---------------------------------------------------------------------
L'acces a cet equipement est restreint au seul personnel autorise.
Toute tentative d'intrusion sera poursuivie conformement aux articles
323-1 et suivants du code penal.
---------------------------------------------------------------------
Only the authorized users can be accessed to this system.
All intrusion attemp will be prosecuted according the article 323-1
to 323-7 of french law.
---------------------------------------------------------------------
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred 
gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/cohen-j/.ssh/identity
debug3: no such identity: /home/cohen-j/.ssh/identity
debug1: Offering public key: /home/cohen-j/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 372 bytes for a total of 1635
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/cohen-j/.ssh/id_dsa
debug3: no such identity: /home/cohen-j/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
address@hidden's password:
debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 148 bytes for a total of 1783
debug1: Authentication succeeded (password).
debug1: Local connections to LOCALHOST:5678 forwarded to remote address 
svn.savannah.nongnu.org:22
debug3: channel_setup_fwd_listener: type 2 wildcard 0 addr NULL
debug1: Local forwarding listening on ::1 port 5678.
bind: Address already in use
debug1: Local forwarding listening on 127.0.0.1 port 5678.
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 5678
Could not request local forwarding.
debug1: Requesting address@hidden
debug1: Entering interactive session.
debug3: Wrote 68 bytes for a total of 1851







address@hidden:~$ ssh -p 5678 address@hidden -vvv
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 5678.
debug1: Connection established.
debug1: identity file /home/cohen-j/.ssh/identity type -1
debug3: Not a RSA1 key file /home/cohen-j/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/cohen-j/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/cohen-j/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 831
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,address@hidden
debug2: kex_parse_kexinit: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,address@hidden
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,address@hidden,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,address@hidden,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,address@hidden,zlib
debug2: kex_parse_kexinit: none,address@hidden,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: 
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,address@hidden
debug2: kex_parse_kexinit: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,address@hidden
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,address@hidden,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,address@hidden,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,address@hidden
debug2: kex_parse_kexinit: none,address@hidden
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 855
debug2: dh_gen_key: priv key bits set: 124/256
debug2: bits set: 488/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 999
debug3: put_host_port: [::1]:5678
debug3: put_host_port: [localhost]:5678
debug3: check_host_in_hostfile: filename /home/cohen-j/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '[localhost]:5678' is known and matches the RSA host key.
debug1: Found key in /home/cohen-j/.ssh/known_hosts:1
debug2: bits set: 537/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/cohen-j/.ssh/identity ((nil))
debug2: key: /home/cohen-j/.ssh/id_rsa (0x2099e358)
debug2: key: /home/cohen-j/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred 
gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/cohen-j/.ssh/identity
debug3: no such identity: /home/cohen-j/.ssh/identity
debug1: Offering public key: /home/cohen-j/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1495
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/cohen-j/.ssh/id_dsa
debug3: no such identity: /home/cohen-j/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
address@hidden:~$




Could you check the logs on the server side to help me understand the problem?

Thank you for your attention.

Julien.

--
Julien Cohen
Polytech'Nantes / LINA
(33) 2 40 68 32 56