Thursday, 2 January 2020

linux - What does "key_load_public: no such file or directory" mean?


I've been troubleshooting a PubkeyAuthentication-only issue. When I use verbose mode, I see a lot of "key_load_public: no such file or directory".


Obviously, the keys exits on the filesystem, so that message does not appear to have a customary meaning:


$ ls -al ~/.ssh/id_*
-rw-------  1 jwalton  staff   751 Feb  4  2013 id_dsa
-rw-------  1 jwalton  staff   608 Feb 18  2015 id_dsa.pub
-rw-------  1 jwalton  staff   314 Feb  4  2013 id_ecdsa
-rw-------  1 jwalton  staff   180 Feb 18  2015 id_ecdsa.pub
-rw-------  1 jwalton  staff   464 Aug 23 18:15 id_ed25519
-rw-------  1 jwalton  staff   103 Aug 23 18:15 id_ed25519.pub
-rw-------  1 jwalton  staff  2546 Feb  4  2013 id_rsa
-rw-------  1 jwalton  staff   572 Feb 18  2015 id_rsa.pub

What, exactly, does "key_load_public: no such file or directory" mean?



My .ssh/config file has:


$ cat ~/.ssh/config
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_ecdsa
IdentityFile ~/.ssh/id_dsa
IdentityFile ~/.ssh/id_rsa

Adding the *.pub extension has no effect. I tried both with and without *.pub because the man page is ambiguous with respect to which key needs to be specified - public or private. (A pubic key is all that's needed for an identity; a private key is needed to prove ownership of the key in a challenge/response):


IdentityFile
    Specifies a file from which the user's DSA, ECDSA or DSA authen-
    tication identity is read...


$ ssh -v -p 1522 jwalton@192.168.1.11
OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /Users/jwalton/.ssh/config
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 192.168.1.11 [192.168.1.11] port 1522.
debug1: Connection established.
debug1: identity file /Users/jwalton/.ssh/id_ed25519.pub type 4
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jwalton/.ssh/id_ed25519.pub-cert type -1
debug1: identity file /Users/jwalton/.ssh/id_ecdsa.pub type 3
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jwalton/.ssh/id_ecdsa.pub-cert type -1
debug1: identity file /Users/jwalton/.ssh/id_dsa.pub type 2
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jwalton/.ssh/id_dsa.pub-cert type -1
debug1: identity file /Users/jwalton/.ssh/id_rsa.pub type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jwalton/.ssh/id_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
...

Answer



It means literally what it says: there is no such file or directory that ssh wanted to access.


However, it talks about the file mentioned below, not above. You have just the regular public keys, but you do not have the SSH certificates for them (presumably because you just don't need them). OpenSSH however will always try to load the associated .pub-cert file for each identity key.



The ssh-keygen(1) manual talks about creating an OpenSSH cert authority and signing certificates, should you be interested. (Note: this doesn't use X.509, only OpenSSH's own cert format.)


Usually the certificates are only useful if you have a massive amount of users (and/or servers) but don't want to use Kerberos.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How can I VLOOKUP in multiple Excel documents?

I am trying to VLOOKUP reference data with around 400 seperate Excel files. Is it possible to do this in a quick way rather than doing it m...