Error code -18 in Lifeboat after updating my web server to Ubuntu 22.04

Hi,

I’ve just updated my remote server to Ubuntu 22.04 and I can access it using SSH.
When I try to connect using Lifeboat, I get this error:
Authentication failed. Username/PublicKey combination invalid. Code: -18.

Since my username hasn’t changed, I guess the PublicKey has. However, my lack of knowledge about this PublicKey is one reason I’m using Lifeboat in the first place :grin:. I’m not even sure upgrading Ubuntu should lead in the PublicKey being different and would be the actual issue.

Would it be enough to re-create a PublicKey, presumably on the server?
My searches haven’t led to results. I also tried different authentication methods in Lifeboat (by editing the server’s data) but each provide other errors (expected, since they were set up before).
TIA.

Be careful. The public key is what lets you log in via ssh. Changing it could make it impossible to log in.

1 Like

Thank you for the advice.

So, since I can log in using SSH, it looks like the PublicKey hasn’t changed. If neither the PublicKey nor my username have changed, I don’t understand the error message of Lifeboat (“Authentication failed. Username/PublicKey combination invalid. Code: -18.”).

Agreed. You should wait until @Tim_Parnell is around. He can probably tell you where the error is coming from, like if there’s another key in use somewhere.

2 Likes

Thanks.

You had 20.04 before?

We tried creating Ubuntu 22.04 droplet and use Lifeboat without success.

IIRC, yes. At least, I had the latest available before 22.04.

Lifeboat’s website says 22.04 is supported.
Did you get the same error than me? (if not, those are perhaps different issues).

I don’t remember the exact error but we were not able to deploy using Lifeboat and Ubuntu 22.04

Were you able to connect to the server, at all?

And how do you “access it using SSH”?
Via a SSH Client and username/pwd, or via the same private/public key(s) that Lifeboat seems to be using?

I’m aware that “old private/public keys” no longer work (by default) on Ubuntu 22.04.
Read more e.g. here: encryption - Ubuntu 22.04 SSH the RSA key isn't working since upgrading from 20.04 - Ask Ubuntu

The RSA public-private key pair is considered not safe any more .

…and therefore disabled by default.
The link above shows how you could modify sshd_config to still allow that (even if you shouldn’t).

Still - let’s wait for what Tim has to say, as he knows what Lifeboat is doing (which I don’t, since I don’t use it).
I just wanted to drop the hint that it might be related to the type of keys being used.

2 Likes

Good morning! Sorry, yes, Jürg has hit the nail on the head!

The error message comes directly from libssh, there’s not much more information I can really offer when this happens because libssh just says authentication error. I have absolutely no idea how you can still authenticate with Terminal using an RSA key. It’s probably a hidden feature I don’t understand.

Ubuntu 22.04 disables RSA cipher, so you have to use a different cipher or change the ubuntu config. ECDSA has worked in testing.

1 Like

Not using username and password. I use the Terminal’s connect to server which then asks me to enter my passphrase; it uses keys from my ~/.ssh folder to authenticate.

Ah, good chances of being the problem, indeed.

Thank you for that.

I’m glad I still can :sweat_smile:.

Would Lifeboat support it?
I’m a little confused.

Thanks for your answer.

If you’re asking about the Terminal magic, Lifeboat can’t because I have no idea how that voodoo happens.

In physical item terms, Lifeboat can’t fit the key into the lock because Ubuntu changed the shape of the lock.

I was asking about a new cipher. Since Ubuntu seems to have locked down RSA keys authentication, I don’t see the point of using another cipher (assuming “cipher” means a different algorithm to generate an RSA key).
Thanks.

They have disabled authentication with the RSA cipher, not SSH keys. You can’t use RSA, you can use ECDSA. It’s the same type of authentication but uses a different encryption cipher. You should be able to just generate a new key pair using ECDSA.

So I did that. Generated ECDSA keys (using “ssh-keygen -t ECDSA”), downloaded the “.pub” file and put it in my “.ssh” local folder. In Lifeboat, I went to the “Edit Connection” dialog and added the ecdsa file to the list.
Now, when I try to test or save, Lifeboat reports this:
Connection failed:
Authentication failed. Error parsing PEM: offset out of bounds. Code: -14

Google reveals only two entries with this message (funny how most of my experiences in the Unix world are always full of rare issues that no one ever saw before :sweat_smile:). One result is the libssh2 source code in GitHub and the other is from an app called “FreeFileSync”, where the issue mentioned is about the latest keys protocol not being supported yet: Onlinestorage Connection Error - FreeFileSync Forum

Thanks for your help so far.

The Private Key is for your development machine.
The Public Key goes in ~/.ssh/authorized_keys on the server. authorized_keys is a list of authorized user public keys, one per line.

1 Like

Ok, so I inverted the keys.
Now, the id_ecdsa is in my local .ssh folder. In Lifeboat, I choose this file in the “Authentication:” field. Pressing test shows “Authentication failed. . Code: -48”.
Ok, since I had set a passphrase when generating the key, I assume I must enter it in Lifeboat→Edit connection→Manage SSH keys→id_ecdsa→Has password→Text field. When I do that, the test shows this: Authentication failed. Username/PublicKey combination invalid. Code: -18
Back to square one.

Open to any advice.
Thanks.

Shot in the dark guess, did you restart ssh on the server after updating authorized_keys?

Here’s the error codes, but unfortunately you’ll see how little information is provided.

1 Like