![]() |
#1 |
Junior Member
![]() Posts: 8
Karma: 10
Join Date: Jun 2025
Device: Kindle3 Keyboard
|
Kindle3 can telnet and ssh with pass but cannot with keys
Hi all,
I just joined the forum cause recently I have found this community for root and all the goodies like terminal, KOreader, etc. It's great and I'd like to thank you for making it all so easy and clean ![]() Now one thing is taking me days to solve and still cannot do it, maybe you will be kind enough to help. I did everything that is required to root, install KUAL, KOreader, launchpad, usbnet, etc. I can telnet and ssh into Kindle3 Keyboard with dropbear by just pressing Enter instead of a password, next step was to setup authorized_keys file which I did. First with RSA key and then saw this in ssh -vvv: Code:
debug1: Next authentication method: publickey debug1: Offering public key: /home/will/.ssh/id_kindle RSA SHA256:3OMCm0BM9fVLwqL141DjgXaibahnP36aVfDMUQZkj88 explicit agent debug1: send_pubkey_test: no mutual signature algorithm Code:
debug1: Offering public key: /home/will/.ssh/kindle_ed25519 ED25519 SHA256:i5ns5vcwnJRPWBoUlXyUyYUVxHHU3TfV139d96HAdtQ explicit agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Offering public key: will@PC RSA SHA256:1Vq1xmJcsGGKDdmUY4MU4yOuobxNIX5mdZixxQRudTE agent debug1: send_pubkey_test: no mutual signature algorithm debug1: Offering public key: CaptainDerya's Kindle developer key RSA SHA256:3OMCm0BM9fVLwqL141DjgXaibahnP36aVfDMUQZkj88 agent debug1: send_pubkey_test: no mutual signature algorithm debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password root@192.168.2.2's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 52 Authenticated to 192.168.2.2 ([192.168.2.2]:22) using "password". debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open In the /var/log/messages I can find during login: Code:
250610:174245 dropbear[23153]: Child connection from 192.168.2.1:33386 250610:174246 dropbear[23153]: Pubkey auth attempt with unknown algo for 'root' from 192.168.2.1:33386 250610:174314 powerd[2512]: I def:battinfo:cap=100%, mAh=1463mAh, volt=4183mV, current=174mA, temp=80F, bp=4183mV, lmd=1467mAh, cycl=7, cyct=23: 250610:174316 dropbear[23153]: Exit before auth (user 'root', 0 fails): Exited normally I know that /mnt/us/usbnet/etc/config is responsible for setting up network and ssh options and /etc/ I even try to ssh-add-key to dropbear that defaults a file to /etc/dropbear/authorized_keys which probably wouldn't work and it didn't but at this point I just try to find a solution. Any information would be appreciated, maybe I just miss something. I setup IP's in the config file: Host: 192.168.2.1 Kindle: 192.168.2.2 I'm using Linux to connect to Kindle3 Keyboard. Usually when I change something and test I try both Dropbear and OpenSSH which is tedious as I have to disconnect, change in KUAL->usbnet toggle, etc. So this problem affects both Dropbear and OpenSSH. Possible issues I can think of: - Not setting my own password on Kindle3 Keyboard but I don't think this is necessary. I tried default ones to login found on forum and python script but they didn't work so I just leave it for the time. Maybe I will want to crack it at some point just to know what Amazon put in. The password is set I just don't know it but this doesn't seem to be an issue here. - Older version of Dropbear/OpenSSH with older encryption - I kind of mitigated this by creating ed25519 key instead of RSA but maybe I still miss something? - Maybe current apps are for newer devices that work fine with authorized_keys but Kindle3 Keyboard is not? - Newest kindle firmware made some changes that are preventing using keys? Don't think so as many people are using it with success. - Some bug. If you have any questions or suggestions I'll be happy to try them out. Best regards, Amar |
![]() |
![]() |
![]() |
#2 |
Junior Member
![]() Posts: 8
Karma: 10
Join Date: Jun 2025
Device: Kindle3 Keyboard
|
I tried to edit my post to add some details but I cannot find the "Edit" button.
I tried using some options with no avail as it still asks for password: Code:
ssh -i ~/.ssh/kindle_ed25519 -oKexAlgorithms=+diffie-hellman-group1-sha1 -oStrictHostKeyChecking=no root@192.168.2.2 Also key was copied with: Code:
scp ~/.ssh/kindle_ed25519.pub root@192.168.2.2:/mnt/us/usbnet/etc/authorized_keys Code:
[root@kindle root]# cat /mnt/us/usbnet/etc/authorized_keys ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSboVb+JERT6orFdr3mo8frs6sIhdSlrhMhZHB/nYbi will@PC Code:
-rwxr-xr-x 1 root root 89 Jun 11 09:02 authorized_keys |
![]() |
![]() |
![]() |
#3 |
Grand Sorcerer
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 5,780
Karma: 103362673
Join Date: Apr 2011
Device: pb360
|
Nevermind, obviously you have the IP address correct if you are able to login at all.
when you connect with password, what is the output of: Code:
/sbin/ifconfig usb0 Last edited by j.p.s; 06-11-2025 at 12:40 PM. |
![]() |
![]() |
![]() |
#4 |
Bibliophagist
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 45,906
Karma: 168959602
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos
|
Perhaps the issue lies in the error message?
Code:
debug1: Next authentication method: publickey debug1: Offering public key: /home/will/.ssh/id_kindle RSA SHA256:3OMCm0BM9fVLwqL141DjgXaibahnP36aVfDMUQZkj88 explicit agent debug1: send_pubkey_test: no mutual signature algorithm |
![]() |
![]() |
![]() |
#5 |
Junior Member
![]() Posts: 8
Karma: 10
Join Date: Jun 2025
Device: Kindle3 Keyboard
|
Hi j.p.s.
On my PC when I connect the first time the device for Kindle is 'usb0' but when I change for example Dropbear to Openssh (or vice versa) it becomes 'enxee4900000000' until I reboot my PC. On the kindle it seems to still be usb0 though. Here's the output: Code:
ssh root@192.168.2.2 Welcome to Kindle! root@192.168.2.2's password: X11 forwarding request failed on channel 0 ################################################# # N O T I C E * N O T I C E * N O T I C E # ################################################# Rootfs is mounted read-only. Invoke mntroot rw to switch back to a writable rootfs. ################################################# [root@kindle root]# /sbin/ifconfig usb0 usb0 Link encap:Ethernet HWaddr EE:19:00:00:00:00 inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2232 errors:0 dropped:0 overruns:0 frame:0 TX packets:1354 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:293664 (286.7 KiB) TX bytes:179359 (175.1 KiB) [root@kindle root]# |
![]() |
![]() |
![]() |
#6 | |
Junior Member
![]() Posts: 8
Karma: 10
Join Date: Jun 2025
Device: Kindle3 Keyboard
|
Quote:
Yes, that's what I saw the first time when I used default RSA key and that's why I have generated ed25519 key and I think this lines say it's ok: Code:
debug1: Offering public key: /home/will/.ssh/kindle_ed25519 ED25519 SHA256:i5ns5vcwnJRPWBoUlXyUyYUVxHHU3TfV139d96HAdtQ explicit agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password I tried it on my laptop with fresh, clean system where I put only 1 ed25519 key in my ~/.ssh/ folder (I copied it from my PC) and tried to login again with no success. |
|
![]() |
![]() |
![]() |
#7 |
Bibliophagist
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 45,906
Karma: 168959602
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos
|
Going off the top of my head here, but the receive packet: type 51 is an authentication failure so it would appear that your public key is not being accepted.
|
![]() |
![]() |
![]() |
#8 | |
Junior Member
![]() Posts: 8
Karma: 10
Join Date: Jun 2025
Device: Kindle3 Keyboard
|
Quote:
Can you advise what exactly key should I generate for Kindle 3 Keyboard? I tried default one (RSA 3072), RSA with 4096, ed25519 (default 256), I tried some parameters like described above: Code:
ssh -i ~/.ssh/kindle_ed25519 -oKexAlgorithms=+diffie-hellman-group1-sha1 -oStrictHostKeyChecking=no root@192.168.2.2 I tried again from my laptop with fresh Mint 22.1 and on Kindle in /var/log/messages this popped up: Code:
250611:190653 dropbear[4579]: Child connection from 192.168.2.1:43320 250611:190653 dropbear[4579]: Pubkey auth attempt with unknown algo for 'root' from 192.168.2.1:43320 250611:190656 dropbear[4579]: Bad password attempt for 'root' from 192.168.2.1:43320 (But we're letting you in because we're a nice Kindle ;)) |
|
![]() |
![]() |
![]() |
#9 |
Junior Member
![]() Posts: 8
Karma: 10
Join Date: Jun 2025
Device: Kindle3 Keyboard
|
I kind of found a solution when looking for this 'Pubkey auth attempt with unknown algo for'
After I added these options and changed my key from ed25519 to rsa (3072) Code:
ssh -i ~/.ssh/id_kindle root@192.168.2.2 -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa ![]() Actually it works even when I don't specify my key like above so ssh-agent is working fine as well. I tried also with RSA 4096 and worked as well on both Dropbear and OpenSSH and it's working. Trying to change to ed25519 didn't work yet but I guess I don't need it anymore or will look for specific options later (I tried '+ssh-ed25519' but there might be a different option). In the end I checked and with only this one option I can login with my RSA key so this is a solution: Code:
ssh root@192.168.2.2 -o PubkeyAcceptedAlgorithms=+ssh-rsa Code:
vim ~/.ssh/config Host k3 Hostname k3 User root HostKeyAlgorithms ssh-rsa PubkeyAcceptedAlgorithms ssh-rsa Nobody faced this issue or maybe nobody uses ssh keys? |
![]() |
![]() |
![]() |
#10 |
Bibliophagist
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 45,906
Karma: 168959602
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos
|
I suspect this is due to your older Kindle firmware not having support for the newer keys. The SSH-RSA keys were deprecated because they used SHA-1 which is no longer considered secure (this happens in 2022 if my memory serves).
|
![]() |
![]() |
![]() |
#11 |
Junior Member
![]() Posts: 8
Karma: 10
Join Date: Jun 2025
Device: Kindle3 Keyboard
|
I wanted to edit but time expires in 5 minutes so time passed while I was typing - maybe 1h or a day would be a better option to allow people edit threads?
!!! CAUTION !!! Adding option to Kindle in /mnt/us/usbnet/etc/sshd_config and restarting sshd (via KUAL) breaks ssh completely so no login is possible (tried '+ssh' and 'ssh' without a plus): Code:
PubkeyAcceptedAlgorithms +ssh-rsa Code:
ssh root@192.168.2.2 ssh: connect to host 192.168.2.2 port 22: Connection refused |
![]() |
![]() |
![]() |
#12 | |
Junior Member
![]() Posts: 8
Karma: 10
Join Date: Jun 2025
Device: Kindle3 Keyboard
|
Quote:
![]() I ask because I saw some posts about Kindle 3 Keyboard so people are still using it. Anyway, I'm glad that after many days this issue is solved. |
|
![]() |
![]() |
![]() |
#13 |
Evangelist
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Posts: 451
Karma: 3456809
Join Date: Jul 2023
Device: Scribe 2022, OA2, PRS-350
|
When connecting to an older device it's much safer to configure your SSH client as your earlier post did, and not to modify the sshd settings of the old device. It's fairly common to add specific exceptions as-needed to your SSH in the local user config file as you did in your earlier post. If the old device is running an old build of sshd then trying to add crypto that it doesn't support is a giant lift for not much gain.
|
![]() |
![]() |
![]() |
Tags |
authorized_keys, kindle3, ssh |
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
K5 Unable to get ssh-keys working for ssh login without entering password | Immortalis | Kindle Developer's Corner | 3 | 07-16-2022 05:54 PM |
Aura H2O 2 Question about telnet/ftp/ssh | Elektron | Kobo Developer's Corner | 4 | 07-13-2020 08:45 PM |
SSH/Telnet commands | aprex | Kindle Developer's Corner | 8 | 05-03-2019 01:45 PM |
Can't SSH or Telnet to Kindle 3 | eshiku | Kindle Developer's Corner | 13 | 07-28-2011 07:23 PM |
Ssh/telnet access over 3G? | lolcat | Kindle Developer's Corner | 12 | 02-21-2011 11:56 AM |