Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
05-27-2007, 08:47 PM
|
#1
|
|
Senior Member
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,546
Rep: 
|
Permission denied (publickey,password,keyboard-interactive)
hi
I cannot login into ssh due to the following error:
Code:
storage> ssh localhost
Permission denied (publickey,password,keyboard-interactive).
my system:
Code:
storage> uname -a
Linux storage 2.4.22-uc0 #458 Tue Apr 3 01:09:49 CST 2007 ppc unknown
Code:
storage> ssh -v
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004
Code:
storage> ls -la /etc/ssh
drwxr-xr-x 2 root root 1024 May 28 03:23 .
drwxr-xr-x 8 root root 2048 May 28 03:13 ..
-rw------- 1 root root 1192 May 28 03:12 ssh_host_dsa_key
-rw-r--r-- 1 root root 1114 May 28 03:12 ssh_host_dsa_key.pub
-rw------- 1 root root 975 May 28 03:03 ssh_host_key
-rw-r--r-- 1 root root 639 May 28 03:03 ssh_host_key.pub
-rw------- 1 root root 1675 May 28 03:05 ssh_host_rsa_key
-rw-r--r-- 1 root root 394 May 28 03:05 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 2974 May 28 03:23 sshd_config
-rw-r--r-- 1 root root 2961 May 28 03:27 sshd_config_org
-rw-r--r-- 1 root root 2977 May 28 03:23 sshd_config_save
my sshd configuration:
Code:
# vi etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
Protocol 2,1
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#now ssh is only used by rsync ==> auth by passwd file of rsync server
#AuthPassFile /etc/rsyncd.secrets
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
Compression yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
DenyUsers admin
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
I tried to remove /root/.ssh/known_hosts
and regenerate all keys:
Code:
ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
but still doesn't work !
knows someone howto solve this problem ? |
|
|
|
|
05-28-2007, 03:04 AM
|
#2
|
|
Member
Registered: Mar 2007
Posts: 41
Rep:
|
Hmm... I'm not very knowledgeable on this problem, but I just checked my /etc/ssh/sshd_config and every line was commented out, and I did not have /root/.ssh at all. Perhaps you can try that for troubleshooting?
|
|
|
|
|
05-28-2007, 11:27 AM
|
#3
|
|
Senior Member
Registered: May 2006
Distribution: Caldera, CTOS, Debian, FreeBSD, Mac OS X, Mandrake, Minix, OpenBSD, Slackware, SuSE
Posts: 1,757
Rep:
|
I used your sshd_config file, tried root ssh connection to localhost, and got the same results as you. After trial and error, I was finally able to login. This is what I did:
Code:
# cd ~/.ssh
# ssh-keygen -t rsa
no passphrase entered for key
# cp id_rsa.pub authorized_keys
# chmod 600 authorized_keys
# ssh -v localhost
---snip---
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Mon May 28 11:59:48 2007 from localhost
Linux 2.4.33.3.
If you enter a passphrase when you create your ssh key, you will be prompted to enter it when connecting via ssh.
The #AuthorizedKeysFile .ssh/authorized_keys entry is the default for where your public key is searched. If you don't copy your public key as I did in the above steps, you can have AuthorizedKeysFile .ssh/id_rsa.pub instead. Reference man sshd_config.
If you run sshd in debug mode, you'll see what it's looking for:
Code:
debug1: trying public key file /root/.ssh/authorized_keys
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
or
Code:
debug1: trying public key file /root/.ssh/id_rsa.pub
debug1: matching key found: file /root/.ssh/id_rsa.pub, line 1
Last edited by bsdunix; 05-28-2007 at 11:32 AM.
|
|
|
|
|
05-31-2007, 05:32 PM
|
#4
|
|
Senior Member
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,546
Original Poster
Rep:
|
I've installed openssh again:
# ipkg install openssh
and now it seems to work.
thanks anyway.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 05:39 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
