-   Linux - General (
-   -   SSH permission denied Issue (

sachinh 09-09-2009 04:43 AM

SSH permission denied Issue

We have a peculiar ssh issue between 2 Linux hosts. 1 SYS_A (SLES 10, and other SYS_B(SuSE 7.0, systems.
We can ssh from SYS_A to SYS_B but gets permission denied from SYS_B to SYS_A. Here is the verbose output.

SYS_B >> ssh SYS_A -v
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: Seeding random number generator
debug: ssh_connect: getuid 501 geteuid 0 anon 0
debug: Connecting to SYS_A [] port 22.
debug: Seeding random number generator
debug: Allocated local port 804.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug: Local version string SSH-1.5-OpenSSH_2.1.1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
The authenticity of host 'SYS_A' can't be established.
RSA key fingerprint is ee:a4:e7:42:4b:d3:2d:8b:22:c2:33:7c:16:4d:a2:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'SYS_A,' (RSA) to the list of known hosts.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
Permission denied.
debug: Calling cleanup 0x805d200(0x0)
SYS_B >>

SYS_B >> netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface U 0 0 0 eth0 U 0 0 0 san1 U 0 0 0 lo UG 0 0 0 eth0

The SYS_A is having ,
SYS_A>> ssh -V
OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005

and SYS_B ,
SYSB >> ssh -V
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f).

Plz let me know if you need anymore info.
Plz suggest.


cardy 09-09-2009 04:53 AM

The first thing I would check is file permissions. When your on the host SYS_B look in the home directory of the user your logged in as for a directory called .ssh

This command


ls -la ~/ | grep .ssh
should list the directory (see example below)


$ ls -la ~/ | grep .ssh
drwx------ 2 auser auser 4096 2009-09-09 10:50 .ssh
I am guessing that the permission denied your getting is because ssh client recieves the fingerprint for this host and you confirm that you wish to connect at this point it will try to save that decision into a file called known_hosts located by default in the directory above.

I am guessing you have problems with your permissions to the .ssh directory or the user is unable to create this directory inside their home directory.


sachinh 09-09-2009 04:59 AM

Thanx Cardy for quick reply. Your guess is right. We did get a question when we tried for the first time , to which we answered Yes. and then started getting this permissio denied error.
To answer your questions, here is the permissions info.

SYS_B:/root> ls -ld .ssh

drwxr-xr-x 2 root root 4096 Sep 8 17:58 .ssh

SYS_B:/root> ls -l .ssh/

-rw-r--r-- 1 root root 1663 Sep 9 10:00 known_hosts

Plz let me know if u need anything else.


cardy 09-09-2009 05:03 AM

Have you tried adding a second v on the command line to increase the verbosity of the output, this may help diagnose why its failing i.e.


ssh SYS_A -vv

sachinh 09-09-2009 05:07 AM

Yes...but gives the same output. Any other ideas?

cardy 09-09-2009 05:16 AM

Adding extra v's should increase the debuging level output for each extra v. I would suggest trying 3 - 4 v's increasing by one at a time.

On my local system adding extra v's to the cmd line increases the debuging output significantly.

What other files exist in ~/.ssh other than the known_hosts file.

sachinh 09-09-2009 06:47 AM


Adding extra v's not giving any other output,

mcnode2> ssh SYS_A -vvvv
Usage: ssh [options] host [command]
-l user Log in using this user name.
-n Redirect input from /dev/null.
-A Enable authentication agent forwarding.
-a Disable authentication agent forwarding.
-X Enable X11 connection forwarding.
-x Disable X11 connection forwarding.
-i file Identity for RSA authentication (default: ~/.ssh/identity).
-t Tty; allocate a tty even if command is given.
-T Do not allocate a tty.
-v Verbose; display verbose debugging messages.
-V Display version number only.
-P Don't allocate a privileged port.
-q Quiet; don't display any warning messages.
-f Fork into background after authentication.
-e char Set escape character; ``none'' = disable (default: ~).
-c cipher Select encryption algorithm: ``3des'', ``blowfish''
-p port Connect to this port. Server must be on the same port.
-L listen-port:host:port Forward local port to remote address
-R listen-port:host:port Forward remote port to local address
These cause ssh to listen for connections on a port, and
forward them to the other side by connecting to host:port.
-C Enable compression.
-N Do not execute a shell or command.
-g Allow remote hosts to connect to forwarded ports.
-4 Use IPv4 only.
-6 Use IPv6 only.
-2 Force protocol version 2.
-o 'option' Process the option as if it was read from a configuration file.

SYS_B:> ssh SYS_A -v -v -v -v
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).

No other files exist in /root/.ssh

cardy 09-09-2009 06:58 AM

Have you Checked the log files on the remote server ?

It is worth checking /var/log/messages and /var/log/secure on the remote server to see if anything is being logged there. I would also verify the permissions on the remote server for the .ssh directory.

The only other thing I can think of is verifying the permissions into the directory /etc/ssh (and the files within) on both of the hosts.

All times are GMT -5. The time now is 11:38 PM.