[SOLVED] Cant login via SSH to non-root user

mackowiakp · 08-08-2020, 01:39 AM

Cant login via SSH to non-root user in Debian 10 Buster. I want to use only cert auth, not passwords both for root and users.
It worked for me in Ubuntu 14.04 Stretch. Of course I have in ~/.ssh dir public keys in authorized_keys file. This files have the same content for root and for user. Of course dir and file owner/group/mod is set according to rules.
Below SSH daemon config file:

Code:

[root@Piotr MEDIA]# cat sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 1024

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

ChallengeResponseAuthentication no

PasswordAuthentication no

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

What I am doing wrong?

berndbausch · 08-08-2020, 02:39 AM

Would be nice to see the failure symptoms, including a verbose ssh.

By the way, you mean key-based, not certificate-based authentication, correct? I don't see anything about certificates in the config file.

mackowiakp · 08-08-2020, 03:43 AM

Yes. Of course. Keys not certs. Sorry.

And to describe the situation precisely. The "debian" server is installed in the LXC container on the QNAP NAS. And as I wrote, I had Ubuntu stretch installed there before. I had to replace it with Debian Buster because the latest version of Domoticz doesn't work fully on the Stretch version.

Below verbose output from login to user "debian" on server "debian":

Code:

[root@Piotr Pobrane]# ssh -i /home/maciek/.ssh/id_piotr -x debian@debian -vvv
OpenSSH_8.0p1, OpenSSL 1.1.0l  10 Sep 2019
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "debian" port 22
debug2: ssh_connect_direct
debug1: Connecting to debian [192.168.0.203] port 22.
debug1: Connection established.
debug1: identity file /home/maciek/.ssh/id_piotr type 0
debug1: identity file /home/maciek/.ssh/id_piotr-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to debian:22 as 'debian'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:70
debug3: load_hostkeys: loaded 1 keys from debian
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:QTV0I01jZ7CONVgRkBlxtsb1n3eekDeCEmI+u+MbniY
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:70
debug3: load_hostkeys: loaded 1 keys from debian
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:69
debug3: load_hostkeys: loaded 1 keys from 192.168.0.203
debug1: Host 'debian' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:70
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/maciek/.ssh/id_piotr RSA SHA256:Sw4eBE7jXegItyXlXdoWv1JysGQulrdP28gIX/aao5o explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/maciek/.ssh/id_piotr RSA SHA256:Sw4eBE7jXegItyXlXdoWv1JysGQulrdP28gIX/aao5o explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
debian@debian: Permission denied (publickey).

And login to root on server debian

Code:

[root@Piotr Pobrane]# ssh -i /home/maciek/.ssh/id_piotr -x root@debian -vvv      
OpenSSH_8.0p1, OpenSSL 1.1.0l  10 Sep 2019
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "debian" port 22
debug2: ssh_connect_direct
debug1: Connecting to debian [192.168.0.203] port 22.
debug1: Connection established.
debug1: identity file /home/maciek/.ssh/id_piotr type 0
debug1: identity file /home/maciek/.ssh/id_piotr-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to debian:22 as 'root'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:70
debug3: load_hostkeys: loaded 1 keys from debian
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:QTV0I01jZ7CONVgRkBlxtsb1n3eekDeCEmI+u+MbniY
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:70
debug3: load_hostkeys: loaded 1 keys from debian
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:69
debug3: load_hostkeys: loaded 1 keys from 192.168.0.203
debug1: Host 'debian' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:70
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/maciek/.ssh/id_piotr RSA SHA256:Sw4eBE7jXegItyXlXdoWv1JysGQulrdP28gIX/aao5o explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/maciek/.ssh/id_piotr RSA SHA256:Sw4eBE7jXegItyXlXdoWv1JysGQulrdP28gIX/aao5o explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /home/maciek/.ssh/id_piotr RSA SHA256:Sw4eBE7jXegItyXlXdoWv1JysGQulrdP28gIX/aao5o explicit
debug3: sign_and_send_pubkey: RSA SHA256:Sw4eBE7jXegItyXlXdoWv1JysGQulrdP28gIX/aao5o
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to debian ([192.168.0.203]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x48
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Linux Debian 4.14.24-qnap #1 SMP Wed Jul 29 06:27:02 CST 2020 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Aug  8 08:23:49 2020 from 192.168.0.2
root@Debian:~#

Turbocapitalist · 08-08-2020, 03:59 AM

Are the keys in on the server in ~debian/.ssh/authorized_keys unbroken, on a single line and is the file inaccessible by any other accounts? Check the permissions, groups, and ownership for that file and then the directories starting with .ssh on up to /home/

mackowiakp · 08-08-2020, 04:12 AM

Below listing os user/group/mods of dir and files and content of authorized_keys file. As You can see, there is no difference between root file and user file.

Code:

root@Debian:/home/debian/.ssh# diff /root/.ssh/authorized_keys /home/debian/.ssh/authorized_keys 
root@Debian:/home/debian/.ssh#

Code:

root@Debian:~# cd /home/debian/
root@Debian:/home/debian# ls -la|grep ssh
drwx------  2 debian debian  4096 sie  7 09:40 .ssh
root@Debian:/home/debian# cd .ssh/
root@Debian:/home/debian/.ssh# ls -la
razem 16
drwx------  2 debian debian 4096 sie  7 09:40 .
drwxrwxrwx 24    501    501 4096 sie  7 17:08 ..
-rw-------  1 debian debian 2362 sie  7 09:14 authorized_keys
root@Debian:/home/debian/.ssh# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5xjj9ZFSxDgylnIjDh832aV3mYFb0BmaojtCnniLZ9EmMCPu+appMONaoU/QJV/jjS9H61UZUYuuTylthj4B5lgh7VzDy66qhVjWv90q3e9QJkpM2Y+pc+yff7vi4you2uqiRnP3TM8Pb+2RZ5LopLZALTNnQBZ28ICRE28D8YZyum0dNAx8ih0xnnjpTuQjDMX0nBrmV9z3fIQDdW5qdIwHYxIwLIE2CNWlPAbBmPA0UxRvrw/HF9AatG2oCvA6eotzVDoH6Rr2nXgYixFcr0OEbKvH5iCXIRI3KKj5sFCMHAREqmk8A624TvpKwRbHz33sMJoLaPS0HvxRcsRx0Q== maciek@piotr

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYO2ePq1HvBVO0l2Y4HJ1HvEQDvJKnLR9HWYrDdWQY7h/vt39XWB4/my8ZFUiIL2cbb5ja8Xe80CZG5sUWUwk8mu8uk95gGA60lTRwzmVPI9MVkJUshLtnBjynZVjQuHWfoV78p57WW42/+Ry7YsIC2isvAxz60hrGba3Ru6t65PXRquVLmDP4sre92xj6ppfQgElBUKqTByBzBlAs0dTS4+82fChKI+ipruB6i7zlPhRL6UXQLl55IJ6OHkEZh9scz5FiCv+fp5aILTP8CU3Vx5rahnHSBvkmwNGjW2JBVE2tTiWMcbLC+Lx/lTYA/zFa3feSz3+yeR31IDvx4GEd Note4

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeOmxMKjX1Cp3cucN0s+oso/mNTwyq6AIoK0YuYbjuXjVnii1dF330pCyZzUeyBm/OZEHSU93K/Fb7OqySJn6aI6IEUpAuW1tYSoPyIlg1uMAFRdsfIVpj9wtuQVzewTIdVvZm3owdxWouegxER86HvXKKewPO5GKOJG8HdmMY9uWBOlDy1cye7ABt/msFYAlQFv9/9d5e3+QQnvc2nFgB+y6SiG1hir7Ovc0YhctAsIrn57m+5xq4bBDY8CrZzPrYsmp4dr9aQLJqlbOOpWRJvtvacJ5XXLlwFBr6kZSMs59JdI6M9AAP4BMhA2eSgH66rZPqIvg+7GjE2ge5FOXn piotr-l

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVgPEQ6AM3fh7UkqYmZQNd66hMPeJZt3SQMuj7Ziw1eBTJW9lUCNeZZpU5t8qrPm1KlS38Mv0n+TU5hrXKu0W97kjFSljDpF+47MW8sCY+lzji75qzA/lEZHWCUcxymZWPVWi5+oyfr7bbKflO3WY3CKJWDKm+hqI5IzKxyLGaw6bFIf9yI9Ur+Uw4QE9ZbcKf/hilPVEp2JyaFabReczngv+VOS3t8LuT9I+YNQW8FVVN+NZsS774wlEN/+PJn7QxEqyBLyx+PlHtExsvhZit1GR+NZsxWPJWoPuyFwYy8W3NrP2X/AUk9FMNcWJZy7tGukOrcWgAoMD6cJ5nMnqh media@mackowiakp.ddns.net

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKLa4q7LWWhv5PLY6CoOYud8JLaRRcOewyPsdiO1pL/bXZbWj8WwTrq/CD9BzcjKVVAfxbIdIdpmpsZXzxmGsUN5hPi5h3nZ+PGavvSa9/2cLQrTVDlg2mfN7nVBrN2EiAI9P2rIAnxrqYQOuPkvpLI78ilzhrlQzdxW4FuhqgIZozNwidvdxPUyZ8oTT1RASM9r8Lttoao+mGS1ZJRSuhIBPYgrsgfC9C9lXumUqviopNaWD9QK57oPKpPA6ox+JOkEqOBOKRWNebby7XJ3bx4YqQa3lZQ6IfBBT7pvb+zIllH4N7iORjsCV0fdHQVOUa70CIhxc6rjye3h0f3Ng1 iPad

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCx7OZBouleZjBXD2XjYwudF4Xu6JktPG+dnCcrhXTvWRQZnuolyiAhgnfC0kqO/zWv6rZOYEfbo1sEfJ7gFp1Hkk9t0R1dfUr0LshnlUbF8LxivDLQ24tTVa7D4jA15tCB5eiMrhqPxeKGOKYcyWosZgydPWWgsbQAl0i8F0CF861oE8nOaQnTskf86UrEp3+Sz8lYGPMNKiropzeBIK9nE+YpcY1/i3n5cJkPhgcZzk9OzLl+EGGGEzFZ6GHvF6XXdCBL2knGTsi4eUv9gIsX3f0V2sNFdydhKSPVauOuo7ya8JtBramTd+qhz5+83uQ574q1JnO/R+IZNayLpSRv gosia@gosia

Turbocapitalist · 08-08-2020, 04:33 AM

On the server, fire up a second instance of the SSH daemon for logging purposes on an alternat port.

Code:

sudo /usr/sbin/sshd -p 2222 -d -d -d -E /tmp/sshd.log

Then attempts connect to it once to reproduce the failure.

The settings above will allow you to connect once, and only once, then the logs for the whole session will be in /tmp/sshd.log. There's less to sort through that way. Except for the overrides the rest of the configuration is the same as the normal SSH daemon process.

mackowiakp · 08-08-2020, 05:06 AM

OK. See attached file. I cant place result inline because I got an error from forum WEB site:

Quote:

The text that you have entered is too long (31383 characters). Please shorten it to 30000 characters long.

Turbocapitalist · 08-08-2020, 05:09 AM

Thanks. See starting line 230-ish:

Code:

debug1: trying public key file /home/debian/.ssh/authorized_keys
debug1: fd 6 clearing O_NONBLOCK
Authentication refused: bad ownership or modes for directory /home/debian
debug1: restore_uid: 0/0

Check permissions and ownerships again, please.

Code:

ls -lhd /
ls -lhd /home/
ls -lhd /home/debian/
ls -lhd /home/debian/.ssh/

mackowiakp · 08-08-2020, 05:14 AM

So You have:

Code:

root@Debian:~# ls -lhd /
drwxr-xr-x 21 root root 4,0K sie  7 17:07 /
root@Debian:~# ls -lhd /home/
drwxr-xr-x 3 root root 4,0K sie  7 07:34 /home/
root@Debian:~# ls -lhd /home/debian/
drwxrwxrwx 24 501 501 4,0K sie  7 17:08 /home/debian/
root@Debian:~# ls -lhd /home/debian/.ssh/
drwx------ 2 debian debian 4,0K sie  7 09:40 /home/debian/.ssh/

Turbocapitalist · 08-08-2020, 05:17 AM

Quote:

Originally Posted by mackowiakp

So You have:

Code:

root@Debian:~# ls -lhd /home/debian/
drwxrwxrwx 24 501 501 4,0K sie  7 17:08 /home/debian/

There is a question of how the ownership and permissions both got messed up.

They can be fixed like this:

Code:

sudo chown debian:debian /home/debian/

and then

Code:

sudo chmod u=rwx,g=rx,o=rx
# or 
sudo chmod u=rwx,g=rx,o=

The latter is recommended, if possible.

mackowiakp · 08-08-2020, 05:23 AM

Yep. THX. The problem was a mod of /home/debian