LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-18-2006, 03:27 PM   #1
davidkline
LQ Newbie
 
Registered: Nov 2005
Location: Chiago, IL
Distribution: VectorLinux
Posts: 26

Rep: Reputation: 15
ssh -- Permission denied (publickey,password,keyboard-interactive).


I recently installed OpenSSH on a CoreLinux machine and have a problem.

From the CoreLinux machine I can ssh out to any machine without any problems. However, when I ssh to the CoreLinux machine (from anywhere) it fails and outputs the following message after three login attempts:

"Permission denied (publickey,password,keyboard-interactive)."

On the CoreLinux machine /var/log/syslog indicates the failure with the message "<timestamp> <machine name> sshd[395]: Failed password for <acct> from <addr> port 1338 ssh2". I know that the account on the CoreLinux machine is working because I can login from the console. I can see sshd running. It was started with the command "sshd -p 22"

Does anyone know what I'm doing wrong? Thanks in advance!
 
Old 01-18-2006, 04:09 PM   #2
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
Try ssh'ing to the Corelinux machine from itself. Not sure what this will accomplish other than making sure the sshd has a config file that will allow any logins...

Also, did it ask you for the user name? Or did you pass the user name? I once spent 30 minutes fighting an sshd because I didn't realize that it was trying to log me on as the user on my current machine instead of the user on my debian system... Doh!
 
Old 01-18-2006, 04:54 PM   #3
davidkline
LQ Newbie
 
Registered: Nov 2005
Location: Chiago, IL
Distribution: VectorLinux
Posts: 26

Original Poster
Rep: Reputation: 15
thank you for your reply,

>Try ssh'ing to the Corelinux machine from itself. Not
>sure what this will accomplish other than making sure
>the sshd has a config file that will allow any logins...

i did try 'ssh user@machine' and had the same results. regarding the sshd_config file, i didn't make any changes to it. all the options are commented out. could this be the problem? permissions?

the client side seems ok. i can ssh to any machine and log in.


>Also, did it ask you for the user name? Or did you pass
>the user name? I once spent 30 minutes fighting an sshd
>because I didn't realize that it was trying to log me on
>as the user on my current machine instead of the user on
>my debian system... Doh!

i passed the username on the command line. it only asked for the password.

thanks again,
 
Old 01-18-2006, 05:10 PM   #4
pljvaldez
Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Squeeze (x86)
Posts: 6,092

Rep: Reputation: 269Reputation: 269Reputation: 269
Did you try ssh'ing the corel machine from the corel machine (i.e. ssh user@localhost)? This was to test the ssh server on the corel machine (I figure if anything were to work, an ssh to localhost would).

I would read through the config file and see if anything intuitively makes sense to uncomment. Make sure you're reading the sshd_config file, not the ssh_config file. ssh is working fine you said, it's sshd that you're having problems with.

Here's a copy of my sshd_config file:

Code:
# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 600
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication no


# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

Subsystem	sftp	/usr/lib/sftp-server

UsePAM yes
I also just realized that I get the same error you describe if I try to ssh root@localhost because I have PermitRootLogin no in sshd_config. But I can login as user fine, so it must be a configuration issue.

Last edited by pljvaldez; 01-18-2006 at 05:17 PM.
 
Old 01-18-2006, 07:27 PM   #5
davidkline
LQ Newbie
 
Registered: Nov 2005
Location: Chiago, IL
Distribution: VectorLinux
Posts: 26

Original Poster
Rep: Reputation: 15
>Did you try ssh'ing the corel machine from the corel
>machine (i.e. ssh user@localhost)? This was to test the
>ssh server on the corel machine (I figure if anything were
>to work, an ssh to localhost would).

yes, i did try to ssh to the local machine: 'ssh user@corelinux' without good results. i still get the failure message as mentioned before. again, i can ssh to another machine with success (from corelinux).

>I would read through the config file and see if anything
>intuitively makes sense to uncomment. Make sure you're
>reading the sshd_config file, not the ssh_config file. ssh
>is working fine you said, it's sshd that you're having
>problems with.

i'm not in front of the machine at the moment, so i'll have a look tomorrow.

>I also just realized that I get the same error you
>describe if I try to ssh root@localhost because I have
>PermitRootLogin no in sshd_config. But I can login as user
>fine, so it must be a configuration issue.

i'm hoping it is as simple as that.
- would it help for me to post my sshd_config file?
- is there anyway to have the server output debug messages?

thanks again for you replies...

===============================================================
some additional information...

i up-rev'd the corelinux machine to openssh 3.7.1p2, the same
version as a machine that i know works. also, i copied the
sshd* configuration files from the working to the corelinux
machine. i compared the output of the sshd (sshd -d) between
the working machine and corelinux. i ran it on the working
machine in order to see what it looks like when it works, then
on the corelinux machine. outputs on both machines looked the
same until the password was entered. the corelinux box output
two messages indicating that the password failed. also, i modifed
the password of the user account i'm logging into just to see
if that would make a difference. unfortunately it didn't.

could there be a permissions issue?
what do you think?

thanks,
===============================================================

Last edited by davidkline; 01-19-2006 at 10:08 AM.
 
Old 02-15-2008, 05:46 PM   #6
kapila
LQ Newbie
 
Registered: Feb 2008
Posts: 9

Rep: Reputation: 0
ssh logini s failing

Hi all,
i have read this thread & seems very familir to the issue i am facing right now.
I am trying to login from my windows m/c to linux machine using ssh w/o givng password. I created my public-pvt key pair using putty gen. & copied it to the linux file (authentication_key) in .ssh/ folder.

When i try 2 login it fails saying;
Permission denied (publickey,password,keyboard-interactive).

I would request to pls help me in this.


Regards




Quote:
Originally Posted by davidkline View Post
>Did you try ssh'ing the corel machine from the corel
>machine (i.e. ssh user@localhost)? This was to test the
>ssh server on the corel machine (I figure if anything were
>to work, an ssh to localhost would).

yes, i did try to ssh to the local machine: 'ssh user@corelinux' without good results. i still get the failure message as mentioned before. again, i can ssh to another machine with success (from corelinux).

>I would read through the config file and see if anything
>intuitively makes sense to uncomment. Make sure you're
>reading the sshd_config file, not the ssh_config file. ssh
>is working fine you said, it's sshd that you're having
>problems with.

i'm not in front of the machine at the moment, so i'll have a look tomorrow.

>I also just realized that I get the same error you
>describe if I try to ssh root@localhost because I have
>PermitRootLogin no in sshd_config. But I can login as user
>fine, so it must be a configuration issue.

i'm hoping it is as simple as that.
- would it help for me to post my sshd_config file?
- is there anyway to have the server output debug messages?

thanks again for you replies...

===============================================================
some additional information...

i up-rev'd the corelinux machine to openssh 3.7.1p2, the same
version as a machine that i know works. also, i copied the
sshd* configuration files from the working to the corelinux
machine. i compared the output of the sshd (sshd -d) between
the working machine and corelinux. i ran it on the working
machine in order to see what it looks like when it works, then
on the corelinux machine. outputs on both machines looked the
same until the password was entered. the corelinux box output
two messages indicating that the password failed. also, i modifed
the password of the user account i'm logging into just to see
if that would make a difference. unfortunately it didn't.

could there be a permissions issue?
what do you think?

thanks,
===============================================================
 
Old 02-05-2010, 10:02 PM   #7
clarkej
LQ Newbie
 
Registered: Feb 2010
Posts: 1

Rep: Reputation: 0
Quote:
Originally Posted by kapila View Post
Hi all,
i have read this thread & seems very familir to the issue i am facing right now.
I am trying to login from my windows m/c to linux machine using ssh w/o givng password. I created my public-pvt key pair using putty gen. & copied it to the linux file (authentication_key) in .ssh/ folder.

When i try 2 login it fails saying;
Permission denied (publickey,password,keyboard-interactive).

I would request to pls help me in this.


Regards
First post to LQ and FWIW

To fix this problem I simply reset the password on the receiver and Voila!

But first lots of other ideas to no avail.

For me the sshd receiver was Cygwin running on XP.

BTW this howto helped me lots //ist.uwaterloo.ca/~kscully/CygwinSSHD_W2K3.html called Installing the Cygwin SSH daemon How to setup the secure shell daemon on a Windows 2003 server
 
Old 05-24-2010, 08:56 AM   #8
prashant185
LQ Newbie
 
Registered: May 2010
Posts: 1

Rep: Reputation: 0
Commenting below Line in /etc/ssh/sshd_config , and restart sshd service. it worked for me.

ChallengeResponseAuthentication no

Last edited by prashant185; 05-24-2010 at 09:00 AM. Reason: added more info
 
Old 09-02-2010, 07:32 AM   #9
metrojunky
LQ Newbie
 
Registered: Sep 2010
Posts: 1

Rep: Reputation: 0
Quote:
Originally Posted by prashant185 View Post
Commenting below Line in /etc/ssh/sshd_config , and restart sshd service. it worked for me.

ChallengeResponseAuthentication no
Thanks, this worked for me too!
 
Old 03-05-2011, 01:34 PM   #10
bdoughty1970
LQ Newbie
 
Registered: Mar 2011
Posts: 1

Rep: Reputation: 1
Quote:
Originally Posted by prashant185 View Post
Commenting below Line in /etc/ssh/sshd_config , and restart sshd service. it worked for me.

ChallengeResponseAuthentication no
When ChallengeResponseAuthentication is set to no, SSHD will only authenticate by public/private key, not by password. In order to authenticate by key instead of password, the public key for the client user must be in the authorized_keys of the server user, usually ~/.ssh/authorized_keys.
 
1 members found this post helpful.
Old 05-07-2012, 12:16 AM   #11
Ishikawa91
LQ Newbie
 
Registered: May 2012
Posts: 1

Rep: Reputation: Disabled
Talking Crucial Info

I know this thread is quite old but I stumbled up this because I had a similar issue with no solution to be found. What bdoughty1970 said was absolutely spot on.

You have to make sure that you add the client public key to server authorized_keys
client: id_rsa.pub
server_user: ~/.ssh/authorized_keys

if you scp the client public key to server user.
scp ~/.ssh/id_rsa.pub serverUsername@host.com:/home/serverUsername

then copy the contents into the authorized keys (after logging into the server as the user)

cat id_rsa.pub >> ~/.ssh/authorized_keys.

and then bingo! It should work.


P.S.
This is assuming you have correct permissions and have also set up /etc/ssh/sshd_config (on the server) correctly.
For the sshd_config make sure you either add or uncomment this line:
AuthorizedKeysFile %h/.ssh/authorized_keys

Last edited by Ishikawa91; 05-07-2012 at 12:19 AM. Reason: Forgot some minor info
 
Old 08-20-2014, 02:19 PM   #12
abriano.cr
LQ Newbie
 
Registered: Jun 2012
Location: Edmonton AB Canada
Distribution: Ubuntu
Posts: 1

Rep: Reputation: Disabled
Thumbs up Further note to Ishikawa91, post 11

The thread is two years older now! Ishikawa91's post is bang on in describing the problem and furthermore it is a model post in giving directions that can actually be followed.

I answered a question incorrectly when I secure shell'ed into another server, in my case from an Ubuntu workstation to a Debian server. It all works now.

Thank you!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
No longer able to log into ssh. Password right but "permission denied" Baix Linux - Software 11 11-21-2008 12:44 PM
ssh login with normal user, receive: /dev/null: Permission denied mark78301 Red Hat 3 11-12-2005 09:20 AM
SSH Permission Denied Chimney Linux - Security 1 11-10-2005 06:01 PM
Trouble configuring SSH publickey pioniere Linux - Security 4 02-25-2005 02:20 PM
help! ssh password being denied for ALL acccounts (hacked?) JustinHoMi Linux - Security 4 05-26-2002 05:57 AM


All times are GMT -5. The time now is 05:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration