[SOLVED] ssh killing me :( Permission denied (publickey)

grail · 07-06-2010, 07:39 AM

So I have searched and searched and followed numerous howto's but appear to be a little thick on getting this one to work

It appears no matter what settings I change I cannot ssh into my laptop on the same network (for testing).

SO, here is where I have left it:

Code:

#on laptop which I am trying to connect to
ssh-keygen -t rsa    # did start with dsa but both give the same issue
Enter passphrase: <done> and repeated successfully

#on other machine (Nokia N900) after installing ssh software
accept bluetooth transmission of id_rsa.pub
mkdir .ssh
mv id_rsa.pub .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

#back on laptop
sudo service ssh restart   #restart service on Ubuntu machine

#back to N900
ssh grail@10.1.1.2
<blah blah ...>add to known_hosts:(yes/no) yes
... <time goes by>
Permission denied (publickey).

At this point I would add that prior to the above, on one of my many other attempts, I did confirm that I was able to ssh with the users password, ie grail's password

Also, I have attached my sshd_config below, but would note this has been changed as a conglomeration of all the howto's I have looked at.

Any help would be greatly appreciated as I know it will be something simple

Cheers
grail

PS. let me know if I need to provide any other details?

rical · 07-06-2010, 08:03 AM

I had a similar problem a log time ago. After reading the source code I found it that ssh expects the ~/.ssh folder to have drwxrwxr-x permission (if I remember correctly).

This doesn't make any sense at all as you don't want people poking around in there, anyway if I was you I wold at least try setting:

Code:

sudo chmod 755 ~ # This is the default in most dist
sudo chown -R `whoami`. ~/.ssh/ # This is also default
chmod -R 775 ~/.ssh
chmod 600 ~.ssh/authorized_keys

Apply this on both server and client. If it doesn't help revert back to what you where using, your permission settings make a lot more sense.

EDIT:
As I told you this make no sense and probably isn't the soultion the correct permission for .ssh is 0700 as you have set. Anyway try it. if it doesn't work. Run sshd with debug flag and check the output:

Code:

`which sshd` -d

Guttorm · 07-06-2010, 08:12 AM

Hi

I'm not sure what it could be, but try the -v option when you ssh from the laptop. You get lots of information that can help you finding the problem.

grail · 07-06-2010, 08:43 AM

Ok ... so thanks for the information.

The 775 option made no difference

Below is attached the output of trying to ssh from the N900 to my laptop which is running Ubuntu 10.04

As you can see the result is still the same

Guttorm · 07-06-2010, 08:56 AM

Ah, I think the confusion is where you made the key.

On the phone do:
ssh-keygen -t rsa

Hit enter a couple of times.

The public key file will then be in "/home/user/.ssh/id_rsa.pub". You need to copy this file to the laptop somehow. It should then be copied or moved to "/home/grail/.ssh/authorized_keys"

grail · 07-06-2010, 09:01 AM

So if I understand correctly you are saying I am ssh'ing in the wrong direction?

Problem is I am not able to go the other way either, ie from laptop to phone (which I presume is the right direction based on how I created and copied key ... yes?) I receive the same message and have setup the same sshd_config on the phone.

To make sure I will attach my attempt to connect from laptop to phone.

Thank you very much for your patience

IW2B · 07-06-2010, 09:02 AM

Hi,

Looks like the files do not exist:

Quote:

debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug3: no such identity: /home/user/.ssh/identity
debug1: Trying private key: /home/user/.ssh/id_rsa
debug3: no such identity: /home/user/.ssh/id_rsa
debug1: Trying private key: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa

From your original text you have:

Laptop: ssh-keygen -t rsa
Nokia: mv id_rsa.pub .ssh/authorized_keys
Laptop: sudo service ssh restart
Nokia: ssh grail@10.1.1.2

At no point in the above steps was a key generated on the Nokia and copied to .ssh/authorized_keys on the laptop. If your sshd on the laptop is set to not allow password authentication then you will need to create a key on the Nokia and transfer it to the Laptops authorized_keys

Ian

grail · 07-06-2010, 09:11 AM

Hi Ian

Thanks for your feedback ... this at least proves I know was understanding Guttorm that I was going the wrong way, ie I created key on laptop and transferred
to phone so I should be able to connect to phone from the laptop (just to check this is correct based on the above steps?)

cheers

grail

Guttorm · 07-06-2010, 09:21 AM

Hi again

I'm confused as well. But according to the first log, when you connect from the phone to the laptop, no key is found at all. When you connect from the laptop, a key is sent to the phone, but it looks like the phone rejects it.

Are these files equal?
On the laptop: /home/grail/.ssh/id_rsa.pub
On the phone: /home/user/.ssh/authorized_keys

Also, did you remember user@phone when you ssh from the laptop?

grail · 07-06-2010, 09:28 AM

Quote:

Also, did you remember user@phone when you ssh from the laptop?

Yep ... made this error a few times before noticing

Code:

#laptop
-rw-r--r-- 1 grail grail 396 2010-07-06 21:36 .ssh/id_rsa.pub

#phone
-rw------- 1 user  users 396   Jul   6  21:38 .ssh/authorized_keys

grail · 07-06-2010, 10:47 AM

Ok ... I have an update

I can now go from the phone to the laptop, but still get the same message going from the laptop to the phone.

Now I realise it is unlikely I will go in this direction very often, but I figure as I have started I should get to the bottom of this.

In some of the howto's I looked at it mentioned to run ssh-add once connection was able to be made, but when tried on the phone, even though I cannot currently connect, it gives the following error (not sure if related but putting up the things I have tried)

Code:

ssh-add
Could not open a connection to your authentication agent.

#this caused me to run
ps auwx | grep ssh-agent

#to which there is no reply

To get laptop to phone to work, simply creating the key and copying to laptop and renaming in the .ssh directory seemed to work straight away

I have since re-copied from laptop to phone and renamed in .ssh directory there but am still not able to connect