Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 05-27-2007, 08:47 PM   #1
Senior Member
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,623

Rep: Reputation: 50
Permission denied (publickey,password,keyboard-interactive)


I cannot login into ssh due to the following error:
storage> ssh localhost
Permission denied (publickey,password,keyboard-interactive).

my system:
storage> uname -a
Linux storage 2.4.22-uc0 #458 Tue Apr 3 01:09:49 CST 2007 ppc unknown
storage> ssh -v
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004
storage> ls -la /etc/ssh
drwxr-xr-x 2 root root 1024 May 28 03:23 .
drwxr-xr-x 8 root root 2048 May 28 03:13 ..
-rw------- 1 root root 1192 May 28 03:12 ssh_host_dsa_key
-rw-r--r-- 1 root root 1114 May 28 03:12
-rw------- 1 root root 975 May 28 03:03 ssh_host_key
-rw-r--r-- 1 root root 639 May 28 03:03
-rw------- 1 root root 1675 May 28 03:05 ssh_host_rsa_key
-rw-r--r-- 1 root root 394 May 28 03:05
-rw-r--r-- 1 root root 2974 May 28 03:23 sshd_config
-rw-r--r-- 1 root root 2961 May 28 03:27 sshd_config_org
-rw-r--r-- 1 root root 2977 May 28 03:23 sshd_config_save

my sshd configuration:
# vi etc/ssh/sshd_config

# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 22
Protocol 2,1
#AddressFamily any
#ListenAddress ::

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

#now ssh is only used by rsync ==> auth by passwd file of rsync server
#AuthPassFile /etc/rsyncd.secrets

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
Compression yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/
#MaxStartups 10

DenyUsers admin

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

I tried to remove /root/.ssh/known_hosts
and regenerate all keys:
ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
but still doesn't work !

knows someone howto solve this problem ?
Old 05-28-2007, 03:04 AM   #2
Registered: Mar 2007
Posts: 41

Rep: Reputation: 15
Hmm... I'm not very knowledgeable on this problem, but I just checked my /etc/ssh/sshd_config and every line was commented out, and I did not have /root/.ssh at all. Perhaps you can try that for troubleshooting?
Old 05-28-2007, 11:27 AM   #3
Senior Member
Registered: May 2006
Distribution: BeOS, BSD, Caldera, CTOS, Debian, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE, Xubuntu
Posts: 1,760

Rep: Reputation: 80
I used your sshd_config file, tried root ssh connection to localhost, and got the same results as you. After trial and error, I was finally able to login. This is what I did:
# cd ~/.ssh
# ssh-keygen -t rsa
no passphrase entered for key
# cp authorized_keys
# chmod 600 authorized_keys
# ssh -v localhost
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Mon May 28 11:59:48 2007 from localhost
If you enter a passphrase when you create your ssh key, you will be prompted to enter it when connecting via ssh.

The #AuthorizedKeysFile .ssh/authorized_keys entry is the default for where your public key is searched. If you don't copy your public key as I did in the above steps, you can have AuthorizedKeysFile .ssh/ instead. Reference man sshd_config.

If you run sshd in debug mode, you'll see what it's looking for:
debug1: trying public key file /root/.ssh/authorized_keys
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
debug1: trying public key file /root/.ssh/
debug1: matching key found: file /root/.ssh/, line 1

Last edited by bsdunix; 05-28-2007 at 11:32 AM.
Old 05-31-2007, 05:32 PM   #4
Senior Member
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,623

Original Poster
Rep: Reputation: 50
I've installed openssh again:

# ipkg install openssh

and now it seems to work.

thanks anyway.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh -- Permission denied (publickey,password,keyboard-interactive). davidkline Linux - Networking 11 08-20-2014 02:19 PM
No longer able to log into ssh. Password right but "permission denied" Baix Linux - Software 11 11-21-2008 12:44 PM
'permission denied" inspite of right permission flags on network drive anirudhvij Linux - Enterprise 8 05-22-2007 05:57 AM
Permission denied (publickey,password,keyboard-interactive). rockymaxsource Linux - Networking 3 04-27-2007 08:32 PM
interactive password manager XicKy Linux - Software 2 11-08-2006 11:49 AM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:34 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration