LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-14-2010, 06:59 AM   #1
IanVaughan
Member
 
Registered: Jun 2009
Location: Brighton, UK
Posts: 50

Rep: Reputation: 16
ssh access denied putty


I can SSH into my RHEL box, but get an "Access denied" error :-

Quote:
login as: root
Access denied
root 192.168.0.10's password:
Last login:.....
#
So, I can SSH in, but it always prints the Access denied!? Why?
 
Old 01-14-2010, 07:23 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
First of all, unless you need to access the RHEL box from a cron job, you shouldn't allow root ssh logins.

There is an option in sshd_config that denies root logins. That may be the default.

You need to run "ssh -vv 192.168.0.1" to provide more information. Also check the RHEL Box's log files. It may say why Access is denied.

Other things that can deny access are:
permissions of .ssh to lax.
permissions of private key to lax
permissions of parent home directory to lax
AllowUsers doesn't list the user
Reverse DNS lookup results in a different hostname. (e.g. hostname.domainname expected but hostname is listed in /etc/hosts)
 
1 members found this post helpful.
Old 01-14-2010, 08:00 AM   #3
IanVaughan
Member
 
Registered: Jun 2009
Location: Brighton, UK
Posts: 50

Original Poster
Rep: Reputation: 16
1. I know, I will be adding user accounts, but am interested to know more about this problem.

2. Option was disabled, and I could login ok with root, enabling it doesnt change anything. (rebooted machine!)
Quote:
PermitRootLogin yes
3. "ssh -vv" was very interesting, I cant see anything of interest tho. (
Quote:
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.24.40.130 [172.24.40.130] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 114/256
debug2: bits set: 503/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '172.24.40.130' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug2: bits set: 515/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa (0x9289ee0)
debug2: key: /root/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: SHA1 fp e5:bb:bb:11:44:5b:4b:35:bc:3d:61:69:ee:b2:45:48:b1:1b:e7:e8
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
Of course using the "ssh" command is don via another linux terminal. And this doesn't give the "access denied" output/printf!

Its only when I use Putty I get "access denied"!
 
Old 01-15-2010, 01:39 AM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
OK. I think I am getting the picture. You can use putty-keygen to generate keys. Then load in the private key. An openssh compatible public key will be printed on the top of the dialog box. Copy it and paste it into a file. Add this to the server's authorized_keys file.

If you are a regular user on the server, then this would be in $HOME/.ssh/authorized_keys.
Now you have a public key for when you are accessing it from a Linux terminal and one for when you are accessing it from Putty.

You haven't posted the sshd_config file but apparently it is configured for public key authentication.

Code:
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
There wasn't an attempt for using a password so I don't know how that is configured.

Also important, if you use public key authentication, is to use a passphrase. This is used to encrypt the private key on the client. It isn't used on the server side at all, but will protect the server in the case that your private key is stolen.
 
Old 01-15-2010, 08:53 AM   #5
Digital Surgeon
Member
 
Registered: Nov 2004
Location: Canada
Distribution: Ubuntu 7.10 - Gutsy Gibbon(Desktop Edition)
Posts: 184

Rep: Reputation: 30
Think bout your network and make sure its not timing out, also establish port forwarding on the router of the linux box running the SSH Server, but yes root login wont work on SSH by default.

-Hope this gives you some more guidance.
 
Old 01-25-2011, 09:05 PM   #6
gingerjws
LQ Newbie
 
Registered: Jan 2011
Posts: 1

Rep: Reputation: 0
Change another port and try again.

Change another port and try again.
 
Old 12-29-2011, 07:57 PM   #7
DucQuoc
LQ Newbie
 
Registered: Dec 2011
Posts: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by IanVaughan View Post
...
3. "ssh -vv" was very interesting, I cant see anything of interest tho. (

Of course using the "ssh" command is don via another linux terminal. And this doesn't give the "access denied" output/printf!

Its only when I use Putty I get "access denied"!
I met the same problem with Putty when trying to connect Ubuntu 10.10 . I resolved it by enabling passwordAuthentication over GSSAPI in sshd_config , and use the SSH option: *SSH-2 only* instead of "SSH-2" .


#### /etc/ssh/sshd_config
PasswordAuthentication yes
GSSAPIAuthentication no
GSSAPICleanupCredentials yes

(then restart daemon: sudo /etc/init.d/ssh restart )

#### Putty Connection -> SSH -> under Protocol options -> Preferred SSH protocol version
2 Only

not sure if it works with RHEL, though
--Duc

Last edited by DucQuoc; 12-29-2011 at 08:15 PM.
 
Old 10-15-2015, 01:06 AM   #8
kohshan99
Member
 
Registered: Sep 2012
Posts: 71

Rep: Reputation: Disabled
Open up /etc/ssh/sshd_config and set “PermitRootLogin” to “yes”. (Your ISP probably set it to “without-password”)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH to fedora get access denied after typing in the password. sunskystar Linux - General 6 07-17-2008 10:53 PM
ssh access denied kokotx1981 Linux - Networking 3 01-28-2008 09:49 AM
Access Denied When Remote Connection Using Putty erosszz Linux - Newbie 11 10-18-2006 03:28 AM
I would not connect to suse 10 server from a windows PC using ssh. 'access denied' zhangy Linux - Networking 3 10-12-2006 05:24 AM
SSH login ... access denied (suse 9.1) saxxon1 Linux - Networking 3 09-14-2004 02:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration