SSH denied before logging in locally

jammmie999 · 09-14-2013, 12:42 PM

Hello,

I am able to SSH into my box only when logged in locally first. If I attempt to ssh before logging in locally I get the message "Permission Denied (publickey)" having used keyfiles to secure authentication.

Once I login locally I am able to ssh without any issue, how can I configure openssh to allow me to ssh in, without having to first login locally.

Thanks

unSpawn · 09-14-2013, 01:23 PM

How and where did you add the remote public key part? Run us through the steps.
Are the permissions of your .ssh directory and the files therein OK? ('ls -al ~/.ssh')
What does 'egrep -ie "(pam|ssh)" /var/log/secure say?

jammmie999 · 09-14-2013, 04:30 PM

Permissions were set to:

Code:

drwx------  2 jamie jamie  4096 Aug  4 13:35 .
drwx------ 42 jamie jamie 12288 Sep 14 22:24 ..
-rw-------  1 jamie jamie  2223 Aug 22 20:02 authorized_keys
-rw-------  1 jamie jamie  3326 Jun 25 23:07 id_rsa
-rw-r--r--  1 jamie jamie   740 Jun 25 23:07 id_rsa.pub
-rw-r--r--  1 jamie jamie   492 Jul  1 13:18 known_hosts

And I have tried with, but to no avail:

Code:

drwx------  2 jamie jamie  4096 Aug  4 13:35 .
drwx------ 42 jamie jamie 12288 Sep 14 22:24 ..
-rw-r--r--  1 jamie jamie  2223 Aug 22 20:02 authorized_keys
-rw-r--r--  1 jamie jamie  3326 Jun 25 23:07 id_rsa
-rw-r--r--  1 jamie jamie   740 Jun 25 23:07 id_rsa.pub
-rw-r--r--  1 jamie jamie   492 Jul  1 13:18 known_hosts

And /var/log/secure doesn't exist?

unSpawn · 09-14-2013, 04:54 PM

Try:

Code:

drwx------ .ssh/
-rw-r----- .ssh/authorized_keys
-rw------- .ssh/config
-r-------- .ssh/id_dsa
-r-------- .ssh/id_dsa.pub
-rw-r----- .ssh/known_hosts

Quote:

Originally Posted by jammmie999

And /var/log/secure doesn't exist?

Then what log files does your Linux distribution offer in /var/log/?

jammmie999 · 09-14-2013, 04:55 PM

Code:

jamie@SERVER02 /var/log $ ls
alternatives.log       aptitude.2.gz  btmp        dpkg.log        installer      mail.log            mysql.log         pm-powersave.log.1     syslog       ufw.log.1
alternatives.log.1     aptitude.3.gz  btmp.1      dpkg.log.1      kern.log       mail.log.1          mysql.log.1.gz    pm-powersave.log.2.gz  syslog.1     ufw.log.2.gz
alternatives.log.2.gz  auth.log       ConsoleKit  dpkg.log.2.gz   kern.log.1     mail.log.2.gz       mysql.log.2.gz    pm-powersave.log.3.gz  syslog.2.gz  ufw.log.3.gz
alternatives.log.3.gz  auth.log.1     cups        dpkg.log.3.gz   kern.log.2.gz  mail.log.3.gz       mysql.log.3.gz    pm-powersave.log.4.gz  syslog.3.gz  ufw.log.4.gz
alternatives.log.4.gz  auth.log.2.gz  dmesg       dpkg.log.4.gz   kern.log.3.gz  mail.log.4.gz       mysql.log.4.gz    pm-suspend.log         syslog.4.gz  unattended-upgrades
alternatives.log.5.gz  auth.log.3.gz  dmesg.0     dpkg.log.5.gz   kern.log.4.gz  mdm                 mysql.log.5.gz    pm-suspend.log.1       syslog.5.gz  upstart
apache2                auth.log.4.gz  dmesg.1.gz  faillog         lastlog        mintsystem.log      mysql.log.6.gz    pm-suspend.log.2.gz    syslog.6.gz  wtmp
apt                    boot           dmesg.2.gz  fontconfig.log  mail.err       mintUpdate.history  mysql.log.7.gz    pycentral.log          syslog.7.gz  wtmp.1
aptitude               boot.log       dmesg.3.gz  fsck            mail.err.1     mysql               news              samba                  udev         Xorg.0.log
aptitude.1.gz          bootstrap.log  dmesg.4.gz  hp              mail.err.2.gz  mysql.err           pm-powersave.log  speech-dispatcher      ufw.log      Xorg.0.log.old

lleb · 09-14-2013, 05:02 PM

take a look at my cig. it has some links with the info you will need.

also you never mentioned the distro you are running and what security settings you have active.

jammmie999 · 09-14-2013, 05:14 PM

Quote:

Originally Posted by lleb

take a look at my cig. it has some links with the info you will need.

also you never mentioned the distro you are running and what security settings you have active.

Everything is setup ok, its just that I cant ssh without first logging on locally. I am using Linux Mint.

Attached output of ssh me@myserver -vvv. Left of screen when logged out, right when logged in and ssh succeeds.

unSpawn · 09-14-2013, 05:59 PM

Quote:

Originally Posted by jammmie999

I am able to SSH into my box only when logged in locally first.

Are you per chance using an encrypted home directory on the machine you try to SSH into?

jammmie999 · 09-14-2013, 06:25 PM

Quote:

Originally Posted by unSpawn

Are you per chance using an encrypted home directory on the machine you try to SSH into?

Yes, I think I am. Followed this tutorial (http://ubuntuforums.org/showthread.php?t=1602399) and everything is working now!

Thank You.

lleb · 09-14-2013, 08:51 PM

Quote:

Originally Posted by jammmie999

Yes, I think I am. Followed this tutorial (http://ubuntuforums.org/showthread.php?t=1602399) and everything is working now!

Thank You.

interesting. i dont use encrypted /home, but i do use full disk encryption and thus dont have that problem. interesting. you might want to update the wiki to make points on the encrypted home directories can cause ssh issues.