Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-18-2006, 04:27 PM
|
#1
|
LQ Newbie
Registered: Nov 2005
Location: Chiago, IL
Distribution: VectorLinux
Posts: 26
Rep:
|
ssh -- Permission denied (publickey,password,keyboard-interactive).
I recently installed OpenSSH on a CoreLinux machine and have a problem.
From the CoreLinux machine I can ssh out to any machine without any problems. However, when I ssh to the CoreLinux machine (from anywhere) it fails and outputs the following message after three login attempts:
"Permission denied (publickey,password,keyboard-interactive)."
On the CoreLinux machine /var/log/syslog indicates the failure with the message "<timestamp> <machine name> sshd[395]: Failed password for <acct> from <addr> port 1338 ssh2". I know that the account on the CoreLinux machine is working because I can login from the console. I can see sshd running. It was started with the command "sshd -p 22"
Does anyone know what I'm doing wrong? Thanks in advance!
|
|
|
01-18-2006, 05:09 PM
|
#2
|
LQ Guru
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094
|
Try ssh'ing to the Corelinux machine from itself. Not sure what this will accomplish other than making sure the sshd has a config file that will allow any logins...
Also, did it ask you for the user name? Or did you pass the user name? I once spent 30 minutes fighting an sshd because I didn't realize that it was trying to log me on as the user on my current machine instead of the user on my debian system... Doh!
|
|
|
01-18-2006, 05:54 PM
|
#3
|
LQ Newbie
Registered: Nov 2005
Location: Chiago, IL
Distribution: VectorLinux
Posts: 26
Original Poster
Rep:
|
thank you for your reply,
>Try ssh'ing to the Corelinux machine from itself. Not
>sure what this will accomplish other than making sure
>the sshd has a config file that will allow any logins...
i did try 'ssh user@machine' and had the same results. regarding the sshd_config file, i didn't make any changes to it. all the options are commented out. could this be the problem? permissions?
the client side seems ok. i can ssh to any machine and log in.
>Also, did it ask you for the user name? Or did you pass
>the user name? I once spent 30 minutes fighting an sshd
>because I didn't realize that it was trying to log me on
>as the user on my current machine instead of the user on
>my debian system... Doh!
i passed the username on the command line. it only asked for the password.
thanks again,
|
|
|
01-18-2006, 06:10 PM
|
#4
|
LQ Guru
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094
|
Did you try ssh'ing the corel machine from the corel machine (i.e. ssh user@localhost)? This was to test the ssh server on the corel machine (I figure if anything were to work, an ssh to localhost would).
I would read through the config file and see if anything intuitively makes sense to uncomment. Make sure you're reading the ssh d_config file, not the ssh_config file. ssh is working fine you said, it's ssh d that you're having problems with.
Here's a copy of my sshd_config file:
Code:
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 600
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
Subsystem sftp /usr/lib/sftp-server
UsePAM yes
I also just realized that I get the same error you describe if I try to ssh root@localhost because I have PermitRootLogin no in sshd_config. But I can login as user fine, so it must be a configuration issue.
Last edited by pljvaldez; 01-18-2006 at 06:17 PM.
|
|
|
01-18-2006, 08:27 PM
|
#5
|
LQ Newbie
Registered: Nov 2005
Location: Chiago, IL
Distribution: VectorLinux
Posts: 26
Original Poster
Rep:
|
>Did you try ssh'ing the corel machine from the corel
>machine (i.e. ssh user@localhost)? This was to test the
>ssh server on the corel machine (I figure if anything were
>to work, an ssh to localhost would).
yes, i did try to ssh to the local machine: 'ssh user@corelinux' without good results. i still get the failure message as mentioned before. again, i can ssh to another machine with success (from corelinux).
>I would read through the config file and see if anything
>intuitively makes sense to uncomment. Make sure you're
>reading the sshd_config file, not the ssh_config file. ssh
>is working fine you said, it's sshd that you're having
>problems with.
i'm not in front of the machine at the moment, so i'll have a look tomorrow.
>I also just realized that I get the same error you
>describe if I try to ssh root@localhost because I have
>PermitRootLogin no in sshd_config. But I can login as user
>fine, so it must be a configuration issue.
i'm hoping it is as simple as that.
- would it help for me to post my sshd_config file?
- is there anyway to have the server output debug messages?
thanks again for you replies...
===============================================================
some additional information...
i up-rev'd the corelinux machine to openssh 3.7.1p2, the same
version as a machine that i know works. also, i copied the
sshd* configuration files from the working to the corelinux
machine. i compared the output of the sshd (sshd -d) between
the working machine and corelinux. i ran it on the working
machine in order to see what it looks like when it works, then
on the corelinux machine. outputs on both machines looked the
same until the password was entered. the corelinux box output
two messages indicating that the password failed. also, i modifed
the password of the user account i'm logging into just to see
if that would make a difference. unfortunately it didn't.
could there be a permissions issue?
what do you think?
thanks,
===============================================================
Last edited by davidkline; 01-19-2006 at 11:08 AM.
|
|
|
02-15-2008, 06:46 PM
|
#6
|
LQ Newbie
Registered: Feb 2008
Posts: 9
Rep:
|
ssh logini s failing
Hi all,
i have read this thread & seems very familir to the issue i am facing right now.
I am trying to login from my windows m/c to linux machine using ssh w/o givng password. I created my public-pvt key pair using putty gen. & copied it to the linux file (authentication_key) in .ssh/ folder.
When i try 2 login it fails saying;
Permission denied (publickey,password,keyboard-interactive).
I would request to pls help me in this.
Regards
Quote:
Originally Posted by davidkline
>Did you try ssh'ing the corel machine from the corel
>machine (i.e. ssh user@localhost)? This was to test the
>ssh server on the corel machine (I figure if anything were
>to work, an ssh to localhost would).
yes, i did try to ssh to the local machine: 'ssh user@corelinux' without good results. i still get the failure message as mentioned before. again, i can ssh to another machine with success (from corelinux).
>I would read through the config file and see if anything
>intuitively makes sense to uncomment. Make sure you're
>reading the sshd_config file, not the ssh_config file. ssh
>is working fine you said, it's sshd that you're having
>problems with.
i'm not in front of the machine at the moment, so i'll have a look tomorrow.
>I also just realized that I get the same error you
>describe if I try to ssh root@localhost because I have
>PermitRootLogin no in sshd_config. But I can login as user
>fine, so it must be a configuration issue.
i'm hoping it is as simple as that.
- would it help for me to post my sshd_config file?
- is there anyway to have the server output debug messages?
thanks again for you replies...
===============================================================
some additional information...
i up-rev'd the corelinux machine to openssh 3.7.1p2, the same
version as a machine that i know works. also, i copied the
sshd* configuration files from the working to the corelinux
machine. i compared the output of the sshd (sshd -d) between
the working machine and corelinux. i ran it on the working
machine in order to see what it looks like when it works, then
on the corelinux machine. outputs on both machines looked the
same until the password was entered. the corelinux box output
two messages indicating that the password failed. also, i modifed
the password of the user account i'm logging into just to see
if that would make a difference. unfortunately it didn't.
could there be a permissions issue?
what do you think?
thanks,
===============================================================
|
|
|
|
02-05-2010, 11:02 PM
|
#7
|
LQ Newbie
Registered: Feb 2010
Posts: 1
Rep:
|
Quote:
Originally Posted by kapila
Hi all,
i have read this thread & seems very familir to the issue i am facing right now.
I am trying to login from my windows m/c to linux machine using ssh w/o givng password. I created my public-pvt key pair using putty gen. & copied it to the linux file (authentication_key) in .ssh/ folder.
When i try 2 login it fails saying;
Permission denied (publickey,password,keyboard-interactive).
I would request to pls help me in this.
Regards
|
First post to LQ and FWIW
To fix this problem I simply reset the password on the receiver and Voila!
But first lots of other ideas to no avail.
For me the sshd receiver was Cygwin running on XP.
BTW this howto helped me lots //ist.uwaterloo.ca/~kscully/CygwinSSHD_W2K3.html called Installing the Cygwin SSH daemon How to setup the secure shell daemon on a Windows 2003 server
|
|
|
05-24-2010, 09:56 AM
|
#8
|
LQ Newbie
Registered: May 2010
Posts: 1
Rep:
|
Commenting below Line in /etc/ssh/sshd_config , and restart sshd service. it worked for me.
ChallengeResponseAuthentication no
Last edited by prashant185; 05-24-2010 at 10:00 AM.
Reason: added more info
|
|
|
09-02-2010, 08:32 AM
|
#9
|
LQ Newbie
Registered: Sep 2010
Posts: 1
Rep:
|
Quote:
Originally Posted by prashant185
Commenting below Line in /etc/ssh/sshd_config , and restart sshd service. it worked for me.
ChallengeResponseAuthentication no
|
Thanks, this worked for me too!
|
|
|
03-05-2011, 02:34 PM
|
#10
|
LQ Newbie
Registered: Mar 2011
Posts: 1
Rep:
|
Quote:
Originally Posted by prashant185
Commenting below Line in /etc/ssh/sshd_config , and restart sshd service. it worked for me.
ChallengeResponseAuthentication no
|
When ChallengeResponseAuthentication is set to no, SSHD will only authenticate by public/private key, not by password. In order to authenticate by key instead of password, the public key for the client user must be in the authorized_keys of the server user, usually ~/.ssh/authorized_keys.
|
|
1 members found this post helpful.
|
05-07-2012, 01:16 AM
|
#11
|
LQ Newbie
Registered: May 2012
Posts: 1
Rep:
|
Crucial Info
I know this thread is quite old but I stumbled up this because I had a similar issue with no solution to be found. What bdoughty1970 said was absolutely spot on.
You have to make sure that you add the client public key to server authorized_keys
client: id_rsa.pub
server_user: ~/.ssh/authorized_keys
if you scp the client public key to server user.
scp ~/.ssh/id_rsa.pub serverUsername@host.com:/home/serverUsername
then copy the contents into the authorized keys ( after logging into the server as the user)
cat id_rsa.pub >> ~/.ssh/authorized_keys.
and then bingo! It should work.
P.S.
This is assuming you have correct permissions and have also set up /etc/ssh/sshd_config ( on the server) correctly.
For the sshd_config make sure you either add or uncomment this line:
AuthorizedKeysFile %h/.ssh/authorized_keys
Last edited by Ishikawa91; 05-07-2012 at 01:19 AM.
Reason: Forgot some minor info
|
|
|
08-20-2014, 03:19 PM
|
#12
|
LQ Newbie
Registered: Jun 2012
Location: Edmonton AB Canada
Distribution: Ubuntu
Posts: 1
Rep:
|
Further note to Ishikawa91, post 11
The thread is two years older now! Ishikawa91's post is bang on in describing the problem and furthermore it is a model post in giving directions that can actually be followed.
I answered a question incorrectly when I secure shell'ed into another server, in my case from an Ubuntu workstation to a Debian server. It all works now.
Thank you!
|
|
|
All times are GMT -5. The time now is 09:00 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|