ssh public key auth not accepted
Hello,
on my server I have in /etc/ssh/sshd_config : RSAAuthentication no PubkeyAuthentication yes RhostsRSAAuthentication no HostbasedAuthentication no IgnoreRhosts yes PermitEmptyPasswords no PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication no When I try to ssh into the server with my private key, I get the following : [Jonas@jonas ~]$ ssh -2 -v -p 2273 -l admin -i /home/Jonas/vpn\&ssh/id_rsa_admin XXX.XXX.XXX.226 OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to XXX.XXX.XXX.226 [XXX.XXX.XXX.226] port 2273. debug1: Connection established. debug1: identity file /home/Jonas/vpn&ssh/id_rsa_admin type 1 debug1: identity file /home/Jonas/vpn&ssh/id_rsa_admin-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.5 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: checking without port identifier debug1: Host 'XXX.XXX.XXX.226' is known and matches the RSA host key. debug1: Found key in /home/Jonas/.ssh/known_hosts:10 debug1: found matching key w/out port debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/Jonas/vpn&ssh/id_rsa_admin debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey). Why is permission denied ? |
Read through the following link - make sure you have followed all the steps - http://oceanpark.com/notes/howto_ssh...orwarding.html - for example - Did you set "ForwardAgent yes" on your client system? There is nowhere near enough information in your post to do a proper diagnosis of your issue.
|
I have set ""ForwardAgent yes" in my /etc/ssh/ssh_config on my client.
I have changed the file .ssh/authorized_keys2 to .ssh/authorized_keys on my server. All the other steps mentioned in the link I have done, except "keychain" I don't want that. Still the same result. How can I get more debugging information ?? |
Try option -vvv to increase the level of verbosity in the debug messages.
|
Here is more verbosity :
[Jonas@jonas ~]$ ssh -2 -vvv -p 2273 -l admin -i /home/Jonas/vpn\&ssh/id_rsa_admin XXX.XXX.XXX.226 OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to XXX.XXX.XXX.226 [XXX.XXX.XXX.226] port 2273. debug1: Connection established. debug3: Not a RSA1 key file /home/Jonas/vpn&ssh/id_rsa_admin. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'Proc-Type:' debug3: key_read: missing keytype debug2: key_type_from_name: unknown key type 'DEK-Info:' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/Jonas/vpn&ssh/id_rsa_admin type 1 debug1: identity file /home/Jonas/vpn&ssh/id_rsa_admin-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.5 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss...00@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 128/256 debug2: bits set: 510/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: put_host_port: [XXX.XXX.XXX.226]:2273 debug3: put_host_port: [XXX.XXX.XXX.226]:2273 debug3: check_host_in_hostfile: host [XXX.XXX.XXX.226]:2273 filename /home/Jonas/.ssh/known_hosts debug3: check_host_in_hostfile: host [XXX.XXX.XXX.226]:2273 filename /home/Jonas/.ssh/known_hosts debug3: check_host_in_hostfile: host [XXX.XXX.XXX.226]:2273 filename /etc/ssh/ssh_known_hosts debug3: check_host_in_hostfile: host [XXX.XXX.XXX.226]:2273 filename /etc/ssh/ssh_known_hosts debug3: check_host_in_hostfile: host [XXX.XXX.XXX.226]:2273 filename /home/Jonas/.ssh/known_hosts debug3: check_host_in_hostfile: host [XXX.XXX.XXX.226]:2273 filename /home/Jonas/.ssh/known_hosts debug3: check_host_in_hostfile: host [XXX.XXX.XXX.226]:2273 filename /etc/ssh/ssh_known_hosts debug3: check_host_in_hostfile: host [XXX.XXX.XXX.226]:2273 filename /etc/ssh/ssh_known_hosts debug1: checking without port identifier debug3: check_host_in_hostfile: host XXX.XXX.XXX.226 filename /home/Jonas/.ssh/known_hosts debug3: check_host_in_hostfile: host XXX.XXX.XXX.226 filename /home/Jonas/.ssh/known_hosts debug3: check_host_in_hostfile: match line 10 debug1: Host 'XXX.XXX.XXX.226' is known and matches the RSA host key. debug1: Found key in /home/Jonas/.ssh/known_hosts:10 debug1: found matching key w/out port debug2: bits set: 523/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/Jonas/vpn&ssh/id_rsa_admin (0x26b20b0) debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/Jonas/vpn&ssh/id_rsa_admin debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). |
http://www.jms1.net/code/rsync-backup.shtml
The top of this page talks about setting public key between servers. You might want to try starting over from scratch by deleting the ~/.ssh/authorized_keys and the id_dsa_backup.pub to get a clean start. |
Quote:
|
Check the logs in the server. It may indicate what the problem is. For example, if permissions of .ssh or the private key are too lax, the server will refuse to make a connection. Even the permissions of your home directory can cause problems.
The issue may not be indicated in the debug -vvv output. After an upgrade, I wasn't able to ssh in, even though I had copied my ~/.ssh folder from backup. I found in the Release Notes that I needed to modify a line in /etc/ssh/sshd_config from AuthorizedKeysFile .ssh/authorized_keys to AuthorizedKeysFile %h/.ssh/authorized_keys I've even had a failure to log in because the hostname part of the authorizedkeys file entry didn't match exactly with the first entry in /etc/hosts. I think I changed it from jschiwal@netcow to jschiwal@netcow.jesnet but don't remember for certain. This behavior may depend on the UseDNS setting. I don't understand why ForwardAgent yes is being recommended in your case. |
Quote:
|
So I have done the following :
created the keys on my client : Code:
[Jonas@jonas ~]$ ssh-keygen -t rsa Code:
-rw-------. 1 Jonas Jonas 1766 Nov 17 13:52 id_rsa Code:
[admin@server admin]$ cp id_rsa .ssh/authorized_keys Code:
[admin@server admin]$ ls -l .ssh/ Code:
[Jonas@jonas ~]$ ssh -2 -v -p 2273 -l admin -i /home/Jonas/vpn\&ssh/id_rsa XXX.XXX.XXX.226 Code:
debug1: Authentications that can continue: publickey |
Code:
[admin@server admin]$ cp id_rsa .ssh/authorized_keys |
Quote:
Now it works indeed ! I knew I needed the private key on my host, but still I copied the private key to the server... Thanks ! |
All times are GMT -5. The time now is 12:59 PM. |