Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-01-2011, 04:43 AM
|
#1
|
Member
Registered: Feb 2009
Distribution: Mainly CentOS6.4 x64
Posts: 161
Rep:
|
No supported authentication methods available when using a private key for login
I keep getting the above message when trying to login to my server using a private key, is there something I am missing from the configs here?
Quote:
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
Protocol 2
#AddressFamily any
ListenAddress 192.168.0.2
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
LoginGraceTime 30
#PermitRootLogin yes
#StrictModes yes
MaxAuthTries 1
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
#PasswordAuthentication yes
PasswordAuthentication no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
|
It's pretty much the default except for not allowing password logins, am I missing something here at all?
Thanks,
Jez.
|
|
|
03-01-2011, 09:26 AM
|
#2
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Rep:
|
What OS / version? If CentOS (as in your profile), then check /var/log/secure for clues.
|
|
|
03-01-2011, 09:29 AM
|
#3
|
Member
Registered: Feb 2009
Distribution: Mainly CentOS6.4 x64
Posts: 161
Original Poster
Rep:
|
That is where I got the log error from in the first place!
It's centos 5.5.
|
|
|
03-01-2011, 11:42 AM
|
#4
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Rep:
|
You didn't mention that in your first post.
Assuming there is nothing else in /var/log/secure that may clue you in (e.g. permissions issues), then you've likely set up pubkey authentication incorrectly for the user you're testing.
|
|
|
03-01-2011, 12:43 PM
|
#5
|
Member
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375
Rep:
|
If you're trying to log in to your server, you should have the public key, not the private one.
If the problem is in the ssh config, I'd suggest starting a verbose ssh session (ssh -v <hostname>), and look to see what authentication methods it's accepting. You should find a line near the password prompt like this:
debug1: Authentications that can continue: publickey,keyboard-interactive
|
|
|
03-02-2011, 04:43 AM
|
#6
|
Member
Registered: Feb 2009
Distribution: Mainly CentOS6.4 x64
Posts: 161
Original Poster
Rep:
|
I will retry this when I get a moment.
I mean from the configs are they alright for doing publickey authentication then?
No I mean that's fine if its permissions, I mean I did actually think that but rather than going off my own assumptions I thought I would get another person to check over it.
What permissions are actually required then? Also for the directory would be useful, i.e. does it need to just be the root user, even for other users?
Bit confused about that one!
Thank you for your help and I look forward to your reply,
Jez.
|
|
|
03-02-2011, 06:41 AM
|
#7
|
Member
Registered: Feb 2009
Distribution: Mainly CentOS6.4 x64
Posts: 161
Original Poster
Rep:
|
Hmm I mean this doesnt work, what I have just attempted.
WinSCP, that I use to log into my server to see directories keeps saying:
Quote:
Using username "myuser".
Server refused our key.
|
Hmm still keeps coming up with the log messages as before, allowed for RSA authentication though as the configs go, any suggestions again?
I thought that might fix it but it hasnt, remember doing this successfully with centos 4.8, but I think maybe there might be a step I am probably missing, any indications?
I am sure with a bit of effort I may be able to get this working (should actually lol).
Hmm any thoughts?
Thanks again for your help though!
Jez.
|
|
|
03-02-2011, 07:01 AM
|
#8
|
Senior Member
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339
|
Did you create an ssh1 key by accident? You are login in from a Windows machine I assume as you mention WinSCP - how did you create the key? The public part is just one long line you installed on the server?
|
|
|
03-02-2011, 09:14 AM
|
#9
|
Member
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375
Rep:
|
Quote:
Originally Posted by j.smith1981
Hmm I mean this doesnt work, what I have just attempted.
WinSCP, that I use to log into my server to see directories keeps saying:
Hmm still keeps coming up with the log messages as before, allowed for RSA authentication though as the configs go, any suggestions again?
I thought that might fix it but it hasnt, remember doing this successfully with centos 4.8, but I think maybe there might be a step I am probably missing, any indications?
I am sure with a bit of effort I may be able to get this working (should actually lol).
Hmm any thoughts?
Thanks again for your help though!
Jez.
|
My thoughts are exactly the same as they were before:
- Go to a command line.
- Start a verbose ssh session
- Post the results
Also, as Reuti says, if you want us to help you figure out where you might have "missed a step," then you'd better walk us through the process you followed.
|
|
|
All times are GMT -5. The time now is 05:50 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|