LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-28-2016, 09:54 AM   #16
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18

Quote:
Originally Posted by wpeckham View Post
Also check the permissions on your home folder. 755 or 750 should work, 775 or 770 will cause this failure.
OpenSSH is foremost a security program, and it checks to see if someone other than you can modify files or folders it uses. If it can be modified by other people, it will not trust or use it.

Naturally, your HOME and ~/.ssh and contents of ~/.ssh should be owned by you. I see no reason to suspect it might not be, just thought I should mention this.
These are the permissions:

Code:
-bash-4.1$ namei -m /home/user/.ssh
f: /home/user/.ssh
 drwxrwxr-x /
 drwxr-xr-x home
 drwxr-xr-x user
 drwx------ .ssh
-bash-4.1$ ls -l /home/user/
total 8
drwxrwxr-x 2 user root 4096 Jul 13  2012 downloads
drwxrwxr-x 8 user root 4096 Jul 13  2012 rpm
-bash-4.1$ ls -l /home/user/.ssh
total 8
-rw------- 1 user root  397 Nov 19 20:27 authorized_keys
drwxr-xr-x 2 user root 4096 Nov 19 20:26 otherkeys
"user" is my user account and "root" is the group.
 
Old 11-28-2016, 12:18 PM   #17
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181
You need to do ls -la /home/user in order to see the (hidden) .ssh directory . . .

. . . although I see from the namei output that the permissions appear to be correct.

So far as I know, the permissions of the contents of this directory are unimportant, but for-the-record the permissions of authorized_keys that I expect to find are rw-rw-r-- or something like it.

Therefore, I would now carefully check the contents of the authorized_keys file, now suspecting that there might be something wrong with that.

But also, be sure to carefully check the various system logs . . .

Last edited by sundialsvcs; 11-28-2016 at 12:21 PM.
 
Old 11-29-2016, 03:25 AM   #18
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
These are the permissions i got for the .ssh
drwx------ 3 user root 4096 Nov 19 20:27 .
drwxr-xr-x 7 user root 4096 Oct 14 17:08 ..
-rw------- 1 user root 397 Nov 19 20:27 authorized_keys
drwxr-xr-x 2 user root 4096 Nov 19 20:26 otherkeys
 
Old 11-29-2016, 04:57 AM   #19
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,421

Rep: Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485Reputation: 1485
The permissions look right to me. Something else is going on.

On the server side, are there entries of interest in the logs written by ssh?
 
Old 11-29-2016, 07:39 AM   #20
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
i cant find anything on /var/logs/secure

I can have another look..

Last edited by nibraz; 11-29-2016 at 07:41 AM.
 
Old 11-29-2016, 07:45 AM   #21
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,049
Blog Entries: 3

Rep: Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521
On the server you can launch a special instance of "sshd" with a different port and the watch real time for the duration of a single connection attempt.

Code:
sudo /usr/sbin/sshd -p 2228 -dd
Then try connecting from the client and watch what happens on the server. You can vary between -d, -dd, or -ddd to get less or more information. It will accept only one connection that way. If you succeed in connecting, then you will need to relaunch "sshd" again after disconnecting if you want to try again. Launching like that uses the sshd_config file you already have on the server, just with an override on the port so that the second instance of "sshd" does not interfere with what you already have running.

However, as I expressed in #8 above the client is incomplete and may be lacking the functionality you are attempting to use. What makes you sure that M$ fork of OpenSSH has completed the functionality needed to use keys?
 
Old 11-29-2016, 07:53 AM   #22
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
Hi Turbo

I do think now that it might be the problem with the client openssh installed in my windows machine.

I have tried puttygen but its no luck.

Can you recommmend another ssh client to install on my windows machine and I can try to recreate the keys?

I will try the above in the mean time.

Thanks
 
Old 11-29-2016, 07:59 AM   #23
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,049
Blog Entries: 3

Rep: Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521Reputation: 2521
That's my suspicion too, but with the distinction that there is no OpenSSH client for Windows. M$ is just using the name, in my opinion, incorrectly for their fork. Code (copyright) is one thing, but names (trademark) are another, and the latter does have to be actively defended or it is lost.

Anyway, if you have PuTTY, you can try that with keys, but from what I gather some special modification of the PuTTY keys needs to take place before you can actually log in.
 
Old 11-29-2016, 09:05 AM   #24
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
Ok this is getting really hard.

I tried using bitvise, generated new keys and did a cat id_key.pub >> authorized_keys and it created that authorized key file in /home/user/.ssh

permissions are
folder 700
file 600
owner is user but belong to group root

connected and it failed again..pubkey authenication failed Authentications that can continue: publickey,gssapi-with-mic,password

this is my sshd_config file:

Quote:
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:
AllowUsers user1 root user2
AllowGroups root
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /home/user1/.ssh/authorized_keys
#AuthorizedKeysFile /etc/ssh/user1/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
thanks

Last edited by nibraz; 11-29-2016 at 09:06 AM.
 
Old 11-29-2016, 09:15 AM   #25
michaelk
Moderator
 
Registered: Aug 2002
Posts: 20,405

Rep: Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550
PuTTY has command line utilities pscp and psftp. The keys generated puttygen are not in the same format as those created by ssh-keygen. See the howto below.

https://www.howtoforge.com/ssh_key_b...ogins_putty_p2
 
Old 11-29-2016, 09:17 AM   #26
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
I tried puttygen with keys ppk as well.. it still gives me the same error as authenication failed..
 
Old 11-29-2016, 09:18 AM   #27
michaelk
Moderator
 
Registered: Aug 2002
Posts: 20,405

Rep: Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550
Did you convert the public key as described in the link I posted?

Have you tried creating keys on the server and tried to login from itself?

Last edited by michaelk; 11-29-2016 at 09:20 AM.
 
Old 11-29-2016, 09:35 AM   #28
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
yes thats exactly what i did still nothing..

also created a new ssh user and gave all the right permissions and redid the whole rsa key and authorized_keys file and it still fails.

god this is a nightmare not sure why its failing..
 
Old 11-29-2016, 09:40 AM   #29
michaelk
Moderator
 
Registered: Aug 2002
Posts: 20,405

Rep: Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550Reputation: 3550
Did you try creating keys on the server and try to logon to itself?
 
Old 11-29-2016, 09:47 AM   #30
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655Reputation: 1655
What is the URL to the Windows OpenSSH package that you installed?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] ssh authenication failure screwzm Linux - Networking 5 11-15-2012 08:06 AM
SSH: Permission denied (publickey). clapclash Linux - Networking 6 10-19-2012 06:49 AM
Trying to think of a way to ssh without interactivity and not using the publickey... trist007 Linux - Newbie 3 07-30-2010 08:26 AM
ssh publickey authentication spx2 Linux - Security 11 01-11-2008 05:27 AM
Trouble configuring SSH publickey pioniere Linux - Security 4 02-25-2005 02:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration