SSH key login not workingssh authentication nfsHow do you manage ssh keys to add a second user?SSH keys fail...
How spaceships determine each other's mass in space?
Inorganic chemistry handbook with reaction lists
What is the orbit and expected lifetime of Crew Dragon trunk?
How to educate team mate to take screenshots for bugs with out unwanted stuff
Can Witch Sight see through Mirror Image?
Finding integer solution to a quadratic equation in two unknowns
What is the best index strategy or query SELECT when performing a search/lookup BETWEEN IP address (IPv4 and IPv6) ranges?
Help! My Character is too much for her story!
Why do phishing e-mails use faked e-mail addresses instead of the real one?
Should I file my taxes? No income, unemployed, but paid 2k in student loan interest
What is better: yes / no radio, or simple checkbox?
Unidentified signals on FT8 frequencies
Is this Paypal Github SDK reference really a dangerous site?
Vector-transposing function
Does an unused member variable take up memory?
Giving a talk in my old university, how prominently should I tell students my salary?
What does *dead* mean in *What do you mean, dead?*?
Geological Explanation for an Unusually Temperate Northern Mountain Valley
Is the differential, dp, exact or not?
What does it take to become a wilderness skills guide as a business?
Why would /etc/passwd be used every time someone executes `ls -l` command?
Short story about an infectious indestructible metal bar?
Short story about cities being connected by a conveyor belt
std::string vs const std::string& vs std::string_view
SSH key login not working
ssh authentication nfsHow do you manage ssh keys to add a second user?SSH keys fail for one userSSH accepts publickey authetication but won't connect with an identify file?Cannot SSH into Ubunto 10.10 running on EC2 as new userOpenSSH disable ControlMaster for given hostnameProblems with SSHCan't SSH into Amazon EC2AWS :: Ubuntu instance consistently denying my private keysHow to properly use rsync Push with SSH on local macOS to remote Debian
i am having some problems logging in to one server to SSH via a key
this is the client output: ssh 'importer@pdw.me' -p 2201 -v
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pdwhost [107.191.34.35] port 2201.
debug1: Connection established.
debug1: identity file /home/importer/.ssh/id_rsa type -1
debug1: identity file /home/importer/.ssh/id_rsa-cert type -1
debug1: identity file /home/importer/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/importer/.ssh/id_dsa-cert type -1
debug1: identity file /home/importer/.ssh/id_ecdsa type -1
debug1: identity file /home/importer/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA cd:23:7f:17:0c:a3:97:37:71:97:ba:d0:0d:d6:7f:43
debug1: Host '[pdwhost]:2201' is known and matches the ECDSA host key.
debug1: Found key in /home/importer/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/importer/.ssh/id_rsa
debug1: Offering DSA public key: /home/importer/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/importer/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
and this is the output on the server (when i start with -debug)
/usr/sbin/sshd -d -p 22
debug1: sshd version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='22'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 144.76.186.42 port 58956
debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: permanently_set_uid: 103/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user importer service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "importer"
debug1: PAM: setting PAM_RHOST to "static.42.clients.your-server.de"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user importer service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
Connection closed by 144.XXX [preauth]
debug1: do_cleanup [preauth]
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 17937
not sure what is going on here, SSHD kills itself when the client tries to login.
Its a Debian 7 in an openVZ container (host is also Debian 7)
SSH Login via password works fine, I just disabled it for the purpose of testing the Key login, it always asked for a password when trying the key login (as key didnt work).
I set the %HOME% to 700, .ssh is also set to 700, files inside to 500
I copied the key with ssh-copy-id (and did it a second time). The keys I am using are a bit older, so I did not create them just for this SSH client. I cant find any errors in the authorized_keys
this from the sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
Still get failed public key.
btw. in the meanwhile I tried to access the same server from another client:
ssh-keygen -t rsa
ssh-id-copy
ssh ..
and it worked, so it must be something on the client above
linux ssh debian debian-wheezy
asked Jan 28 '15 at 13:09
ChrisChris
72210
bumped to the homepage by Community♦ 1 min ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
i am having some problems logging in to one server to SSH via a key
this is the client output: ssh 'importer@pdw.me' -p 2201 -v
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pdwhost [107.191.34.35] port 2201.
debug1: Connection established.
debug1: identity file /home/importer/.ssh/id_rsa type -1
debug1: identity file /home/importer/.ssh/id_rsa-cert type -1
debug1: identity file /home/importer/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/importer/.ssh/id_dsa-cert type -1
debug1: identity file /home/importer/.ssh/id_ecdsa type -1
debug1: identity file /home/importer/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA cd:23:7f:17:0c:a3:97:37:71:97:ba:d0:0d:d6:7f:43
debug1: Host '[pdwhost]:2201' is known and matches the ECDSA host key.
debug1: Found key in /home/importer/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/importer/.ssh/id_rsa
debug1: Offering DSA public key: /home/importer/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/importer/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
and this is the output on the server (when i start with -debug)
/usr/sbin/sshd -d -p 22
debug1: sshd version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='22'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 144.76.186.42 port 58956
debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: permanently_set_uid: 103/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user importer service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "importer"
debug1: PAM: setting PAM_RHOST to "static.42.clients.your-server.de"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user importer service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
Connection closed by 144.XXX [preauth]
debug1: do_cleanup [preauth]
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 17937
not sure what is going on here, SSHD kills itself when the client tries to login.
Its a Debian 7 in an openVZ container (host is also Debian 7)
SSH Login via password works fine, I just disabled it for the purpose of testing the Key login, it always asked for a password when trying the key login (as key didnt work).
I set the %HOME% to 700, .ssh is also set to 700, files inside to 500
I copied the key with ssh-copy-id (and did it a second time). The keys I am using are a bit older, so I did not create them just for this SSH client. I cant find any errors in the authorized_keys
this from the sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
Still get failed public key.
btw. in the meanwhile I tried to access the same server from another client:
ssh-keygen -t rsa
ssh-id-copy
ssh ..
and it worked, so it must be something on the client above
linux ssh debian debian-wheezy
asked Jan 28 '15 at 13:09
ChrisChris
72210
bumped to the homepage by Community♦ 1 min ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
forgot to explain, the port 2201 is rerouted to 22 via the openvz-host, so ports are correct
– Chris
Jan 28 '15 at 14:08
As much as I detest asking stupid followup questions: Can you confirm that /home/importer, /home/importer/.ssh, and /home/importer/.ssh/authorized_keys are owned by uid 1000 (importer?) and not root?
– Ahrotahntee
Jan 28 '15 at 20:12
yes, ownership is correct, I also tested it from a another client (debian 7 also) and it is working from there, this means i must look at the client.
– Chris
Jan 29 '15 at 0:25
add a comment |
i am having some problems logging in to one server to SSH via a key
this is the client output: ssh 'importer@pdw.me' -p 2201 -v
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pdwhost [107.191.34.35] port 2201.
debug1: Connection established.
debug1: identity file /home/importer/.ssh/id_rsa type -1
debug1: identity file /home/importer/.ssh/id_rsa-cert type -1
debug1: identity file /home/importer/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/importer/.ssh/id_dsa-cert type -1
debug1: identity file /home/importer/.ssh/id_ecdsa type -1
debug1: identity file /home/importer/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA cd:23:7f:17:0c:a3:97:37:71:97:ba:d0:0d:d6:7f:43
debug1: Host '[pdwhost]:2201' is known and matches the ECDSA host key.
debug1: Found key in /home/importer/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/importer/.ssh/id_rsa
debug1: Offering DSA public key: /home/importer/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/importer/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
and this is the output on the server (when i start with -debug)
/usr/sbin/sshd -d -p 22
debug1: sshd version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='22'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 144.76.186.42 port 58956
debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: permanently_set_uid: 103/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user importer service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "importer"
debug1: PAM: setting PAM_RHOST to "static.42.clients.your-server.de"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user importer service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
Connection closed by 144.XXX [preauth]
debug1: do_cleanup [preauth]
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 17937
not sure what is going on here, SSHD kills itself when the client tries to login.
Its a Debian 7 in an openVZ container (host is also Debian 7)
SSH Login via password works fine, I just disabled it for the purpose of testing the Key login, it always asked for a password when trying the key login (as key didnt work).
I set the %HOME% to 700, .ssh is also set to 700, files inside to 500
I copied the key with ssh-copy-id (and did it a second time). The keys I am using are a bit older, so I did not create them just for this SSH client. I cant find any errors in the authorized_keys
this from the sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
Still get failed public key.
btw. in the meanwhile I tried to access the same server from another client:
ssh-keygen -t rsa
ssh-id-copy
ssh ..
and it worked, so it must be something on the client above
linux ssh debian debian-wheezy
asked Jan 28 '15 at 13:09
ChrisChris
72210
i am having some problems logging in to one server to SSH via a key
this is the client output: ssh 'importer@pdw.me' -p 2201 -v
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pdwhost [107.191.34.35] port 2201.
debug1: Connection established.
debug1: identity file /home/importer/.ssh/id_rsa type -1
debug1: identity file /home/importer/.ssh/id_rsa-cert type -1
debug1: identity file /home/importer/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/importer/.ssh/id_dsa-cert type -1
debug1: identity file /home/importer/.ssh/id_ecdsa type -1
debug1: identity file /home/importer/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA cd:23:7f:17:0c:a3:97:37:71:97:ba:d0:0d:d6:7f:43
debug1: Host '[pdwhost]:2201' is known and matches the ECDSA host key.
debug1: Found key in /home/importer/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/importer/.ssh/id_rsa
debug1: Offering DSA public key: /home/importer/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/importer/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
and this is the output on the server (when i start with -debug)
/usr/sbin/sshd -d -p 22
debug1: sshd version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='22'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 144.76.186.42 port 58956
debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: permanently_set_uid: 103/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user importer service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "importer"
debug1: PAM: setting PAM_RHOST to "static.42.clients.your-server.de"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user importer service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
Connection closed by 144.XXX [preauth]
debug1: do_cleanup [preauth]
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 17937
not sure what is going on here, SSHD kills itself when the client tries to login.
Its a Debian 7 in an openVZ container (host is also Debian 7)
SSH Login via password works fine, I just disabled it for the purpose of testing the Key login, it always asked for a password when trying the key login (as key didnt work).
I set the %HOME% to 700, .ssh is also set to 700, files inside to 500
I copied the key with ssh-copy-id (and did it a second time). The keys I am using are a bit older, so I did not create them just for this SSH client. I cant find any errors in the authorized_keys
this from the sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
Still get failed public key.
btw. in the meanwhile I tried to access the same server from another client:
ssh-keygen -t rsa
ssh-id-copy
ssh ..
and it worked, so it must be something on the client above
linux ssh debian debian-wheezy
linux ssh debian debian-wheezy
asked Jan 28 '15 at 13:09
ChrisChris
72210
asked Jan 28 '15 at 13:09
ChrisChris
72210
edited May 12 '15 at 9:38
Chris
asked Jan 28 '15 at 13:09
ChrisChris
72210
asked Jan 28 '15 at 13:09
ChrisChris
72210
asked Jan 28 '15 at 13:09
ChrisChris
72210
72210
bumped to the homepage by Community♦ 1 min ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 1 min ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
forgot to explain, the port 2201 is rerouted to 22 via the openvz-host, so ports are correct
– Chris
Jan 28 '15 at 14:08
As much as I detest asking stupid followup questions: Can you confirm that /home/importer, /home/importer/.ssh, and /home/importer/.ssh/authorized_keys are owned by uid 1000 (importer?) and not root?
– Ahrotahntee
Jan 28 '15 at 20:12
yes, ownership is correct, I also tested it from a another client (debian 7 also) and it is working from there, this means i must look at the client.
– Chris
Jan 29 '15 at 0:25
add a comment |
forgot to explain, the port 2201 is rerouted to 22 via the openvz-host, so ports are correct
– Chris
Jan 28 '15 at 14:08
As much as I detest asking stupid followup questions: Can you confirm that /home/importer, /home/importer/.ssh, and /home/importer/.ssh/authorized_keys are owned by uid 1000 (importer?) and not root?
– Ahrotahntee
Jan 28 '15 at 20:12
yes, ownership is correct, I also tested it from a another client (debian 7 also) and it is working from there, this means i must look at the client.
– Chris
Jan 29 '15 at 0:25
forgot to explain, the port 2201 is rerouted to 22 via the openvz-host, so ports are correct
– Chris
Jan 28 '15 at 14:08
forgot to explain, the port 2201 is rerouted to 22 via the openvz-host, so ports are correct
– Chris
Jan 28 '15 at 14:08
As much as I detest asking stupid followup questions: Can you confirm that /home/importer, /home/importer/.ssh, and /home/importer/.ssh/authorized_keys are owned by uid 1000 (importer?) and not root?
– Ahrotahntee
Jan 28 '15 at 20:12
As much as I detest asking stupid followup questions: Can you confirm that /home/importer, /home/importer/.ssh, and /home/importer/.ssh/authorized_keys are owned by uid 1000 (importer?) and not root?
– Ahrotahntee
Jan 28 '15 at 20:12
yes, ownership is correct, I also tested it from a another client (debian 7 also) and it is working from there, this means i must look at the client.
– Chris
Jan 29 '15 at 0:25
yes, ownership is correct, I also tested it from a another client (debian 7 also) and it is working from there, this means i must look at the client.
– Chris
Jan 29 '15 at 0:25
add a comment |
1 Answer
1
active
oldest
votes
First check the basics:
the contents of your .ssh/authorized_keys are correct? No extra line breaks in the public key?
the file permissions are correct? sshd can be very strict about this: you should see lots 600, or even 400 (read-only for root). Quoting your log:
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
- sshd can even be annoyed about other folders' permissions
answered Jan 28 '15 at 15:27
DutchUncleDutchUncle
1,230816
1
plz see my comments in the original question
– Chris
Jan 28 '15 at 17:28
Oops, sorry :-/
– DutchUncle
Jan 28 '15 at 17:31
So is the key you are using modern & secure enough? How old are they? I.e. what type of encryption was used to generate the key: e.g. ssh-rsa, ecdsa-sha2-nistp256,... It should show in your 'known_hosts'
– DutchUncle
Jan 28 '15 at 17:35
ecdsa-sha2-nistp256, cant really remember how I generated it.
– Chris
Jan 28 '15 at 18:13
Don't worry, that one should be good enough. I hope another Debian veteran can help you. I do not like the version of openSSL: "OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013"
– DutchUncle
Jan 28 '15 at 18:17
|
show 3 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f663032%2fssh-key-login-not-working%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
First check the basics:
the contents of your .ssh/authorized_keys are correct? No extra line breaks in the public key?
the file permissions are correct? sshd can be very strict about this: you should see lots 600, or even 400 (read-only for root). Quoting your log:
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
- sshd can even be annoyed about other folders' permissions
answered Jan 28 '15 at 15:27
DutchUncleDutchUncle
1,230816
1
plz see my comments in the original question
– Chris
Jan 28 '15 at 17:28
Oops, sorry :-/
– DutchUncle
Jan 28 '15 at 17:31
So is the key you are using modern & secure enough? How old are they? I.e. what type of encryption was used to generate the key: e.g. ssh-rsa, ecdsa-sha2-nistp256,... It should show in your 'known_hosts'
– DutchUncle
Jan 28 '15 at 17:35
ecdsa-sha2-nistp256, cant really remember how I generated it.
– Chris
Jan 28 '15 at 18:13
Don't worry, that one should be good enough. I hope another Debian veteran can help you. I do not like the version of openSSL: "OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013"
– DutchUncle
Jan 28 '15 at 18:17
|
show 3 more comments
First check the basics:
the contents of your .ssh/authorized_keys are correct? No extra line breaks in the public key?
the file permissions are correct? sshd can be very strict about this: you should see lots 600, or even 400 (read-only for root). Quoting your log:
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
- sshd can even be annoyed about other folders' permissions
answered Jan 28 '15 at 15:27
DutchUncleDutchUncle
1,230816
1
plz see my comments in the original question
– Chris
Jan 28 '15 at 17:28
Oops, sorry :-/
– DutchUncle
Jan 28 '15 at 17:31
So is the key you are using modern & secure enough? How old are they? I.e. what type of encryption was used to generate the key: e.g. ssh-rsa, ecdsa-sha2-nistp256,... It should show in your 'known_hosts'
– DutchUncle
Jan 28 '15 at 17:35
ecdsa-sha2-nistp256, cant really remember how I generated it.
– Chris
Jan 28 '15 at 18:13
Don't worry, that one should be good enough. I hope another Debian veteran can help you. I do not like the version of openSSL: "OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013"
– DutchUncle
Jan 28 '15 at 18:17
|
show 3 more comments
First check the basics:
the contents of your .ssh/authorized_keys are correct? No extra line breaks in the public key?
the file permissions are correct? sshd can be very strict about this: you should see lots 600, or even 400 (read-only for root). Quoting your log:
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
- sshd can even be annoyed about other folders' permissions
answered Jan 28 '15 at 15:27
DutchUncleDutchUncle
1,230816
First check the basics:
the contents of your .ssh/authorized_keys are correct? No extra line breaks in the public key?
the file permissions are correct? sshd can be very strict about this: you should see lots 600, or even 400 (read-only for root). Quoting your log:
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
- sshd can even be annoyed about other folders' permissions
answered Jan 28 '15 at 15:27
DutchUncleDutchUncle
1,230816
edited Jan 28 '15 at 15:33
answered Jan 28 '15 at 15:27
DutchUncleDutchUncle
1,230816
answered Jan 28 '15 at 15:27
DutchUncleDutchUncle
1,230816
answered Jan 28 '15 at 15:27
DutchUncleDutchUncle
1,230816
1,230816
1
plz see my comments in the original question
– Chris
Jan 28 '15 at 17:28
Oops, sorry :-/
– DutchUncle
Jan 28 '15 at 17:31
So is the key you are using modern & secure enough? How old are they? I.e. what type of encryption was used to generate the key: e.g. ssh-rsa, ecdsa-sha2-nistp256,... It should show in your 'known_hosts'
– DutchUncle
Jan 28 '15 at 17:35
ecdsa-sha2-nistp256, cant really remember how I generated it.
– Chris
Jan 28 '15 at 18:13
Don't worry, that one should be good enough. I hope another Debian veteran can help you. I do not like the version of openSSL: "OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013"
– DutchUncle
Jan 28 '15 at 18:17
|
show 3 more comments
1
plz see my comments in the original question
– Chris
Jan 28 '15 at 17:28
Oops, sorry :-/
– DutchUncle
Jan 28 '15 at 17:31
So is the key you are using modern & secure enough? How old are they? I.e. what type of encryption was used to generate the key: e.g. ssh-rsa, ecdsa-sha2-nistp256,... It should show in your 'known_hosts'
– DutchUncle
Jan 28 '15 at 17:35
ecdsa-sha2-nistp256, cant really remember how I generated it.
– Chris
Jan 28 '15 at 18:13
Don't worry, that one should be good enough. I hope another Debian veteran can help you. I do not like the version of openSSL: "OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013"
– DutchUncle
Jan 28 '15 at 18:17
1
1
plz see my comments in the original question
– Chris
Jan 28 '15 at 17:28
plz see my comments in the original question
– Chris
Jan 28 '15 at 17:28
Oops, sorry :-/
– DutchUncle
Jan 28 '15 at 17:31
Oops, sorry :-/
– DutchUncle
Jan 28 '15 at 17:31
So is the key you are using modern & secure enough? How old are they? I.e. what type of encryption was used to generate the key: e.g. ssh-rsa, ecdsa-sha2-nistp256,... It should show in your 'known_hosts'
– DutchUncle
Jan 28 '15 at 17:35
So is the key you are using modern & secure enough? How old are they? I.e. what type of encryption was used to generate the key: e.g. ssh-rsa, ecdsa-sha2-nistp256,... It should show in your 'known_hosts'
– DutchUncle
Jan 28 '15 at 17:35
ecdsa-sha2-nistp256, cant really remember how I generated it.
– Chris
Jan 28 '15 at 18:13
ecdsa-sha2-nistp256, cant really remember how I generated it.
– Chris
Jan 28 '15 at 18:13
Don't worry, that one should be good enough. I hope another Debian veteran can help you. I do not like the version of openSSL: "OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013"
– DutchUncle
Jan 28 '15 at 18:17
Don't worry, that one should be good enough. I hope another Debian veteran can help you. I do not like the version of openSSL: "OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013"
– DutchUncle
Jan 28 '15 at 18:17
|
show 3 more comments
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f663032%2fssh-key-login-not-working%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
forgot to explain, the port 2201 is rerouted to 22 via the openvz-host, so ports are correct
– Chris
Jan 28 '15 at 14:08
As much as I detest asking stupid followup questions: Can you confirm that /home/importer, /home/importer/.ssh, and /home/importer/.ssh/authorized_keys are owned by uid 1000 (importer?) and not root?
– Ahrotahntee
Jan 28 '15 at 20:12
yes, ownership is correct, I also tested it from a another client (debian 7 also) and it is working from there, this means i must look at the client.
– Chris
Jan 29 '15 at 0:25