first time out of many with ssh "permission denied (publickey)" - ssh

Forgive me, I know this has been asked so many times, and I read most of the answers. The difference between this question and other questions is that, in my case I did this procedure so many times. But this time is the first time in my life this is not working and I can't debug this.
I created a new ssh key in the client (windows 10), and added it to the authorized keys in the server (Ubuntu 20.04) through another authorized client (Ubuntu 20.04), restarted ssh, but I can't connect: it throws me the classic error "permission denied (public key)"
As I stated in the beginning, I did this so many times without any problem at all.
I don't know what I should do to fix it, everything looks ok..
UPDATE
I forgot to mention one important thing, using:
ssh -i ~/.ssh/private_key username#host
I can connect to the server without any problem.
I don't know why the simple ssh command is not working. I just have one key set up in the client.

Start the ssh-agent in the background.
$ eval "$(ssh-agent -s)"
then
Add your SSH private key to the ssh-agent.
$ ssh-add ~/.ssh/private_key

Related

Rsync Won't Connect

I've just set up a new website on SiteGround and am trying to sync files to it from another server, however, when running the command, I'm getting the following error:
Enter passphrase for key '/cygdrive/c/Users/Example User/.ssh/id_rsa':
Permission denied (publickey).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at /home/lapo/packaging/rsync-3.0.4-1/src/rsync-3.0.4/io.c(632) [sender=3.0.4]
The passphrase is definitely correct.
Here's the rsync command that I'm running:
rsync -avz --exclude-from='exclude.txt' -e 'ssh -p 1234' test/test.txt user#host:/home/user/www/sitename/public_html/
I know my keys and passphrase are correct because I'm able to ssh on to the server with no issues, using the following command:
ssh user#host -p 1234
I've tried many tweaks to the rsync code such as making sure there are trailing slashes, that the directories exist. I've tried it both with -avz and without. I've also tried a key without a passphrase.
I also thought that maybe Siteground is blocking things but rsync is available on the server so I don't know why this would be.
Unfortunately, despite being able to SSH to the server, rsync simply won't even though it's using the same key, passphrase and port.
Where am I going wrong?
I've managed to connect now and should anyone else run into the issue, the fix I found worked for me was to create a new SSH key outside of the Users directory. I'm putting this down to permissions, as soon as I move it to the the C drive in it's own folder, everything worked as expected!

SSH Key pairs with Ansible

I have setup an ansible environment with a control machine (centos) and 3 other remote hosts (centos). Everything is fine with regards to the actual functioning but I want it to work a little seamlessly I guess.
I have setup the ssh authentication using #ssh-key-gen on my master server and then used #ssh-copy-id to all my 3 hosts for the passphrase and it works.
Now each time I run my ansible command to these servers it asks me for passphrase and only then the command completes. I dont want that to happen. I tried defining that in my hosts file as you see below but that hasnt worked. I even tried with the vars and it doesnt work with that as well. When i run the command #ansible servers -m ping it asks me for the ssh passphrase and the it runs...
[servers]
10.0.0.1
ansible_ssh_user=root ansible_ssh_private_key_file=/home/ansible/.ssh/id_rsa
Thanks
A
Now each time I run my ansible command to these servers it asks me for passphrase and only then the command completes. I dont want that to happen.
Generate your ssh key without passphrase.
or
Setup ssh key agent.
This is a bit off-topic for SO

Jenkins won't use SSH key

I'm sorry to have to ask this question, but I feel like I've tried every answer so far on SO with no luck.
I have my local machine and my remote server. Jenkins is up and running on my server.
If I open up terminal and do something like scp /path/to/file user#server:/path/to/wherever then my ssh works fine without requiring a password
If I run this command inside of my Jenkins job I get 'Host Key Verification Failed'
So I know my SSH is working correctly the way I want, but why can't I get Jenkins to use this SSH key?
Interesting thing is, it did work fine when I first set up Jenkins and the key, then I think I restarted my local machine, or restarted Jenkins, then it stopped working. It's hard to say exactly what caused it.
I've also tried several options regarding ssh-agent and ssh-add but those don't seem to work.
I verified the local machine .pub is on the server in the /user/.ssh folder and is also in the authorized keys file. The folder is owned by user.
Any thoughts would be much appreciated and I can provide more info about my problem. Thanks!
Update:
Per Kensters suggestion I did su - jenkins, then ssh server, and it asked me to add to known hosts. So I thought this was a step in the right direction. But the same problem persisted afterward.
Something I did not notice before I can ssh server without password when using my myUsername account. But if I switch to the jenkins user, then it asks me for my password when I do ssh server.
I also tried ssh-keygen -R server as suggested to no avail.
Try
su jenkins
ssh-keyscan YOUR-HOSTNAME >> ~/.ssh/known_hosts
SSH Slaves Plugin doesn't support ECDSA. The command above should add RSA key for ssh-slave.
Host Key Verification Failed
ssh is complaining about the remote host key, not the local key that you're trying to use for authentication.
Every SSH server has a host key which is used to identify the server to the client. This helps prevent clients from connecting to servers which are impersonating the intended server. The first time you use ssh to connect to a particular host, ssh will normally prompt you to accept the remote host's host key, then store the key locally so that ssh will recognize the key in the future. The widely used OpenSSH ssh program stores known host keys in a file .ssh/known_hosts within each user's home directory.
In this case, one of two things is happening:
The user ID that Jenkins is using to run these jobs has never connected to this particular remote host before, and doesn't have the remote host's host key in its known_hosts file.
The remote host key has changed for some reason, and it no longer matches the key which is stored in the Jenkins user's known_hosts file.
You need to update the known_hosts file for the user which jenkins is using to run these ssh operations. You need to remove any old host key for this host from the file, then add the host's new host key to the file. The simplest way is to use su or sudo to become the Jenkins user, then run ssh interactively to connect to the remote server:
$ ssh server
If ssh prompts you to accept a host key, say yes, and you're done. You don't even have to finish logging in. If it prints a big scary warning that the host key has changed, run this to remove the existing host from known_hosts:
$ ssh-keygen -R server
Then rerun the ssh command.
One thing to be aware of: you can't use a passphrase when you generate a key that you're going to use with Jenkins, because it gives you no opportunity to enter such a thing (seeing as it runs automated jobs with no human intervention).

SSH keys setup but still asking for password (but not for 2nd, 3rd, etc. sessions)

The target server is a relatively clean install of Ubuntu 14.04. I generated a new ssh key using ssh-keygen and added it to my server using ssh-copy-id. I also checked that the public key was in the ~/.ssh/authorized_keys file on the server.
Even still, I am prompted for a password every time I try to ssh into the server.
I noticed something weird however. After I log into my first session using my password, the next concurrent sessions don't ask for a password. They seem to be using the ssh key properly. I've noticed this behaviour on two different clients (Mint OSX).
Are you sure your SSH key isn't protected by a password? Try the following:
How do I remove the passphrase for the SSH key without having to create a new key?
If that's not the case, it may just be that ssh is having trouble locating your private key. Try using the -i flag to explicitly point out its location.
ssh -i /path/to/private_key username#yourhost.com
Thank you Samuel Jun for the link to help.ubuntu.com - SSH Public Key Login Troubleshooting !
Just a little caveat:
If you copy your authorized keys file outside your encrypted home directory please make sure your root install is encrypted as well (imho Ubuntu still allows for unencrypted root install coupled with encryption of the home directory).
Otherwise this defeats the whole purpose of using encryption in the first place ;)
If this is happening to you on Windows (I'm on Windows 10)
Try running the program that you're trying to connect via ssh to the server as administrator.
For me I was using powershell with scoop to install a couple of things so that I could ssh straight from it. Anyway... I ran PowerShell as admin and tried connecting again and it didn't ask for my password.
For LinuxSE
Check the SE context with
% ls -dZ ~user/.ssh
Must contain unconfined_u:object_r:ssh_home_t:s0
If not, that was the problem , as root run
# for i in ~user/.ssh ~user/.ssh/*
do
semanage fcontext -a -t ssh_home_t $i
done
# restorecon -v -R ~user/.ssh
It looks like it's related to encryption on your home directory and therefore the authorized_keys file cannot be read.
https://unix.stackexchange.com/a/238570
Make sure your ssh public key was copied to the remote host in the right format. If you open the key file to edit it should read 1 line.
Basically, just do ssh-copy-id username#remote. It will take care of the rest.

ssh -T git#github.com Permission denied (publickey)

I tried to push my blog (Octopress) to github and got this error:
MacBook-Air:octopress bdeely$ git push origin source
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I generated an SSH key, saved it, and even linked it with my GitHub account in the SSH key settings, but I went ahead and checked the status and got the same error:
MacBook-Air:.ssh bdeely$ ssh -T git#github.com
Permission denied (publickey).
In addition to this, I checked github's help page, did the following and got this error message:
MacBook-Air:~ bdeely$ ssh-add -l
The agent has no identities.
Does anyone know what is wrong and how I can fix this?
On OSX, if you type
ssh-add -l
and you get back "no identities", that means your ssh agent does not have any identities loaded into it. Oftentimes, when the mac reboots, you have no identities.
I add mine back after a re-boot by explicitly running
ssh-add
This loads a default identity from ~/.ssh/id_rsa
You can also use the ssh-add command with a specific identity
ssh-add ~/foo/bar/is_rsa
After you add your identies, you can seem them all listed by typing
ssh-add -l
Make sure you have at least one listed.
Follow the commands:
mkdir ~/.ssh //in case that the folder doesnt exist...
cd ~/.ssh
ssh-keygen -t rsa -C "youremail#somewhere.gr"
#hit enter when asks for file to save the key.
#enter the passphrase
At last copy the id_rsa.pub into your github account.
Try this in your terminal:
eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa
enter your passphrase if any and it should work. Hope this helps :-)
I hope this helps you:
I was having the identical problem and about to take my own eyes out with insane frustration; nothing online led me to an answer and I was trying to use the git push command without specifying the URL exactly (which could also solve the problem I believe), so I didn't see how the connection was failing.
I had set up my .ssh/config correctly for two users with two different keys, even using IdentitiesOnly yes which is supposed to override ssh-agent that was automatically supplying the WRONG ssh identity.
I finally realized the problem as I examined the local repository configuration - it was the entry
[remote "origin"]
url = git#github.com:{my-username}/{my-repo-name}.git
My configuration in .ssh/config file was using the same HostName github.com entry for both users and I'm completely new to all this so I didn't realize that to correctly override ssh-agent, I had to specify the exact URL or else the specific identities in my .ssh/config file would be ignored and the first key that ssy-agent listed (which was the wrong one my my case) would be used by default.
I fixed this by changing the local repo URL to url = git#github-personal:{my-username}/{my-repo-name}.git, where I had set Host github-personal as the identity in my .ssh/config.
Another way to solve this would be specifying the user in the URL in the git push command itself, or even better, a solution described here in a post AFTER solving this my own crappy way:
https://superuser.com/questions/272465/using-multiple-ssh-public-keys
I can't believe that no official source could offer a solution for or even properly explain this edge-case that seems really common (accessing two different github accounts from one machine with SSL).
I experienced the same problem. The reason was that I moved the key-files to another folder; it worked successfully when I moved them back to where they were originally.