I have 2 virtual machines on my computer created with Vagrant.
on VM1 I create SSH key with ssh-keygen. Then copied id_rsa.pub into authorized_keys on VM2.
When I try to connect to VM2 using ssh 172.28.128.18, the connection is failed with following error
The authenticity of host '172.28.128.18 (172.28.128.18)' can't be established.
ECDSA key fingerprint is SHA256:YJ0CDFr9UcEBZkY1ajZRFg3Zx9uksZcv/i3fpC8gqdY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.28.128.18' (ECDSA) to the list of known hosts.
vagrant#172.28.128.18: Permission denied (publickey).
With ssh -v vagrant#172.28.128.18 I have an other error:
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 172.28.128.18 [172.28.128.18] port 22.
debug1: Connection established.
debug1: identity file /home/vagrant/.ssh/id_rsa type 0
debug1: identity file /home/vagrant/.ssh/id_rsa-cert type -1
debug1: identity file /home/vagrant/.ssh/id_dsa type -1
debug1: identity file /home/vagrant/.ssh/id_dsa-cert type -1
debug1: identity file /home/vagrant/.ssh/id_ecdsa type -1
debug1: identity file /home/vagrant/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/vagrant/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/vagrant/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/vagrant/.ssh/id_ed25519 type -1
debug1: identity file /home/vagrant/.ssh/id_ed25519-cert type -1
debug1: identity file /home/vagrant/.ssh/id_ed25519_sk type -1
debug1: identity file /home/vagrant/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/vagrant/.ssh/id_xmss type -1
debug1: identity file /home/vagrant/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 172.28.128.18:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:YJ0CDFr9UcEBZkY1ajZRFg3Zx9uksZcv/i3fpC8gqdY
debug1: Host '172.28.128.18' is known and matches the ECDSA host key.
debug1: Found key in /home/vagrant/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/vagrant/.ssh/id_rsa RSA SHA256:1cq8iCIBMZrwP6BVucSZx4Luk3LfTAf/XOfovgHiW/Y
debug1: Will attempt key: /home/vagrant/.ssh/id_dsa
debug1: Will attempt key: /home/vagrant/.ssh/id_ecdsa
debug1: Will attempt key: /home/vagrant/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/vagrant/.ssh/id_ed25519
debug1: Will attempt key: /home/vagrant/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/vagrant/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256
#openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/vagrant/.ssh/id_rsa RSA SHA256:1cq8iCIBMZrwP6BVucSZx4Luk3LfTAf/XOfovgHiW/Y
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/vagrant/.ssh/id_dsa
debug1: Trying private key: /home/vagrant/.ssh/id_ecdsa
debug1: Trying private key: /home/vagrant/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/vagrant/.ssh/id_ed25519
debug1: Trying private key: /home/vagrant/.ssh/id_ed25519_sk
debug1: Trying private key: /home/vagrant/.ssh/id_xmss
debug1: No more authentication methods to try.
vagrant#172.28.128.18: Permission denied (publickey).
What is the reason of failing connecting to VM2?
on VM2
sudo tail -f /var/log/auth.log
server sshd[2509]: Connection closed by authenticating user vagrant 172.28.128.12 port 56446 [preauth]
Same problem is, when I try to connect from VM2 to VM1.
Related
SSH used to work nicely with Git Bash before. Don't know what happened recently.
SSH version on CMD:
C:\Users\ my-user>ssh -V
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
Debug/errors On CMD:
C:\Users\ my-user>ssh -V
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
C:\Users\ my-user>ssh -v my-user1#server-url
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to server-url [public-ip] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\ my-user/.ssh/id_rsa type 0
debug1: identity file C:\\Users\\ my-user/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to server-url:22 as 'my-user1'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:Mw4Mlvqk2MgCynA+8nTUrxDy8wxXONlTAVk2K/FgbcQ
debug1: Host 'server-url' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\ my-user/.ssh/known_hosts:167
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_rsa RSA SHA256:OyvnNnesOb+dn3j9NWl9dkDu/Fi52CKlN9Vq8h9LzoA
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
Authorized uses only. All activity may be monitored and reported.
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\ my-user/.ssh/id_rsa RSA SHA256:OyvnNnesOb+dn3j9NWl9dkDu/Fi52CKlN9Vq8h9LzoA
debug1: Server accepts key: C:\\Users\\ my-user/.ssh/id_rsa RSA SHA256:OyvnNnesOb+dn3j9NWl9dkDu/Fi52CKlN9Vq8h9LzoA
debug1: Authentication succeeded (publickey).
Authenticated to server-url ([public-ip]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
Last login: Tue Jun 28 09:20:50 2022 from org-ip
Same SSH version on Git Bash:
my-user#my-server MINGW64 /
$ ssh -V
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
Debug/errors On Git Bash:
my-user#my-server MINGW64 /
$ ssh -v my-user1#server-url
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Connecting to server-url [public-ip] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\ my-user/.ssh/id_rsa type 0
debug1: identity file C:\\Users\\ my-user/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\ my-user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to server-url:22 as 'my-user1'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:Mw4Mlvqk2MgCynA+8nTUrxDy8wxXONlTAVk2K/FgbcQ
debug1: Host 'server-url' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\ my-user/.ssh/known_hosts:167
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_rsa RSA SHA256:OyvnNnesOb+dn3j9NWl9dkDu/Fi52CKlN9Vq8h9LzoA
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\ my-user/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
Authorized uses only. All activity may be monitored and reported.
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\ my-user/.ssh/id_rsa RSA SHA256:OyvnNnesOb+dn3j9NWl9dkDu/Fi52CKlN9Vq8h9LzoA
debug1: Server accepts key: C:\\Users\\ my-user/.ssh/id_rsa RSA SHA256:OyvnNnesOb+dn3j9NWl9dkDu/Fi52CKlN9Vq8h9LzoA
debug1: Authentication succeeded (publickey).
Authenticated to server-url ([public-ip]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
<gets stuck here>
Any help/leads is welcome
Note: Git Bash uses mintty terminal
found a workaround solution: SSH works if I select "Windows cmd" as terminal instead of "mintty" which is the default while installation
I am trying to connect to bitbucket server via ssh. And i get Host key verification failed.
I sued this guide https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/ and added my public key to the server and every thing seems to be setup correctley.
I ran ssh -v git#bitbucket.corp.jyskebank.net and get this. Is there a way to fix it?
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to bitbucket.corp.jyskebank.net [10.16.207.13] port 22.
debug1: Connection established.
debug1: identity file /home/JB4555/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/JB4555/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/JB4555/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/JB4555/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/JB4555/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/JB4555/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/JB4555/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/JB4555/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to bitbucket.corp.jyskebank.net:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/pe/xQGds7FWBp5Oj1710EfF8g9EL+Uo+kVfqy3IEQA
debug1: Host 'bitbucket.corp.jyskebank.net' is known and matches the ECDSA host key.
debug1: Found key in /home/JB4555/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/JB4555/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering RSA public key: /home/JB4555/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/JB4555/.ssh/id_dsa
debug1: Trying private key: /home/JB4555/.ssh/id_ecdsa
debug1: Trying private key: /home/JB4555/.ssh/id_ed25519
debug1: Next authentication method: password
Turned out there was no error. But the problem was that vscode cannot connect via ssh, when the key contains a passprahase
I am trying to connect to GitLab over SSH with ED25519 and followed this source: https://docs.gitlab.com/ee/ssh/ . When I test the connection and expect the welcome message, instead it does not work and still prompts for a password. I tried my user password, but it doesn't work and I am not sure which password is required at this point. Here's the output.
ssh -Tv git#gitlab.tubit.tu-berlin.de
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to gitlab.tubit.tu-berlin.de [130.149.7.193] port 22.
debug1: Connection established.
debug1: identity file /home/christian/.ssh/id_rsa type -1
debug1: identity file /home/christian/.ssh/id_rsa-cert type -1
debug1: identity file /home/christian/.ssh/id_dsa type -1
debug1: identity file /home/christian/.ssh/id_dsa-cert type -1
debug1: identity file /home/christian/.ssh/id_ecdsa type -1
debug1: identity file /home/christian/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/christian/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/christian/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/christian/.ssh/id_ed25519 type 3
debug1: identity file /home/christian/.ssh/id_ed25519-cert type -1
debug1: identity file /home/christian/.ssh/id_ed25519_sk type -1
debug1: identity file /home/christian/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/christian/.ssh/id_xmss type -1
debug1: identity file /home/christian/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to gitlab.tubit.tu-berlin.de:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:aA86J3auCo20sHneGIvwxk/uay4ynBNkWIgiio/qUUw
debug1: Host 'gitlab.tubit.tu-berlin.de' is known and matches the RSA host key.
debug1: Found key in /home/christian/.ssh/known_hosts:3
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/christian/.ssh/id_ed25519 ED25519 SHA256:rFB2QOkPTiiqlMAN1V9RS9QVV2vrgxgRAa9wXm0RdJI agent
debug1: Will attempt key: /home/christian/.ssh/id_rsa
debug1: Will attempt key: /home/christian/.ssh/id_dsa
debug1: Will attempt key: /home/christian/.ssh/id_ecdsa
debug1: Will attempt key: /home/christian/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/christian/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/christian/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/christian/.ssh/id_ed25519 ED25519 SHA256:rFB2QOkPTiiqlMAN1V9RS9QVV2vrgxgRAa9wXm0RdJI agent
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/christian/.ssh/id_rsa
debug1: Trying private key: /home/christian/.ssh/id_dsa
debug1: Trying private key: /home/christian/.ssh/id_ecdsa
debug1: Trying private key: /home/christian/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/christian/.ssh/id_ed25519_sk
debug1: Trying private key: /home/christian/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
git#gitlab.tubit.tu-berlin.de: Permission denied (publickey,keyboard-interactive).
From the guide you mention, you need to double-check:
you have an OpenSSH 6.5 or newer
you have copied the public key to your GitLab User account Settings/SSH Keys
I would test it first with a private SSH key without any passsphrase.
I have added a new user to the vagrant machine. And now I am trying to ssh into the vagrant with the new user using public key and without password.
The vagrant file is:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.network "private_network", ip: "192.168.33.30"
end
Then I logged into the vagrant machine by doing vagrant ssh.
And then this is how I have added the new user to the vagrant machine:
sudo adduser new_user --disabled-password
sudo su - new_user
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
Then I generated a new pair of public private key by doing
ssh-keygen -t rsa -b 2048 -C "email#example.com"
Then I copied the public key into the .ssh/authorized_keys file.
I have also modified the /etc/ssh/sshd_config by changing the following lines
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
And then I try to ssh into the vagrant from my machine by doing
ssh new_user#192.168.33.30 -i ../ssh_keys/vagrant
But it is still asking for a password. How can I disable the password?
UPDATE
So, these are the logs:
ssh vagrant#192.168.33.30 -v
Logs:
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
debug1: Reading configuration data /c/Users/payam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.33.30 [192.168.33.30] port 22.
debug1: Connection established.
debug1: identity file /c/Users/payam/.ssh/id_rsa type -1
debug1: identity file /c/Users/payam/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_dsa type -1
debug1: identity file /c/Users/payam/.ssh/id_dsa-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519_sk type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_xmss type -1
debug1: identity file /c/Users/payam/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 192.168.33.30:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3jRn/OmhK6LmNBtpZbgjM64I1+lougeAppjUcJDtQXA
debug1: Host '192.168.33.30' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/payam/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/payam/.ssh/id_rsa
debug1: Will attempt key: /c/Users/payam/.ssh/id_dsa
debug1: Will attempt key: /c/Users/payam/.ssh/id_ecdsa
debug1: Will attempt key: /c/Users/payam/.ssh/id_ecdsa_sk
debug1: Will attempt key: /c/Users/payam/.ssh/id_ed25519
debug1: Will attempt key: /c/Users/payam/.ssh/id_ed25519_sk
debug1: Will attempt key: /c/Users/payam/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/payam/.ssh/id_rsa
debug1: Trying private key: /c/Users/payam/.ssh/id_dsa
debug1: Trying private key: /c/Users/payam/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/payam/.ssh/id_ecdsa_sk
debug1: Trying private key: /c/Users/payam/.ssh/id_ed25519
debug1: Trying private key: /c/Users/payam/.ssh/id_ed25519_sk
debug1: Trying private key: /c/Users/payam/.ssh/id_xmss
debug1: Next authentication method: password
vagrant#192.168.33.30's password:
ssh vagrant#192.168.33.30 -i .vagrant/machines/automation_node/virtualbox/private_key -v
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
debug1: Reading configuration data /c/Users/payam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.33.30 [192.168.33.30] port 22.
debug1: Connection established.
load pubkey ".vagrant/machines/automation_node/virtualbox/private_key": invalid format
debug1: identity file .vagrant/machines/automation_node/virtualbox/private_key type -1
debug1: identity file .vagrant/machines/automation_node/virtualbox/private_key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 192.168.33.30:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3jRn/OmhK6LmNBtpZbgjM64I1+lougeAppjUcJDtQXA
debug1: Host '192.168.33.30' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/payam/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: .vagrant/machines/automation_node/virtualbox/private_key explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: .vagrant/machines/automation_node/virtualbox/private_key
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
vagrant#192.168.33.30's password:
This is using a new pair of private/public key that I generated myself. The public key is added to /home/vagrant/.ssh/authorized_keys. And here I am providing the private key to ssh ssh vagrant#192.168.33.30 -i ../ssh_keys/vagrant_automation_node -v
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
debug1: Reading configuration data /c/Users/payam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.33.30 [192.168.33.30] port 22.
debug1: Connection established.
debug1: identity file ../ssh_keys/vagrant_automation_node type 0
debug1: identity file ../ssh_keys/vagrant_automation_node-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 192.168.33.30:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3jRn/OmhK6LmNBtpZbgjM64I1+lougeAppjUcJDtQXA
debug1: Host '192.168.33.30' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/payam/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: ../ssh_keys/vagrant_automation_node RSA SHA256:jPKUlxB/TMj0TVOug3DVZZdwhC7eUz6/Zl3WGOCgQwY explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: ../ssh_keys/vagrant_automation_node RSA SHA256:jPKUlxB/TMj0TVOug3DVZZdwhC7eUz6/Zl3WGOCgQwY explicit
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
vagrant#192.168.33.30's password:
In all cases the authentication falls back to password.
In addition of adding -v, to check if ssh does take the right key, see if the following can help:
using ssh -i ../ssh_keys/vagrant new_user#192.168.33.30, to make sure the -i option is taken into account
make sure the public key was copied as one line in the vagrant remote machine ~new_user/.ssh/authorized_keys
make sure the private key is not passphrase protected (I generally make those with ssh-keygen -t rsa -b 2048 -C "email#example.com" -P "")
Since ssh vagrant#192.168.33.30 -i ../ssh_keys/vagrant_automation_node -v does not work, and if restarting the VM is not enough, activate the debug option on the sshd process
/usr/sbin/sshd -D -dd
# or
/usr/sbin/sshd -D -E /home/<user>/sshd.debug.log
# or
/usr/sbin/sshd -D -dd -f /home/<user>/sshd.debug.log
The goal is to check on the server side why your public key is rejected.
From the discussion, the OP Payam Mesgari confirms:
I found it...
Somehow there was an already existing network adapter on my PC which had the ip address 192.168.33.1 with subnet /24.
Meaning everytime I was trying to ssh into my vagrant machine which was given a static IP of 192.168.33.10, I was actually hitting the other network adapter.
That also explains why nothing was getting logged on the vagrant machine in the sshd...
Basically everytime I was doing anything with an IP address in the subnet 192.168.33.10/24 it was hitting my own adapter on windows, thus never even reached the VMs.
I changed the VMs IP addresses and now everything works
I accessed several time to a server. And I could connect perfectly. this evening I want to connect again it gives me an error.
-> % ssh ubuntu#pkp-alm.lib.sfu.ca -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pkp-alm.lib.sfu.ca [52.4.177.245] port 22.
debug1: Connection established.
debug1: identity file /home/guinsly/.ssh/id_rsa type 1
debug1: identity file /home/guinsly/.ssh/id_rsa-cert type -1
debug1: identity file /home/guinsly/.ssh/id_dsa type -1
debug1: identity file /home/guinsly/.ssh/id_dsa-cert type -1
debug1: identity file /home/guinsly/.ssh/id_ecdsa type -1
debug1: identity file /home/guinsly/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/guinsly/.ssh/id_ed25519 type -1
debug1: identity file /home/guinsly/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA c6:7c:32:1c:70:96:6e:ea:c0:84:96:79:3a:6c:06:bb
debug1: Host 'pkp-alm.lib.sfu.ca' is known and matches the ECDSA host key.
debug1: Found key in /home/guinsly/.ssh/known_hosts:21
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/guinsly/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinslym#gmail.com
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinsly#guinsly-ThinkPad-L430
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinslym#gmail.com
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/guinsly/.ssh/id_dsa
debug1: Trying private key: /home/guinsly/.ssh/id_ecdsa
debug1: Trying private key: /home/guinsly/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
My public key is named lagotto_rsa.pub and that's the one it's supposed to use by default but now it's seems like it can't find the public key.
ssh -i ~/.ssh/lagotto_rsa.pub ubuntu#pkp-alm.lib.sfu.ca -v
gives me also Permission denied (publickey).
-> % ssh -i ~/.ssh/lagotto_rsa.pub ubuntu#pkp-alm.lib.sfu.ca -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pkp-alm.lib.sfu.ca [52.4.177.245] port 22.
debug1: Connection established.
debug1: identity file /home/guinsly/.ssh/lagotto_rsa.pub type 1
debug1: identity file /home/guinsly/.ssh/lagotto_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA c6:7c:32:1c:70:96:6e:ea:c0:84:96:79:3a:6c:06:bb
debug1: Host 'pkp-alm.lib.sfu.ca' is known and matches the ECDSA host key.
debug1: Found key in /home/guinsly/.ssh/known_hosts:21
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/guinsly/.ssh/lagotto_rsa.pub
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinslym#gmail.com
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinsly#guinsly-ThinkPad-L430
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinsly#guinsly-ThinkPad-L430
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I also tried it with the private key. I would like to know what have changed on my local machine that I can't access the remote anymore
It's not your remote but your server at fault. This errors happens only when you have changed permissions on your backend. It's a real nasty error and I could only solve it because my site was hosted on digital ocean and they give you console access. So it was only possible because of that. There is nothing you can do from client side. I had asked a question about this on ask ubuntu check that link if you can. Otherwise let me know
If you can connect to your server any other way, check the permissions of the ~/.ssh/ folder and ~/ssh/authorized_keys file. They should be set to 700 and 600, respectively.
You can also check /var/log/auth.log file to see what happens when you try to login. If your system has systemd, you can get more info with sudo journalctl -u sshd, or just sudo journalctl.