I have 2 machines:
Windows machine with WSL installed, that serves as a client.
Ubuntu machine, with a test-user user, that serves as a server.
Both computer are on the same network.
On the Ubuntu computer, what I did:
I used ssh-keygen to generate two keys, I copied the id_rsa file to the WSL.
Make sure the ssh service is up, with systemctl status ssh.
On the WSL, what I did:
Copied the id_rsa file as key.
Changed the permission of the key file with chmod 600 key.
Connect to the server machine :
ssh -i key test-user#XXX.XXX.XXX.XXX
This works well, but it also ask me the password of the user.
hamuto#DESKTOP-HLSFHPR:~$ ssh -i key test-user#XXX.XXX.XXX.XXX
test-user#XXX.XXX.XXX.XXX's password:
The problem with this thing is, that with Github Actions, I can't enter the password.
So I changed the file /etc/ssh/sshd_config in the server:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no <-- I've changed that to no, and uncomment the line
#PermitEmptyPasswords no
When I retry to connect with ssh:
hamuto#DESKTOP-HLSFHPR:~$ ssh -i key test-user#XXX.XXX.XXX.XXX
test-user#XXX.XXX.XXX.XXX: Permission denied (publickey).
Why is that?
After days of research, I found the solution:
First thing first, I needed to understand that you only need one pair of key, generated on the Ubuntu server.
In the server, you have to copy the id_rsa.pub in the ~/.ssh/authorized_keys.
Set the permission correctly:
chown -R username:username /home/username/.ssh
chmod 700 /home/username/.ssh
chmod 600 /home/username/.ssh/authorized_keys
Change the value of PubkeyAuthentication in the file /etc/ssh/sshd_config to yes and uncomment it.
Copy the private id_rsa key, to the client. Set the permission to 600.
You can connect to the server:
ssh -i ~/.ssh/id_rsa test-user#XXX.XXX.XX.XX
Now it works.
Try to build a k8s test bed cluster with vagrant box, during ssh config phase ssh-copy-id always timeout.
Try to run:
ssh -v vagrant#192.168.0.21
The message show an error messageļ¼
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
Guess the error is related to ssh server, then try to compare the config with another machine that can login with ssh correct.
Finally find that there have a config item PasswordAuthentication in /etc/ssh/sshd_config, the value in vagrant box is no, but the value in another machine is yes
Try to update the value to yes and restart the box, the ssh login worked as expected.
We've recently set up a new Linux box which is on the same local network as the rest of our machines. We want to allow only the machines on the local network to be able to SSH into the new machine, and I was going to do this by creating ssh keys and disabling password authentication.
What I've done is run ssh-keygen -t rsa -b 4096 on the new machine, copy the contents of the public key and put this in the ~/.ssh/authorized_keys file on one of the machines previously set up.
I've then gone into /etc/ssh/sshd_config on the new machine and have this:
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
Those are the only changes I made to this file, and when I try to SSH from the old machine, I get "Permission denied(publickey,gssapi-keyex,gssapi-with-mic)"
If I enable PasswordAuthentication and try to ssh I can log in by entering the user's password, but that's not the goal.
Thanks in advance,
Daniel
If the user you are trying to log in as is root, the directive
PermitRootLogin no
is denying access, regardless the authentication method.
To allow root to log in using keys only, you should set this directive to prohibit-password
I wanted to set up crontab to fetch resources from remote server to local server.
Steps used as below
In local server
1. ssh-keygen with no passphrase
2. copied the pubic key over to the server using SCP
In the remote server
cat id_rsa.pub >> ~/.ssh/authorized_keys
edited .ssh config file sudo nano /etc/ssh/sshd_config as below
RSAAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePam no
reload ssh by sudo /etc/init.d/ssh reload
sudo chmod 700 .ssh
cd .ssh
sudo chmod 600 authorized_keys
After all this configuration, neither I am able to access remote server by public key or normal login credential into remote server.
If I tried to login through PuTTy asked for my login after has been entered. Its says "Disconnected: No supported authentication methods availble (server send: publickey)"
If I tried to login through SSH from local server ssh sana#127.168.1.1 it says "Permission denied (publickey)"
Server Details:
Ubuntu 14.04
I set up public key with another user not with root user.
Thanks in advance for all the support.
try
chmod 444 ~/.ssh/authorized_keys
the file should be only accessible to read and it should be accessible to read by your user.
And make sure that authorized_keys file is in the sana user home directory
I am new to Ansible and I am trying to implement it. I tried all the possible ways present on the Internet and also all questions related to it, but still I can't resolve the error. How can I fix it?
I installed Ansible playbook on my MacBook Pro. I created a VM whose IP address is 10.4.1.141 and host IP address is 10.4.1.140.
I tried to connect to my VM using the host via SSH. It connected by the following command:
ssh user#10.4.1.141
And I got the shell access. This means my SSH connection is working fine.
Now I tried the following command for Ansible:
ansible all -m ping
And the content in the /etc/ansible/host is 10.4.1.141.
Then it shows the following error:
10.4.1.141 | FAILED => SSH Error: Permission denied (publickey,password).
while connecting to 10.4.1.141:22
It is sometimes useful to rerun the command using -vvvv, which prints SSH debug output to help diagnose the issue.
Then I tried creating the config file in .ssh/ folder on the host machine, but the error is still the same.
The content of the config file is:
IdentityFile ~/.ssh/id_rsa
which is the path to my private key.
Then I ran the same command ansible all -m ping and got the same error again.
When I tried another command,
ansible all -m ping -u user --ask-pass
Then it asked for the SSH password. I gave it (I am very sure the password is correct), but I got this error:
10.4.1.141 | FAILED => FAILED: Authentication failed.
This is the log using -vvvv:
<10.4.1.141> ESTABLISH CONNECTION FOR USER: rajatg
<10.4.1.141> REMOTE_MODULE ping
<10.4.1.141> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/rajatg/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 10.4.1.141 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1445512455.7-116096114788007 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1445512455.7-116096114788007 && echo $HOME/.ansible/tmp/ansible-tmp-1445512455.7-116096114788007'
10.4.1.141 | FAILED => SSH Error: Permission denied (publickey,password).
while connecting to 10.4.1.141:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
I am still not able to figure it out what the problem is. It is my last choice to ask it here after doing my all research. This is the link I referred to.
I fixed the issue. The problem was in my /etc/ansible/hosts file.
The content written in /etc/ansible/hosts was 10.4.1.141. But when I changed it to rajat#10.4.1.141, then the issue got fixed.
If you log in with ssh user#10.4.1.141:
Option 1
Then make sure that in your hosts file inside etc\ansible you have:
[server01]
10.4.1.141
Then within etc\ansible run:
ansible all -m ping -u user --ask-pass
Option 2
If you want to log in without typing the SSH password then in your hosts file inside etc\ansible you add:
[server01]
10.4.1.141 ansible_ssh_pass=xxx ansible_ssh_user=user
Then within etc\ansible run:
ansible all -m ping
For me it worked both ways.
My case is I have multiple private keys in my .ssh.
Here is how I fix it by telling ansible to use a certain private key
ansible-playbook -i ../../inventory.ini --private-key=~/.ssh/id_rsa_ansiadmin update.yml
The previous solutions didn't work for me, unfortunately (DevOps layman here!).
But the below one worked for me.
Change your inventory file to:
[webserver] 10.4.1.141 ansible_user=ubuntu
ansible webserver --private-key pem_file.pem -m ping
Hitting the command with -vvvv helped me to debug it more.
Reference: Failed to connect to the host via ssh: Permission denied (publickey,password) #19584
If you execute Ansible with sudo, for example
sudo ansible -m ping all
Please keep in mind that the public key for root has to be on the server you want to reach as well, not only the public key from your non-root-user. Otherwise, you get the error message above as well.
Most of the issues happen while connecting Ubuntu machines in hosts.
Solution Ansible required which user want to connect, because Ubuntu doesn't have a default root user.
For the hosts file
[Test-Web-Server]
10.192.168.10 ansible_ssh_pass=foo ansible_ssh_user=foo
The problem lies in the inventory file.
vi /etc/ansible/hosts
It should be:
[webserver]
192.###.###.### ansible_ssh_user=user ansible_ssh_pass=pass
I have fixed this issue as well.
My issue was also in my hosts file, /etc/ansible/hosts.
I changed my hosts file from
172.28.2.101
to
name-of-server-in-ssh-config
I had IP addresses in the hosts file. Since I have SSH configurations already set up for names, I do not need to use a variable or username in front of the hosts.
[name-stg-web]
server-name-stg-web[01:02]
What first worked for me was to hardcode the target machine root's password in the /etc/ansible/hosts like this:
[load_balancers_front]
loadbalancer1 ansible_host=xxx.xxx.xxx.xxx ansible_user=root ansible_password=root_password_in_target
But it is not recommended to do this of course because of security issues.
Then, I figured out a solutions from the docs by doing:
ssh-agent bash --> read here
and then
ssh-add /my/private/ssh-key
After this, my hosts file looks like this and ansible all -m ping works fine:
[load_balancers_front]
loadbalancer1 ansible_host=xxx.xxx.xxx.xxx ansible_user=root
Mentioning the username in /etc/hosts file also can resolve the issue.
#sudo vim /etc/hosts
[test-server]
ip_address ansible_user="remote pc's username"
[jenkinsserver]
publicdnsname ansible_user=ubuntu private_key=ubuntu.cer
After years some OS require strong encryption of the SSH key, they don't support RSA and DSA keys. Therefore the message Permission denied (publickey,password) may indicate that OS needs strong SSH-key instead of id_rsa.
Use the following command to generate new key:
ssh-keygen -t ecdsa -f ~/.ssh/id_ecdsa -N ""
Ensure that server has an option
PubkeyAuthentication yes
in /etc/ssh/sshd_config or /etc/openssh/sshd_config.
Some other options may be required as well (read the documentation of your OS first), for example:
Protocol 2
PermitRootLogin without-password
AuthorizedKeysFile /etc/openssh/authorized_keys/%u /etc/openssh/authorized_keys2/%u .ssh/authorized_keys .ssh/authorized_keys2
Do not forget to restart sshd service to apply changes.
Copy the new key with ssh-copy-id -i ~/.ssh/id_ecdsa, then you can connect to remote server using ansible.
At the host machine you should install sshpass with the below command
sudo apt install sshpass -y
and use this command to ping
ansible all -i slaves.txt -m ping -u test --ask-pass
it will provide you keyboard interactive password entry, where you shall enter the passowrd of the slave machine