I am trying to ssh to the remote client using a public key but I keep getting the permission denied (publickey) error and can't solve it. I have tried all the other solutions online, but it still won't work. I have replaced some information with * and ip_add. How do I resolve this issue?
PS C:\WINDOWS\system32> ssh -v -i C:/Users/*/.ssh/id_rsa administrator#ip_add
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug1: Connecting to ip_add [ip_add] port 22.
debug1: Connection established.
debug1: identity file C:/Users/*/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file C:/Users/*/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_8.1
debug1: match: OpenSSH_for_Windows_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ip_add:22 as 'administrator'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qjxnj9GZZ6kvey+qvHsEoJYnLTz4N82DtnmFMjRlrq8
debug1: Host '192.168.1.135' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\*/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:+ymSxB9gd+AJe9wYj0WgW70Qk+x4fWxEQhk1JCQyKWE C:/Users/*/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
administrator#ip_add: Permission denied (publickey).
A file or directory with a name that starts with '.' in Unix/Linux is hidden, but in Windows it is not. .ssh is a regular file or directory name. It may be hidden, but then you have to set the hidden attribute, for instance with the command attrib +h .ssh
Also, there is no need to specify -i identityfilename as it defaults to C:\users\<user>\.ssh\known_hosts
The log you show also confirms the host "ip_add" is found in that file. I would say the keys don't match. Easiest way to solve is to remove the line with the host name or IP address "ip_add" (with notepad or any text editor) and just repeat ssh -v administrator#ip_add.
Provided the host with that name or address exists, this will prompt you
The authenticity of host 'ip_add (192.168.1.135)' can't be established.
ECDSA key fingerprint is SHA256:JxuqbzMam5Mgpa52B+xUsSd/3F6kb+yghZKnDX6ipQU.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
and when you respond with yes the host will be added to the known_hosts file again, this time with a correct fingerprint. And the connection should be established.
this is a late answer but I had the same issue
Windows can't see hidden things
First thing (but has nothing to do with the problem) : avoid the Power Shell(it is too powerful), use a simply CMD or best use the Git Bash (https://gitforwindows.org/)
Second, your syntax is almost OK, but you placed the keys in hidden folder
C:\Users\yourname\.ssh\id_rsa and you should place it in a folder that is not hidden like this C:\Users\yourname\ssh\id_rsa and then you can access it like this :
C:\WINDOWS\system32> cd C:\Users\yourname\
C:\Users\yourname/> ssh <user>#<ssh_server> -p 22 -i ~/ssl/id_rsa
Where do you know?
debug1: No more authentication methods to try.
means definitively that you have not the same keys on your host and on remote , or there is a key here and no key there (or combinations of this) it has checked them all and says that "there are NO MORE keys to try".
You must place the same keys on both places in a way the system can read them. You pay attention to this 2 lines:
debug1: identity file C:/Users/*/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
he was not able to read the key in the local hidden folder. So ... by moving it in a not hidden folder it will work.
I recently encountered a similar problem on Windows 10 and found the root cause (sort of) and the solution.
My tool chain involved was:
Visual Studio 2019 with git using ssh protocol and a key pair
Sourcetree also using git
A private bitbucket server.
My scenario was this: I installed Visual Studio 2019 with git using ssh protocol with my key pairs and was using it successfully, and then I installed Sourcetree (to get hunk commits instead of whole file commits) and Sourcetree worked but Visual Studio no longer could use git sync/commits.
The key to solving the problem was adding this environment variable: GIT_SSH_COMMAND=ssh -vvv
After restarting Visual Studio I could then get verbose information about the ssh failure using git.
The important debug output was this:
debug1: send_pubkey_test: no mutual signature algorithm
This is when I realized that something was incompatible between my key pair and bitbucket server ssh algorithm. I did not diagnose the exact problem (which I believe is due to obsolete RSA keys) but instead I simply created a new key pair using:
ssh-keygen -t ed25519
then uploaded to the bitbucket server and "bob's your uncle"
12 hours to find, 2 minutes to fix.
I got this same error and searched around for quite a while, changed the permission on my private key, created a new non-admin user to connect with, tried a few other things. Followed these links (among others):
https://geekrewind.com/how-to-set-up-ssh-key-login-with-windows-11/
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement
For me, the issue was I had created my keypair using puttygen and OpenSSH on Windows didn't like the format of my PUBLIC key (I had already exported the private key to .pem format).
In my authorized_keys file, the original format was:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "xxxx"
xxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxx
---- END SSH2 PUBLIC KEY ----
changed it to:
ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
all on one line, no line breaks, no comment, and everything worked fine.
I know this is an old thread, but hopefully this helps someone.
Related
This problem is occurring on a MacStudio running Monterey 12.6.
I have a ksh script that issues an ssh command to connect to a NAS server. The script runs fine from terminal command line. It runs fine in cron when the Mac is not sleeping.
If I put the Mac to sleep (or if the cron runs overnight after my screen locks), it fails with:
Permission denied, please try again.
Permission denied, please try again.
AdminID#10.0.0.135: Permission denied (publickey,password).
I created the cron job in my user ID which has admin authority.
The ssh key was setup with a passphrase by my user ID using ssh-keygen. The key passphrase is in the 'local items' keychain. I've setup the associated public key on the NAS for the NAS AdminID (e.g. AdminID on NAS is just an alias for MyUserID). My .ssh/config file looks like:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
User MyUserID
The script has code as follows:
if [[ $SSH_AGENT_SOCK == "" ]]; then
export SSH_AGENT_SOCK=$(/usr/sbin/lsof -a -w -p $(pgrep ssh-agent) -U -F -n | \
sed -n 's/^n//p')
fi
ssh -v -p 123 AdminID#10.0.0.135 exit
The mail that cron sent has the following:
Subject: Cron <MyUserID#MacStudio1> /Users/MyUserID/bin/BackupTasks.sh Test
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=MyUserID>
X-Cron-Env: <USER=MyUserID>
Message-Id: <20221023215731.617631C11C66#MacStudio1.localdomain>
Date: Sun, 23 Oct 2022 14:57:01 -0700 (MST)
CheckAccess: Error: Cannot ssh to AdminID#10.0.0.135::NetBackup/MacStudio1
OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/MyUserID/.ssh/config
debug1: /Users/MyUserID/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 10.0.0.135 [10.0.0.135] port 123.
debug1: Connection established.
debug1: identity file /Users/MyUserID/.ssh/id_rsa type 0
debug1: identity file /Users/MyUserID/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2
debug1: compat_banner: match: OpenSSH_8.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.0.0.135:123 as 'AdminID'
debug1: load_hostkeys: fopen /Users/MyUserID/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:1cNPPyeN3o/ncJlhdJWlzP8BSYmX1i3UX+pqTX8zAcU
debug1: load_hostkeys: fopen /Users/MyUserID/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: checking without port identifier
debug1: load_hostkeys: fopen /Users/MyUserID/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '10.0.0.135' is known and matches the ED25519 host key.
debug1: Found key in /Users/MyUserID/.ssh/known_hosts:1
debug1: found matching key w/out port
debug1: check_host_key: hostkey not known or explicitly trusted: disabling UpdateHostkeys
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/MyUserID/.ssh/id_rsa RSA SHA256:/fsQmP5UzRhE7Z08P3J5p362K3jPotWq3JxnVPccIMs explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/MyUserID/.ssh/id_rsa RSA SHA256:/fsQmP5UzRhE7Z08P3J5p362K3jPotWq3JxnVPccIMs explicit
debug1: Server accepts key: /Users/MyUserID/.ssh/id_rsa RSA SHA256:/fsQmP5UzRhE7Z08P3J5p362K3jPotWq3JxnVPccIMs explicit
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
NBadmin#10.0.0.10: Permission denied (publickey,password).
So it appears that I have connected to the ssh agent (SSH_AUTH_SOCK is the same as while in Terminal - i.e /private/tmp/com.apple.launchd.mwxteEeOeKa/Listeners ), so it appears the agent didn't shut down because the Mac is sleeping. I believe the above is saying it cannot get the passphrase from the keychain.
I'm not a keychain expert, but my understanding is there are three classes of keychain service:
Key is always accessible
Key is available from last login until next reboot.
Key is available while logged in.
I guessing my ssh key passphrase is in the third class mentioned above and that is why the passphrase is inaccessible.
So, anyway, I guess I'm looking for a reasonably secure way to run a cron job that needs an ssh key. I'm not sure whether I get logged out when the screen locks or not. Assuming I'm not logged out, I think I would be OK if the key remained accessible from last login to reboot (which is generally all the time - I don't shutdown). But I'm not sure how to get my ssh key into that class or whether this is not secure. This is a home computer and I'm basically the only user. The computer and NAS are on a local network behind an Xfinity gateway/modem.
Update: I tried setting the Energy Saver to Prevent Automatically Sleep When display is off, and then ran after locking the screen. It didn't help.
Things I haven't done:
Use a key without a passphase. (Not best for security - and then the key ends up in Time Machine and is set to the NAS and then the cloud - though planning on encrypting the data sent to cloud.)
Set up an SSH key for root and run the cron in root. (Probably not great to run in root in general).
Can anyone suggest a path forward?
Login works with LightsailDefaultPrivateKey-eu-west-1.pem but not with my own key-pair.
I tried to generate the keys with 'ssh-keygen -t rsa -b 4096 -C "my#email.com" -f ~/.ssh/lsail-mikemittererat-eu-west-1.pem'
I also tried to generate a key on AWS/S2, dowloaded it, generated a public key out of the private key and uploaded it to LightSail - the same result. It doesn't work.
Error-Message:
ssh -i ~/.ssh/ssh_my-website ubuntu#
Permission denied (publickey).
This is what I get if I use the -v option:
ssh -v -i ~/.ssh/lsail-mikemittererat-eu-west-1.pem ubuntu#<public ip>
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to <public ip> [<public ip>] port 22.
debug1: Connection established.
debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <public ip>:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6u6vqWOSbOSNiPYAOqa5q/epSntR7GG5dvFzKuUAJOQ
debug1: Host '<public ip>' is known and matches the ECDSA host key.
debug1: Found key in /Users/mikemitterer/.ssh/known_hosts:38
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
permission of .pem is set to 600, .ssh ist set to 700
I was able to get this to work as follows:
Generated the SSH keypair as you described above (ssh-keygen -t rsa -b 4096 -C "my#email.com" -f ~/certs/test.pem)
changed permissions on the private key file (chmod 600 test.pem)
ssh'd into the instance using the lightsail integrated console and added the public key to the ~/.ssh/authorized_keys file
I was able to access the instance using ssh -i ~/certs/lightsail.pem ubuntu#
Let me know if this works, or if I'm missing something.
I had same issue for hours, and finally solved it. Here is what I did:
Download the pem file into a folder.
Then run this:
$chmod 600 KEYFILE.pem
And this:
$ssh -i "KEYFILE.pem" bitnami#your_static_ip
As I remember, I've tried the same thing as you, but it didn't work.
I followed all of the steps listed in Add new user accounts with SSH access using an AWS key and a 3rd-party generated key and still got the <USER>#<HOSTNAME>: Permission denied (publickey) error. It turned out that I needed to fix the directory permissions for my custom home directory location and had nothing to do with how I generated the key or uploaded it to the instance.
The required directory permissions detailed in the Troubleshoot "Permission denied (publickey)" knowledge-base article state that the following permissions should be used:
The parent directory of the user's home directory (e.g. /home): 755
The user's home directory (e.g. /home/ec2-user): 700
The user's .ssh/ directory (e.g. /home/ec2-user/.ssh): 0700
The user's authorized_keys file (e.g. /home/ec2-user/.ssh/authorized_keys): 600
Once my directory permissions were correct, my configured key started working.
If the other solutions provided did not work, you might need to check to make sure the username you want to ssh is the owner of .bash_logout, .bashrc, .profile, .ssh and the authorized_keys and known_hosts inside .ssh.
You can login with your main bitnami username to check the above using ls -lash and change them using chown if needed. For example,
sudo chown yoursshusername .bash_logout
I have a dnssec zone and want to publish ssh keys in, using sshfp.
So, on the host which holds the keys, I run :
ssh-keygen -r localhost
which gives me the results :
localhost IN SSHFP 1 1 223458a4e3f4cae23a2365a127a9fc5dbfc4df0b
localhost IN SSHFP 1 2 cf04e11c129c465e90afc3fc68b0a9c6f256e7c3dc2f0ef0d61557f5848cc2bb
then I placed it in my dnssec zone (which the correct hostname obviously), resign the zone and check by a dig query. Everything is fine.
And then, a ssh query says the thing is wrong :
stephane#luciole:~$ ssh -v -o VerifyHostKeyDNS=yes host
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Reading configuration data /home/stephane/.ssh/config
debug1: /home/stephane/.ssh/config line 1: Applying options for host
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to host [2001:16d8:d0:205::5]
debug1: Connection established.
debug1: identity file /home/stephane/.ssh/id_rsa type 1
debug1: identity file /home/stephane/.ssh/id_rsa-cert type -1
debug1: identity file /home/stephane/.ssh/id_dsa type -1
debug1: identity file /home/stephane/.ssh/id_dsa-cert type -1
debug1: identity file /home/stephane/.ssh/id_ecdsa type -1
debug1: identity file /home/stephane/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/stephane/.ssh/id_ed25519 type -1
debug1: identity file /home/stephane/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Debian-7
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 4d:57:c1:77:2d:cf:6b:46:d4:83:24:3c:b7:d4:0d:67
debug1: found 4 insecure fingerprints in DNS
debug1: mismatching host key fingerprint found in DNS
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
4d:57:c1:77:2d:cf:6b:46:d4:83:24:3c:b7:d4:0d:67.
Please contact your system administrator.
Update the SSHFP RR in DNS with the new host key to get rid of this message.
debug1: checking without port identifier
The authenticity of host '[host] ([2001:16d8:d0:205::5])' can't be established.
ECDSA key fingerprint is 4d:57:c1:77:2d:cf:6b:46:d4:83:24:3c:b7:d4:0d:67.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)?
So why am I having ?
I am now working in safe environnement, local network with direct access to the server. There's no MITM possible.
when creating the dns sshfp, I didn't noticed I had only four sshfp RR whereas I have three ssh keys (two sshfp per key).
So I return and generated one by one the sshfp in the ssh directory, and compaired with what I had in dns. It appeared I didn't have the ecdsa key.
So I specifically generate the sshfp with this key. Registered it in the zone, and signed it. After that, when I tried a ssh connection with VerifyHostKeyDNS and verbose, ssh said well it founded the correct ssh fingerprints !
cd /etc/ssh
ls
ssh_config
ssh_dsa_key
ssh_dsa_key.pub
...
ssh-keygen -r host -f ssh_host_ecdsa_key
I have a simple remote ssh command in script, nohupssh.sh
sleep 30
ssh -v -l developer server11 "/usr/local/jdk1.7.0_45/bin/jmap -histo:live 1770;"
I run the script as follows:
nohup nohupssh.sh > out.log 2>&1 &
When I execute it as shown above, the jmap utility successfully executes on the remote server. However, if I execute it as shown above and exit the bash shell, I get the error shown below.
Note that I have a properly formatted authorized_keys in both local and remote servers. Also note that there is NO id_rsa in either server since these servers are shared.
I've tried many combinations:
ssh -v -A -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null server11 ....
but to no avail. I've closely examined the man page for ssh for clues, trying various options. I presume there must be a single or set of ssh options that will solve this problem. The real script (rather than the abridged above) has scp as well. Hence, I hope the options that are eluding me will work for both scp and ssh.
The full verbose log is
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /home/developer/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server11 [10.255.10.20] port 22.
debug1: fd 4 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /home/developer/.ssh/identity type -1
debug1: identity file /home/developer/.ssh/id_rsa type -1
debug1: identity file /home/developer/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Warning: Permanently added 'server11,10.255.10.20' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
****************************************************************************
WARNING: Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored.
****************************************************************************
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/developer/.ssh/identity
debug1: Trying private key: /home/developer/.ssh/id_rsa
debug1: Trying private key: /home/developer/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
I had this read_passphrase: can't open /dev/tty error when my private key was wrongly formatted - instead of many lines, it was passed as a one-liner, and you might have any other format issue like a forgotten "-" at the start or end, or something wrong at the end of the lines, like a missing newline format or an additional letter at the end of a line.
See Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty” for more details, in short:
The main error is caused by the
echo "$ssh_prv_key" > /root/.ssh/id_rsa
which passes a wrongly formatted ssh_prv_key, as just one line, although the private key needs many lines.
With the main idea from Add private key to ssh-agent in docker file, which again had the idea from Gitlab CI/Docker: ssh-add keeps asking for passphrase.
From the error log:
Authentications that can continue: publickey,password
Since you don't have a publickey set up ("there is NO id_rsa"), you need to enter a password to access the remote server, but you've disconnected stdin:
read_passphrase: can't open /dev/tty: No such device or address
SSH is not very amenable to hacks to automate password entry, so if you can't put an id_rsa on there, your best bet is to background and detach after entering the remote server's password. Try ^Z:
Run nohup nohupssh.sh > out.log 2>&1
Wait 30 seconds, then enter the remote server password
Hit control-Z
Run bg %1
You should now be able to exit the shell.
So, I'm going through this tutorial (Running Hadoop on windows using cygwin...) to setup hadoop on my WINDOWS (please don't ask why I would use Linux). So I got to this point that I need to SSH to my localhost and test the SSH using Cygwin, but it closes the connection and says:
Connection closed by 127.0.0.1
I've googled a lot but couldn't find any proper answer for my problem.
P.S.: I'm running cygwin on Windows 7 professional x64
any idea?
BTW, Here is a sample run:
$ ssh -v localhost
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/Soroush/.ssh/id_rsa type 1
debug1: identity file /home/Soroush/.ssh/id_rsa-cert type -1
debug1: identity file /home/Soroush/.ssh/id_dsa type -1
debug1: identity file /home/Soroush/.ssh/id_dsa-cert type -1
debug1: identity file /home/Soroush/.ssh/id_ecdsa type -1
debug1: identity file /home/Soroush/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 19:2d:f6:84:4d:e5:0d:d4:5e:e6:e5:a4:6a:3c:ea:8b
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/Soroush/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/Soroush/.ssh/id_rsa
Connection closed by 127.0.0.1
When you installed Cygwin and ran ssh-host-config, you might have created user cyg_server. So when you are connecting to ssh, you need to use the user cyg_server#localhost.
When you run ssh with that user, it will ask you for the password that you provided when you ran ssh-host-config.
$ ssh cyg_server#localhost
cyg_server#localhost's password:
Last login: Mon Dec 31 01:14:44 2012 from ::1
cyg_server#polorumpus ~
$
I hope it will be useful.
It looks like the key isn't being accepted. Check that /home/Soroush/.ssh/id_rsa.pub has been added to /home/Soroush/.ssh/authorized_keys
I would also check that
RSAAuthentication yes is set in /etc/ssh/sshd_config
I had to do these to fix the problem:
chown <USERNAME> /var/log/sshd.log
chown -R <USERNAME> /var/empty
chown <USERNAME> /etc/ssh*
chmod 755 /var/empty
chmod 644 /var/log/sshd.log
Note that the is my desired user name, not cyg_server.
I Found this post relating to my issue, but it turned out that my cyg_server account did not have administrator privilege.
I had the same problem, and it was generated by Putty authentication agent (Pageant): it was running with a private key. For some reason, it tried to use it to connect to localhost. If I closed Pageant (or removed the key), I could ssh to localhost.
But as I wanted to have Pageant running (to be a client of other ssh servers), I managed to modify the local sshd service, so that it 'ignored' in some way Pageant, to accept connections:
Modify /etc/ssh/sshd_config:
PubkeyAuthentication no
Now, it works
I had to use the 64-bit version of Cygwin to get this to work.