"Failed to connect to the host via ssh: Permission denied (publickey).", [duplicate] - ssh

I generate a ssh key pair on my mac and add the public key to my ubuntu server(in fact, it is a virtual machine on my mac),but when I try to login the ubuntu server,it says:
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for '/Users/tudouya/.ssh/vm/vm_id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Permission denied (publickey,password).
I have tried many ways to solve this, change the key file mode, change the folder mode,as some answer on stackoverflow,but it doesn't work.
the key file permission:
vm dir:
drwxr-xr-x 4 tudouya staff 136 4 29 10:37 vm
key file:
-rw------- 1 tudouya staff 1679 4 29 10:30 vm_id_rsa
-rw-r--r-- 1 tudouya staff 391 4 29 10:30 vm_id_rsa.pub
please give me some idea...
=========================================
I write the host infomation to ssh_config:
Host ubuntuvm
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa.pub
I run command "ssh -v ubuntuvm",it displays:
ssh -v ubuntuvm
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 103: Applying options for *
debug1: /etc/ssh_config line 175: Applying options for ubuntuvm
debug1: Connecting to 10.211.55.17 [10.211.55.17] port 22.
debug1: Connection established.
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub type 1
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-8 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 55:6d:4f:0f:23:51:ac:8e:70:01:ec:0e:62:9e:1c:10
debug1: Host '10.211.55.17' is known and matches the RSA host key.
debug1: Found key in /Users/tudouya/.ssh/known_hosts:54
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
debug1: Server accepts key: pkalg ssh-rsa blen 279
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for '/Users/tudouya/.ssh/vm/vm_id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
debug1: No more authentication methods to try.
Permission denied (publickey,password).

I suggest you to do:
chmod 400 ~/.ssh/id_rsa
It works fine for me.

debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub type 1
It appears that you're trying to use the wrong key file. The file with the ".pub" extension contains the public portion of the key. The corresponding file without the ".pub" extension contains the private part of the key. When you run an ssh client to connect to a remote server, you have to provide the private key file to the ssh client.
You probably have a line in the your .ssh/config file (or /etc/ssh_config) which looks like this:
IdentityFile .../.ssh/vm/vm_id_rsa.pub
You need to remove the ".pub" extension from the filename:
IdentityFile .../.ssh/vm/vm_id_rsa

Key should be readable by the logged in user.
Try this:
chmod 400 ~/.ssh/Key file
chmod 400 ~/.ssh/vm_id_rsa.pub

chmod 400 path/to/filename
This work for me. When I did this file I am able to connect to my EC2 instance

change your KEY permission to
chmod 400 your_key.pem
It should work !

After running below command it works for me
sudo chmod 600 /path/to/my/key.pem

In my case, it was a .pem file. Turns out holds good for that too. Changed permissions of the file and it worked.
chmod 400 ~/.ssh/dev-shared.pem
Thanks for all of those who helped above.

SSH keys are meant to be private so a 644 permission is too open.
Binary references to set Permissions
r(read) = 4
w(write) = 2
x(execute) = 1
So by adding these numbers and by passing the summed digit to chmod command,We set the permission of file/directory.
The first digit sets permission for the owner, second digit for group and the third one for all other users on the system who have no right to the file.
A permission of 644 means
(4+2) = read/write permission for the owner
(4) = read permission for the group
(4) = read permission for all other users
By changing the the permission of the file to 400 using
chmod 400 <filename>
solves the issue. As it makes the key read-only accessible to the owner.
Ref: https://www.linux.com/training-tutorials/understanding-linux-file-permissions/

Lot's of similar answers but no explanations...
The error is thrown because the private key file permissions are too open. It is a security risk.
Change the permissions on the private key file to be minimal (read only by owner)
Change owner chown <unix-name> <private-key-file>
Set minimal permissions (read only to file owner) chmod 400 <private-key-file>

If the keys are in the ~/.ssh directory , use
chmod 400 ~/.ssh/id_rsa
If the keys are in different directory, use
chmod 400 directory_path/id_rsa
This worked for me.

chmod 600 id_rsa
Run above command from path where key is stored in vm ex: cd /home/opc/.ssh

I have similar issue and solved it by changing the permission of the respective files and folder worked for me.
This is the solution which is worked for me:
$ chmod 0600 ~/.ssh/id_rsa.pub
$ chmod 0600 ~/.ssh/authorized_keys
$ chmod 0600 ~/.ssh/id_rsa
$ chmod 0700 ~/.ssh

You have to run the command bellow
chmod 400 /path/to/my/key.pem

As for me, the default mode of id_rsa is 600, which means readable and writable.
After I push this file to a git repo and pull it from another pc, sometimes the mode of the private key file becomes -rw-r--r--.
When I pull the repo with ssh after specify the private key file, it failed and prompted warnings the same with you. Following is my script.
ssh-agent bash -c "ssh-add $PATH_OF_RSA/id_rsa; \
git pull git#gitee.com:someone/somerepo.git "
I fix this problem just by changing the mode to 600.
chmod 600 $PATH_TO_RSA/id_rsa

giving permision 400 makes the key private and not accessible by someone unknown. It makes the key as a protected one.
chmod 400 /Users/tudouya/.ssh/vm/vm_id_rsa.pub

Just run below to your pem's
sudo chmod 600 /path/to/my/key.pem

If youre using a .ssh/config file try to
chmod 0400 .ssh/config
then:
chmod 0400 .ssh/<<KEYFILE_PATH>>

This should do the trick:
chmod 600 id_rsa

chmod 400 /etc/ssh/* works for me.

Those who suggested chmod 400 id_rsa.pub did not sound right at all. It was quite possible that op used pub key instead of private key to ssh.
So it might be as simple as ssh -i /Users/tudouya/.ssh/vm/vm_id_rsa (the private key) user#host to fix it.
--- update ---
Check this article https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2 for how to set up ssh key

I had this issue with a macbook m1, I later realized that i was missing sudo from the connection script
sudo ssh -i "key.pem" ubuntu#IP_Address
Ensure you are not missing the sudo in your connection script if you are using a macbook.

This problem had a quick and easy fix. You just had to change the permissions on the pem file using the following command.
chmod 400 /Users/yourUserName/pathOfYourFile/fileName.pem
This command will make the file read only and remove all other permissions on the file

There has been a lot of great explanation above, so I recommend reading and understanding.
Here is my simple step by step solution:
On your terminal, run:
open ~/.ssh/config
In your file, you will see something similar to this (in my personal case):
Host *
IgnoreUnknown UseKeychain
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519.pub
or like this (as per the example in this question).
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Remove the ".pub" extention from the last line, which should look like:
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa
or in my case:
Host *
IgnoreUnknown UseKeychain
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Save the file and test your ssh connection.

i had similar issues and this was what i did and it worked.
sudo ssh -i webhost.pem ubuntu#ipaddress

I removed the .pub file, and it worked.

Related

why does "ssh root#server" need a id_dsa key?

Why find .ssh/iddsa file. there is no such a file. just id_rsa.
So the issue is that I can login to my server just fine using:
ssh root#SERVER_IP_ADRESS
But when I try to login with a user I created from root:
ssh USERNAME#SERVER_IP_ADRESS5
I get:
Permission denied (publickey).
The steps I went through before this.
SSH generated a key
Created an Ubuntu 16.04 droplet with given SSH key.
SSH into server with root
$ adduser username
usermod -aG sudo username
`$ ssh -vvv root#serverip
OpenSSH7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /etc/ssh/sshconfig
debug1: /etc/ssh/sshconfig line 48: Applying options for *
debug2: sshconnectdirect: needpriv 0
debug1: Connecting to cleanproject port 22.
debug1: Connection established.
debug1: identity file /Users/happy/.ssh/idrsa type 0
....
...
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/happy/.ssh/id_dsa
debug3: no such identity: /Users/happy/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /Users/happy/.ssh/id_ecdsa
debug3: no such identity: /Users/happy/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/happy/.ssh/id_ed25519
debug3: no such identity: /Users/happy/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
root#server: Permission denied (publickey).`
Below steps should help to create and authenticate the new user on the instance.
Ssh into your instance using public key.
Create a new user: $ sudo adduser test123
Change the shell session: $ sudo su test123
Create .ssh folder: $mkdir .ssh
Change the permission: $ chmod 700 .ssh
Confirm $pwd is /home/test123
In .ssh folder, execute these
$ touch authorized_keys
$ chmod 600 authorized_keys
paste your public key here from your local system, id_rsa.pub is the default name if not edited while saving. make sure no extra spaces are copied.
It should work!.
$ssh test123#ip-address

SSH Key: “Permissions 0644 for 'id_rsa.pub' are too open.” on mac

I generate a ssh key pair on my mac and add the public key to my ubuntu server(in fact, it is a virtual machine on my mac),but when I try to login the ubuntu server,it says:
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for '/Users/tudouya/.ssh/vm/vm_id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Permission denied (publickey,password).
I have tried many ways to solve this, change the key file mode, change the folder mode,as some answer on stackoverflow,but it doesn't work.
the key file permission:
vm dir:
drwxr-xr-x 4 tudouya staff 136 4 29 10:37 vm
key file:
-rw------- 1 tudouya staff 1679 4 29 10:30 vm_id_rsa
-rw-r--r-- 1 tudouya staff 391 4 29 10:30 vm_id_rsa.pub
please give me some idea...
=========================================
I write the host infomation to ssh_config:
Host ubuntuvm
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa.pub
I run command "ssh -v ubuntuvm",it displays:
ssh -v ubuntuvm
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 103: Applying options for *
debug1: /etc/ssh_config line 175: Applying options for ubuntuvm
debug1: Connecting to 10.211.55.17 [10.211.55.17] port 22.
debug1: Connection established.
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub type 1
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-8 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 55:6d:4f:0f:23:51:ac:8e:70:01:ec:0e:62:9e:1c:10
debug1: Host '10.211.55.17' is known and matches the RSA host key.
debug1: Found key in /Users/tudouya/.ssh/known_hosts:54
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
debug1: Server accepts key: pkalg ssh-rsa blen 279
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for '/Users/tudouya/.ssh/vm/vm_id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
debug1: No more authentication methods to try.
Permission denied (publickey,password).
I suggest you to do:
chmod 400 ~/.ssh/id_rsa
It works fine for me.
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub type 1
It appears that you're trying to use the wrong key file. The file with the ".pub" extension contains the public portion of the key. The corresponding file without the ".pub" extension contains the private part of the key. When you run an ssh client to connect to a remote server, you have to provide the private key file to the ssh client.
You probably have a line in the your .ssh/config file (or /etc/ssh_config) which looks like this:
IdentityFile .../.ssh/vm/vm_id_rsa.pub
You need to remove the ".pub" extension from the filename:
IdentityFile .../.ssh/vm/vm_id_rsa
Key should be readable by the logged in user.
Try this:
chmod 400 ~/.ssh/Key file
chmod 400 ~/.ssh/vm_id_rsa.pub
chmod 400 path/to/filename
This work for me. When I did this file I am able to connect to my EC2 instance
change your KEY permission to
chmod 400 your_key.pem
It should work !
After running below command it works for me
sudo chmod 600 /path/to/my/key.pem
In my case, it was a .pem file. Turns out holds good for that too. Changed permissions of the file and it worked.
chmod 400 ~/.ssh/dev-shared.pem
Thanks for all of those who helped above.
SSH keys are meant to be private so a 644 permission is too open.
Binary references to set Permissions
r(read) = 4
w(write) = 2
x(execute) = 1
So by adding these numbers and by passing the summed digit to chmod command,We set the permission of file/directory.
The first digit sets permission for the owner, second digit for group and the third one for all other users on the system who have no right to the file.
A permission of 644 means
(4+2) = read/write permission for the owner
(4) = read permission for the group
(4) = read permission for all other users
By changing the the permission of the file to 400 using
chmod 400 <filename>
solves the issue. As it makes the key read-only accessible to the owner.
Ref: https://www.linux.com/training-tutorials/understanding-linux-file-permissions/
Lot's of similar answers but no explanations...
The error is thrown because the private key file permissions are too open. It is a security risk.
Change the permissions on the private key file to be minimal (read only by owner)
Change owner chown <unix-name> <private-key-file>
Set minimal permissions (read only to file owner) chmod 400 <private-key-file>
If the keys are in the ~/.ssh directory , use
chmod 400 ~/.ssh/id_rsa
If the keys are in different directory, use
chmod 400 directory_path/id_rsa
This worked for me.
chmod 600 id_rsa
Run above command from path where key is stored in vm ex: cd /home/opc/.ssh
I have similar issue and solved it by changing the permission of the respective files and folder worked for me.
This is the solution which is worked for me:
$ chmod 0600 ~/.ssh/id_rsa.pub
$ chmod 0600 ~/.ssh/authorized_keys
$ chmod 0600 ~/.ssh/id_rsa
$ chmod 0700 ~/.ssh
You have to run the command bellow
chmod 400 /path/to/my/key.pem
As for me, the default mode of id_rsa is 600, which means readable and writable.
After I push this file to a git repo and pull it from another pc, sometimes the mode of the private key file becomes -rw-r--r--.
When I pull the repo with ssh after specify the private key file, it failed and prompted warnings the same with you. Following is my script.
ssh-agent bash -c "ssh-add $PATH_OF_RSA/id_rsa; \
git pull git#gitee.com:someone/somerepo.git "
I fix this problem just by changing the mode to 600.
chmod 600 $PATH_TO_RSA/id_rsa
giving permision 400 makes the key private and not accessible by someone unknown. It makes the key as a protected one.
chmod 400 /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Just run below to your pem's
sudo chmod 600 /path/to/my/key.pem
If youre using a .ssh/config file try to
chmod 0400 .ssh/config
then:
chmod 0400 .ssh/<<KEYFILE_PATH>>
This should do the trick:
chmod 600 id_rsa
chmod 400 /etc/ssh/* works for me.
Those who suggested chmod 400 id_rsa.pub did not sound right at all. It was quite possible that op used pub key instead of private key to ssh.
So it might be as simple as ssh -i /Users/tudouya/.ssh/vm/vm_id_rsa (the private key) user#host to fix it.
--- update ---
Check this article https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2 for how to set up ssh key
I had this issue with a macbook m1, I later realized that i was missing sudo from the connection script
sudo ssh -i "key.pem" ubuntu#IP_Address
Ensure you are not missing the sudo in your connection script if you are using a macbook.
This problem had a quick and easy fix. You just had to change the permissions on the pem file using the following command.
chmod 400 /Users/yourUserName/pathOfYourFile/fileName.pem
This command will make the file read only and remove all other permissions on the file
There has been a lot of great explanation above, so I recommend reading and understanding.
Here is my simple step by step solution:
On your terminal, run:
open ~/.ssh/config
In your file, you will see something similar to this (in my personal case):
Host *
IgnoreUnknown UseKeychain
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519.pub
or like this (as per the example in this question).
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Remove the ".pub" extention from the last line, which should look like:
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa
or in my case:
Host *
IgnoreUnknown UseKeychain
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Save the file and test your ssh connection.
i had similar issues and this was what i did and it worked.
sudo ssh -i webhost.pem ubuntu#ipaddress
I removed the .pub file, and it worked.

Matching key found, but still require password [preauth]

I use SSH to connect to a machine. There is no password access, only an existing SSH key which works.
I need to create a new key (production.key, production.key.pub) which I did like this, without choosing a passphrase:
cd /home
sudo ssh-keygen -t rsa
I then copied the public key to the machine like this:
cat /home/production.key.pub | ssh -i /home/old_key user#<IP> "cat >> /root/.ssh/authorized_keys"
I then tried to log in like this:
ssh -i /home/production.key user#<IP>
But I still get a password prompt. So I tried again with sshd in debug mode, and got this output:
debug1: matching key found: file /root/.ssh/authorized_keys, line 2 RSA XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
debug1: restore_uid: 0/0
Postponed publickey for root from XX.XX.XX.XX port 60407 ssh2 [preauth]
debug1: userauth-request for user root service ssh-connection method password [preauth]
What am I doing wrong? Why do I still get a password prompt when it says 'matching key found'? How do I fix this?
I had the same message from sshd and figured out the private key file was actually missing on the client side. Only the public key was there.
I fixed this by changing the permissions on the private key from 600 to 644:
sudo chmod 644 /home/production.key

Can't ssh to AWS EC2: Identity file not accessible [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 11 months ago.
Locked. This question and its answers are locked because the question is off-topic but has historical significance. It is not currently accepting new answers or interactions.
I'm unable to ssh to my EC2 server and am getting the error:
ssh -i /Users/Skeniver/Keepass/skeniver.pem ubuntu#xx.xxx.xx.xxx
Identity file /Users/Skeniver/Keepass/skeniver.pem not accessible: No such file or directory
The file is definitely in the directory and I've chmod'd the directory to 755 and the file to 600:
drwxr-xr-x 14 Skeniver staff 476 28 Nov 2012 Keepass
-rw------- 1 Skeniver staff 1696 5 Oct 2012 skeniverkey.pem
I'm pretty sure it's a permissions problem, but can't figure out why...
Here is the output of the ssh command using -v, in case it's of any use:
Warning: Identity file /Users/Skeniver/Keepass/skeniver.pem not accessible: No such file or directory.
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to xx.xxx.xx.xxx [xx.xxx.xx.xxx] port 22.
debug1: Connection established.
debug1: identity file /Users/Skeniver/.ssh/identity type -1
debug1: identity file /Users/Skeniver/.ssh/id_rsa type 1
debug1: identity file /Users/Skeniver/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'xx.xxx.xx.xxx' is known and matches the RSA host key.
debug1: Found key in /Users/Skeniver/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/Skeniver/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/Skeniver/.ssh/identity
debug1: Trying private key: /Users/Skeniver/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
You need the identity file to login to the box. Use the command:
ssh -i (identity_file) username#hostname"
This worked for me. Write just the filename (without any slashes), unlike Amazon EC2 tutorial which asks you to enter:
ssh -i /path/key_pair.pem ec2-user#public_dns_name
It worked for me after putting the identity file in the .ssh (hidden) folder on home. To view hidden folders on home, use ctrl+h
I had similar issue and found that there was hidden char in command, pasting to plain text editor and copy back helped me.
I was having this same issue. Storing the identity file in my ~/.ssh directory and running cd ~/.ssh before ssh -i (identity_file) username#hostname worked. I only ran into the issue when trying to run the ssh command from outside the ~/.ssh directory. Hopefully that helps
For your case just
just execute the following command to change permission
sudo chmod 400 /Users/Skeniver/Keepass/skeniver.pem
and then execute the command that will connect you to EC2
ssh -i /Users/Skeniver/Keepass/skeniver.pem ubuntu#xx.xxx.xx.xxx
I had the same problem and i found that the issue with the file path.
Right click on the your key_pair.pem (identical file) go the properties and copy and now your comment is like
ssh -i /path/skeniver.pem user#your_public_ip
for example in my case command like
ssh -i /home/anil/.ssh/webKey.pem ec2-user#ec2-45-349-50-38.us-west-2.compute.amazonaws.com
chmod 600 ~/.ssh/public_key_file solved for me
Looks like you typed the wrong filename. You're specifying the filename skeniver.pem in your command, but it looks like your filename is actually skeniverkey.pem.
There are multiple reasons to occurring this error.
1 you are trying to access from whatever path which is not match
2 either you do not have permission to do access
3 if you do not have access to that particular file you can try to change the mode of permission
like the above solution
sudo chmod 400 /Users/Skeniver/Keepass/skeniver.pem
even if not then you can co-ordinate with the network or your cloud team whoever manage your cloud server
This is weird, but in my case I was copying the command from a slack message and that repeatedly caused this error, even though I met all the above requirements. Typing the whole command without copying anything from clipboard worked for me. Posting this here and I hope this helps someone one day.
When connecting from a windows environment what did the trick for me was putting the path in quotation marks " as follows:
ssh -i "C:\Users\XXXX\Desktop\XXXX\testing_amazon_linux.pem" ubuntu#XXXX.amazonaws.com
I replaced identifiable things with XXXX but let the rest in place to improve example clarity.
run the command from .ssh directory i.e/Users//.ssh and then execute the command
ssh -v -i #
this worked for me after many failed attempt.
note: please make sure .pem file has necessary permission
chmod 400 <.pem file> before executing the command
I got here while solving same or similar problem. After trying a few things this works for me eventually. I am on MacBook Pro and trying to connect to Ec2 Amazon Linux 2 using VSCode Remote SSH.
I have to update this file
/Users/MrRobot/.ssh/config
There is a config in the file like below.
IdentityFile xx.pem
I have to update this to full path wherever your id_rsa or pem file is.
IdentityFile /Users/MrRobot/.ssh/xx.pem
my solution is move it to the path which is all the english chars
(i am a chinese, and use the chinese windows, when i run the command from the path which contains the chinese chars, it will return "Warning: Identity file debao-visa.pem not accessible: No such file or directory.")
A similar issue occurred and the problem was that the file extension was hidden.
So the real filename was skeniver.pem.txt instead of skeniver.pem
A simple way to determine this is to press tab while typing the filename. So type part of the filename like skenive then hit tab, it should print the rest of the file in the terminal and you should see if it has any part after .pem like .pem.txt.
Try
ssh -i /Users/Skeniver/Keepass/skeniver.pem.txt ubuntu#xx.xxx.xx.xxx
or remove the .txt or any other extension from the name.
You can try a different idea, here's what I did. I couldn't upload to a folder, so I put the uploaded folder to “ ubuntu#xxx.xxx.xx.xx:/tmp ” ,then I uploaded successfully and cp the file on the server afterwards.
Try using
ssh -i Users/Skeniver/Keepass/skeniver.pem ubuntu#xx.xxx.xx.xxx
instead of
ssh -i **/**Users/Skeniver/Keepass/skeniver.pem ubuntu#xx.xxx.xx.xxx
You need the identity file to login to the box.
Use the command
ssh -i (identity_file) username#hostname

CentOS scp without password not working

I have been trying to connect from one EC2 instance to another using ssh public keys and have been having a very tough time.
Here is the scenario:
I need to have box 2 scp a file from box 1 in a script. This script will need to be able to scp without a password so I need to setup public keys.
On box 2 I ran ssh-keygen –t rsa and generated id_rsa and id_rsa.pub
I copied id_rsa.pub to box 1
I moved id_rsa.pub to .ssh and ran cat id_rsa.pug >> authorized_keys
I changed permissions of all .ssh directory to 700 on both boxes and the files themselves to 600.
I have changed the sshd_config settings on box 1 to:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
And then restarted ssh
/sbin/service sshd restart
When I try to scp or ssh into box1 from box1 I get the error:
Address 67.22.33.1 maps to ec2-67-22-33-1.compute-1.amazonaws.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
tomcat#tomcat1.****.com's password:
Any ideas?
I made that change and tried scp to tomcat1 and it failed. Here is the output:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to tomcat1.****.com [67.22.33.15] port 22.
debug1: Connection established.
debug1: identity file /home/tomcat/.ssh/identity type -1
debug1: identity file /home/tomcat/.ssh/id_rsa type 1
debug1: identity file /home/tomcat/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host 'tomcat1.****.com (67.22.33.15)' can't be established.
RSA key fingerprint is 5a:3e:fe:be:b8:0e:05:63:bf:ab:c8:4f:e5:91:db:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'tomcat1.****.com,67.22.33.15' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/tomcat/.ssh/identity
debug1: Offering public key: /home/tomcat/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/tomcat/.ssh/id_dsa
debug1: Next authentication method: password
Your authorized keys line should be
AuthorizedKeysFile %h/.ssh/authorized_keys
The server is looking in the wrong directory for your server.
UPDATE - FIXED IT
restorecon -R -v -d /root/.ssh
This is a known issue with RH where directories get mislabelled and PAM prevends sshd from reading authorized_hosts when run as init script. You'll see the errors if you stumble across /var/log/audit/audit.log. Rare it seems but painful when it happens!
More details at https://bugzilla.redhat.com/show_bug.cgi?id=499343
ORIGINAL POST
I've just hit what looks like exactly this problem. I had a poorly tuned VirtualBox (I hadn't told vbox to use 64bit) -- which when I cloned and restarted (in vbox RedHat 64-bit mode), started asking me for a password.
The original image was fine -- with identical settings -- so I think the suggestion of being networking-related might be relevant, or else to do with server keys.
The weird thing however is that if on the box, I kill the sshd process which autostarted, then manually run /usr/sbin/sshd as root, I can log in passwordless fine. A silly workaround, but usable.
So it is an /etc/init.d/sshd issue. But I haven't been able to track down what it is ... have tried chucking out most of the stuff in that script but it still prompts for password when invoked as /etc/init.d/sshd start but not when at /usr/sbin/sshd.
Maybe these comments can help, and someone can then help further!?
Try removing box1 IP from ~/.ssh/known_hosts, so it renews. Perhaps ssh disables key authentication due to possible 'man in the middle' attack.
If it won't help, add line
GSSAPIAuthentication no
in your /etc/ssh/ssh_config file.
I think this link will solve your problem and I use it to solve my ssh not login problem. The keypoint is to run
ssh root#node02 'restorecon -R -v /root/.ssh'
this command will fix SE
http://blog.firedaemon.com/2011/07/27/passwordless-root-ssh-public-key-authentication-on-centos-6/
After following previous steps I had to set the permission to ".." in the .ssh folder:
Once I had for ~/.ssh:
drwx------ 2 build build 4096 Nov 4 14:35 .
drwx------ 6 build build 4096 Nov 4 14:34 ..
-rw------- 1 build build 400 Nov 4 14:35 authorized_keys
It worked!
Thanks. Damian
I had the exact same problem and have been scratching my head for an entire afternoon.
It turned out to be a small sshd_config file issue.
first, change access mod on .ssh folder of the remote host to user access only.
chmod 700 ~/.ssh
next, go to /etc/ssh/sshd_config, change StrictModes yes to StrictModes no. If it's commented out, then specifically add StrictModes no into the file.
That solved the issue.
And one more thing I just found, I had to edit the .ssh/authorized_keys file to and make hostname fully qualified. Otherwise, I couldn't use the fully qualified name in the scp/ssh command. Now both fully qualified (like "host.company.com") & the relative name ("host") work, given that both hosts are in the "company.com" domain. ssh-keygen created the public key file with just the hostname.