If created a new ssh-key, copied and pasted the public-key to the gitlab project and created a conifg-file in ~/.ssh ...
Still I can't clone the project (I'm not the owner, but I was added as user)
That's what I try (of course I'm using the correct path):
git clone -v git#gitlab.foo.bar.com:bla/blub.git
this gives me
cloning to 'blub' ...
Permission denied (publickey).
fatal: couldn't read from Remote-Repository
Then I tried the following
ssh -vT -i ~/.ssh/gitlab git#gitlab.foo.bar.com:bla
which gives me
OpenSSH_7.2p2, OpenSSL 1.0.2j-fips 26 Sep 2016
debug1: Reading configuration data /user/me/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to gitlab.com [52.167.219.168] port 22.
debug1: Connection established.
debug1: identity file /user/me/.ssh/gitlab type 1
debug1: key_load_public: No such file or directory
debug1: identity file /user/me/.ssh/gitlab-cert type -1
debug1: identity file /user/me/.ssh/gitlab type 1
debug1: key_load_public: No such file or directory
debug1: identity file /user/me/.ssh/gitlab-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to gitlab.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256#libssh.org need=64 dh_need=64
debug1: kex: curve25519-sha256#libssh.org need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw
debug1: Host 'gitlab.com' is known and matches the ECDSA host key.
debug1: Found key in /user/me/.ssh/known_hosts:26
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /user/me/.ssh/gitlab
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /user/me/.ssh/gitlab
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I really don't get it...Cloning and pulling via http works pefectly fine.
SSH doesn't.
Any hints?
EDIT: the config-file in ~/.ssh looks like this (as suggested here)
Host gitlab.foo.bar.com
RSAAuthentication yes
IdentityFile ~/.ssh/gitlab
the private key is named gitlab and the public one is gitlab.pub
EDIT2:
Permission for ~/.ssh is set to 700
and for ~/.ssh/* set to 600
Try the following. This has worked for me.
eval "$(ssh-agent -s)"
ssh-add
Related
I have added a new user to the vagrant machine. And now I am trying to ssh into the vagrant with the new user using public key and without password.
The vagrant file is:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.network "private_network", ip: "192.168.33.30"
end
Then I logged into the vagrant machine by doing vagrant ssh.
And then this is how I have added the new user to the vagrant machine:
sudo adduser new_user --disabled-password
sudo su - new_user
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
Then I generated a new pair of public private key by doing
ssh-keygen -t rsa -b 2048 -C "email#example.com"
Then I copied the public key into the .ssh/authorized_keys file.
I have also modified the /etc/ssh/sshd_config by changing the following lines
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
And then I try to ssh into the vagrant from my machine by doing
ssh new_user#192.168.33.30 -i ../ssh_keys/vagrant
But it is still asking for a password. How can I disable the password?
UPDATE
So, these are the logs:
ssh vagrant#192.168.33.30 -v
Logs:
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
debug1: Reading configuration data /c/Users/payam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.33.30 [192.168.33.30] port 22.
debug1: Connection established.
debug1: identity file /c/Users/payam/.ssh/id_rsa type -1
debug1: identity file /c/Users/payam/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_dsa type -1
debug1: identity file /c/Users/payam/.ssh/id_dsa-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519_sk type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_xmss type -1
debug1: identity file /c/Users/payam/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 192.168.33.30:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3jRn/OmhK6LmNBtpZbgjM64I1+lougeAppjUcJDtQXA
debug1: Host '192.168.33.30' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/payam/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/payam/.ssh/id_rsa
debug1: Will attempt key: /c/Users/payam/.ssh/id_dsa
debug1: Will attempt key: /c/Users/payam/.ssh/id_ecdsa
debug1: Will attempt key: /c/Users/payam/.ssh/id_ecdsa_sk
debug1: Will attempt key: /c/Users/payam/.ssh/id_ed25519
debug1: Will attempt key: /c/Users/payam/.ssh/id_ed25519_sk
debug1: Will attempt key: /c/Users/payam/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/payam/.ssh/id_rsa
debug1: Trying private key: /c/Users/payam/.ssh/id_dsa
debug1: Trying private key: /c/Users/payam/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/payam/.ssh/id_ecdsa_sk
debug1: Trying private key: /c/Users/payam/.ssh/id_ed25519
debug1: Trying private key: /c/Users/payam/.ssh/id_ed25519_sk
debug1: Trying private key: /c/Users/payam/.ssh/id_xmss
debug1: Next authentication method: password
vagrant#192.168.33.30's password:
ssh vagrant#192.168.33.30 -i .vagrant/machines/automation_node/virtualbox/private_key -v
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
debug1: Reading configuration data /c/Users/payam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.33.30 [192.168.33.30] port 22.
debug1: Connection established.
load pubkey ".vagrant/machines/automation_node/virtualbox/private_key": invalid format
debug1: identity file .vagrant/machines/automation_node/virtualbox/private_key type -1
debug1: identity file .vagrant/machines/automation_node/virtualbox/private_key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 192.168.33.30:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3jRn/OmhK6LmNBtpZbgjM64I1+lougeAppjUcJDtQXA
debug1: Host '192.168.33.30' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/payam/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: .vagrant/machines/automation_node/virtualbox/private_key explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: .vagrant/machines/automation_node/virtualbox/private_key
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
vagrant#192.168.33.30's password:
This is using a new pair of private/public key that I generated myself. The public key is added to /home/vagrant/.ssh/authorized_keys. And here I am providing the private key to ssh ssh vagrant#192.168.33.30 -i ../ssh_keys/vagrant_automation_node -v
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
debug1: Reading configuration data /c/Users/payam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.33.30 [192.168.33.30] port 22.
debug1: Connection established.
debug1: identity file ../ssh_keys/vagrant_automation_node type 0
debug1: identity file ../ssh_keys/vagrant_automation_node-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 192.168.33.30:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3jRn/OmhK6LmNBtpZbgjM64I1+lougeAppjUcJDtQXA
debug1: Host '192.168.33.30' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/payam/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: ../ssh_keys/vagrant_automation_node RSA SHA256:jPKUlxB/TMj0TVOug3DVZZdwhC7eUz6/Zl3WGOCgQwY explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: ../ssh_keys/vagrant_automation_node RSA SHA256:jPKUlxB/TMj0TVOug3DVZZdwhC7eUz6/Zl3WGOCgQwY explicit
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
vagrant#192.168.33.30's password:
In all cases the authentication falls back to password.
In addition of adding -v, to check if ssh does take the right key, see if the following can help:
using ssh -i ../ssh_keys/vagrant new_user#192.168.33.30, to make sure the -i option is taken into account
make sure the public key was copied as one line in the vagrant remote machine ~new_user/.ssh/authorized_keys
make sure the private key is not passphrase protected (I generally make those with ssh-keygen -t rsa -b 2048 -C "email#example.com" -P "")
Since ssh vagrant#192.168.33.30 -i ../ssh_keys/vagrant_automation_node -v does not work, and if restarting the VM is not enough, activate the debug option on the sshd process
/usr/sbin/sshd -D -dd
# or
/usr/sbin/sshd -D -E /home/<user>/sshd.debug.log
# or
/usr/sbin/sshd -D -dd -f /home/<user>/sshd.debug.log
The goal is to check on the server side why your public key is rejected.
From the discussion, the OP Payam Mesgari confirms:
I found it...
Somehow there was an already existing network adapter on my PC which had the ip address 192.168.33.1 with subnet /24.
Meaning everytime I was trying to ssh into my vagrant machine which was given a static IP of 192.168.33.10, I was actually hitting the other network adapter.
That also explains why nothing was getting logged on the vagrant machine in the sshd...
Basically everytime I was doing anything with an IP address in the subnet 192.168.33.10/24 it was hitting my own adapter on windows, thus never even reached the VMs.
I changed the VMs IP addresses and now everything works
I tried to ssh to Google Cloud VM from My MacBook terminal, which worked just fine yesterday.
I have my public keys and private keys the way it should be from my understandings.
When I try to connect as bellow,
XXXXXXXX-MacBook-Pro:~ xxxxxxxx$ ssh -i .ssh/id_rsa xxxxxxxx#12.345.678.910 -v
The error debug goes as bellow. (User names, IP Address etc. are masked)
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to 12.345.678.910 [12.345.678.910] port 22.
debug1: Connection established.
debug1: identity file .ssh/id_rsa type 0
debug1: identity file .ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u7
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u7 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 12.345.678.910:22 as 'xxxxxxxx'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
debug1: Host '12.345.678.910' is known and matches the ECDSA host key.
debug1: Found key in /Users/xxxxxxxx/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: .ssh/id_rsa RSA SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-xxxxx,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-xxxxxx,ecdsa-sha2-xxxxxx>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/id_rsa RSA SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
xxxxxxxxxx#12.345.678.910: Permission denied (publickey).
The "Server host key" and the "Offering public key: .ssh/id_rsa RSA" was different. However I copy & pasted .ssh/id_rsa.pub from my local and the authorized_keys in Google Cloud VM had the same public key attached.
What causes this and how can I fix this?
I followed this document to setup my SSH authentication https://kgcoe-git.rit.edu/help/ssh/README#generating-a-new-ssh-key-pair
It has worked before but this time on a new setup I get Permission denied (publickey) error
Below is the debug output from the ssh command
ankushko#node-0:~/Code$ sudo ssh -vT git#pc3.instageni.utc.edu
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pc3.instageni.utc.edu [150.182.135.23] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to pc3.instageni.utc.edu:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:BUPmhA1nWbH8Zq0cg4uohS3L/Vo4uOZ8PLrdUYf3ano
debug1: Host 'pc3.instageni.utc.edu' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
Keys
ankushko#node-0:~$ sudo ls ~/.ssh/
authorized_keys id_rsa id_rsa.pub known_hosts
Update: Tried without sudo
ankushko#node-0:~$ ssh -vT git#pc3.instageni.utc.edu
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pc3.instageni.utc.edu [150.182.135.23] port 22.
debug1: Connection established.
debug1: identity file /users/ankushko/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /users/ankushko/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to pc3.instageni.utc.edu:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:BUPmhA1nWbH8Zq0cg4uohS3L/Vo4uOZ8PLrdUYf3ano
debug1: Host 'pc3.instageni.utc.edu' is known and matches the RSA host key.
debug1: Found key in /users/ankushko/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /users/ankushko/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /users/ankushko/.ssh/id_dsa
debug1: Trying private key: /users/ankushko/.ssh/id_ecdsa
debug1: Trying private key: /users/ankushko/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
Thanks in advance.
I solved git#gitlab.com: Permission denied (publickey) issue by following these steps:
RUN cat ~/.ssh/id_rsa.pub
Copy id_rsa.pub (public key) to your getlab `Setting -> SSH Keys
RUN cat ~/.ssh/id_rsa
Copy id_rsa (private key) to `Code_repo->git_auth->id_rsa (private keys local file)
NOTE: Take care of the machine user if you are using root user in your DockerFile or anywhere else then use sudo su before running the above commands to get root user public and private keys.
The command:
sudo ssh -vT git#pc3.instageni.utc.edu
is running as root and will use /root/.ssh/config and a private ssh key from that same directory, e.g. /root/.ssh/id_rsa. In the command:
sudo ls ~/.ssh/
the shell, probably bash, will expand ~ to your home directory before it even calls sudo (prove this with sudo echo ~), so it will display files from your home directory, probably /home/ankushko.
Can I ask why you are running these command with sudo? Would it work to just connect as a normal user? That would be more secure, but sometimes there is a need to run things as root.
Either way, you need to make sure the private ssh key that you are actually using matches the public ssh key on the server.
I am trying to SSH in to GCE instance with gcompute ssh. I seem to have done everything right so far but when I run
gcloud compute ssh --zone "us-central1-b" --project "projectname" "instancename" --ssh-flag="-v"
I get
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 104.XXX.XXX.XXX port 22.
debug1: Connection established.
debug1: identity file /Users/myusername/.ssh/google_compute_engine type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/myusername/.ssh/google_compute_engine-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to 104.XXX.XXX.XXX:22 as 'myusername'
debug1: using hostkeyalias: compute.1694426511137997XXXX
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64#openssh.com
compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa
SHA256:CYfI+cpP+T4kyOTSjoe80CUgt0GL3tXisLch/8axxx
debug1: using hostkeyalias: compute.1694426511137997XXXX
debug1: Host 'compute.1694426511137997XXXX' is known and matches the RSA host key.
debug1: Found key in /Users/myusername/.ssh/google_compute_known_hosts:1
debug1: rekey after 429496XXXX blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering public key: RSA
SHA256:rP2W5aPDGoUEqYu0XYUaTuqUZ7/FqRTTuc3HOWaXxxx /Users/myusername/.ssh/google_compute_engine
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
myusername#104.XXX.XXX.XXX: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
Here's what I have tried so far
Deleted my SSH keys from project metadata page
Compute instances are setup to inherit the SSH keys from project, so there was nothing to change in the SSH page of the instances
I authenticated with Gcloud again with ‘gcloud auth login’ using my account.
I then did the ‘gcloud init’ to again setup the configuration, default project and timezone
Verified that firewall on port 22 is open using ‘gcloud compute firewall-rules list’
Renewed my rsa public key using ‘ssh-keygen -t rsa -f ~/.ssh/google_compute_engine -C myusername’
Updated the gcloud metadata with new public key using ‘gcloud compute ssh svuppala#instancename’
Verified the same at https://console.cloud.google.com/compute/metadata/sshKeys?project=xxx
Reinstalled gcloud sdk and performed the above steps again
I never added any keys to the instance directly
I seem to have exhausted all the options here. Any help is highly appreciated!
Scenario :
There are multiple users who need SSH into a server. What I'm following is
Create user1 , user2 in the server (Ubuntu 14.04 Server) running in AWS EC2.
Add each user public key (id_rsa.pub) into server /home/$USER/.ssh/authorized_keys file
Problem is I only can SSH to ubuntu (Default user) with the private key of the user. But I can not SSH into user1 user.
Sample
[root#rubi-pc Downloads]# ssh -i ~/.ssh/id_rsa ruwan#DummyIP -v
OpenSSH_7.5p1, OpenSSL 1.1.0e 16 Feb 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to DummyIP [DummyIP] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to DummyIP:22 as 'ruwan'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:0kqNAt37ILO4cCP8ioiLN9j9x9badLOGL+etIvSYzfs
debug1: Host 'DummyIP' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Please do let me know if any details requeired .
You have got the filename wrong. It is not
/home/$USER/.ssh/authorize_key
but
/home/$USER/.ssh/authorized_keys
Problem Occurred because of .ssh/authorized_keys not chowned to $USER and groups.
also chmod -rw-rw-r-- ( 664 ) .