.ssh keys not matching. - authentication

I'm having trouble with the following:
I can't ssh passwordlessly between servers, even as root.
All .ssh folders and files are set to 700.
The key's seem to match, but it bombs out on me, and I've no idea why.
[root#server1 .ssh]# ssh -v -x root#server2 date
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to server1 [10.79.81.217] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server2' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:68
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive,hostbased
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Server not found in Kerberos database
debug1: Unspecified GSS failure. Minor code may provide more information
Server not found in Kerberos database
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive,hostbased
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Offering public key: /root/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive,hostbased
debug1: Next authentication method: keyboard-interactive
Any ideas?
Ben

Changed permissions on home directory, not on the .ssh, or the files under, but the homedir itself.
B

Related

ssh key permission denied after severral attempt

I accessed several time to a server. And I could connect perfectly. this evening I want to connect again it gives me an error.
-> % ssh ubuntu#pkp-alm.lib.sfu.ca -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pkp-alm.lib.sfu.ca [52.4.177.245] port 22.
debug1: Connection established.
debug1: identity file /home/guinsly/.ssh/id_rsa type 1
debug1: identity file /home/guinsly/.ssh/id_rsa-cert type -1
debug1: identity file /home/guinsly/.ssh/id_dsa type -1
debug1: identity file /home/guinsly/.ssh/id_dsa-cert type -1
debug1: identity file /home/guinsly/.ssh/id_ecdsa type -1
debug1: identity file /home/guinsly/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/guinsly/.ssh/id_ed25519 type -1
debug1: identity file /home/guinsly/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA c6:7c:32:1c:70:96:6e:ea:c0:84:96:79:3a:6c:06:bb
debug1: Host 'pkp-alm.lib.sfu.ca' is known and matches the ECDSA host key.
debug1: Found key in /home/guinsly/.ssh/known_hosts:21
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/guinsly/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinslym#gmail.com
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinsly#guinsly-ThinkPad-L430
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinslym#gmail.com
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/guinsly/.ssh/id_dsa
debug1: Trying private key: /home/guinsly/.ssh/id_ecdsa
debug1: Trying private key: /home/guinsly/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
My public key is named lagotto_rsa.pub and that's the one it's supposed to use by default but now it's seems like it can't find the public key.
ssh -i ~/.ssh/lagotto_rsa.pub ubuntu#pkp-alm.lib.sfu.ca -v
gives me also Permission denied (publickey).
-> % ssh -i ~/.ssh/lagotto_rsa.pub ubuntu#pkp-alm.lib.sfu.ca -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pkp-alm.lib.sfu.ca [52.4.177.245] port 22.
debug1: Connection established.
debug1: identity file /home/guinsly/.ssh/lagotto_rsa.pub type 1
debug1: identity file /home/guinsly/.ssh/lagotto_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA c6:7c:32:1c:70:96:6e:ea:c0:84:96:79:3a:6c:06:bb
debug1: Host 'pkp-alm.lib.sfu.ca' is known and matches the ECDSA host key.
debug1: Found key in /home/guinsly/.ssh/known_hosts:21
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/guinsly/.ssh/lagotto_rsa.pub
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinslym#gmail.com
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinsly#guinsly-ThinkPad-L430
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinsly#guinsly-ThinkPad-L430
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I also tried it with the private key. I would like to know what have changed on my local machine that I can't access the remote anymore
It's not your remote but your server at fault. This errors happens only when you have changed permissions on your backend. It's a real nasty error and I could only solve it because my site was hosted on digital ocean and they give you console access. So it was only possible because of that. There is nothing you can do from client side. I had asked a question about this on ask ubuntu check that link if you can. Otherwise let me know
If you can connect to your server any other way, check the permissions of the ~/.ssh/ folder and ~/ssh/authorized_keys file. They should be set to 700 and 600, respectively.
You can also check /var/log/auth.log file to see what happens when you try to login. If your system has systemd, you can get more info with sudo journalctl -u sshd, or just sudo journalctl.

Unspecified GSS failure, No Kerberos credentials available

I tried to ssh to a server and get this error:
"Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available"
I am not exactly sure what it means. (Still try to Google it)
; ssh -vT -p 1234 root#mysite.com
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to mysite.com [1.2.3.4] port 1234.
debug1: Connection established.
debug1: identity file /home/kenpeter/.ssh/id_rsa type 1
debug1: identity file /home/kenpeter/.ssh/id_rsa-cert type -1
debug1: identity file /home/kenpeter/.ssh/id_dsa type -1
debug1: identity file /home/kenpeter/.ssh/id_dsa-cert type -1
debug1: identity file /home/kenpeter/.ssh/id_ecdsa type -1
debug1: identity file /home/kenpeter/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/kenpeter/.ssh/id_ed25519 type -1
debug1: identity file /home/kenpeter/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-8
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA xxxxx....xxxxxx....
debug1: Host '[mysite.com]:1234' is known and matches the RSA host key.
debug1: Found key in /home/kenpeter/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/kenpeter/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/kenpeter/.ssh/id_dsa
debug1: Trying private key: /home/kenpeter/.ssh/id_ecdsa
debug1: Trying private key: /home/kenpeter/.ssh/id_ed25519
debug1: Next authentication method: password
root#mysite.com's password:
When I type my password, I get "permission denied".
The remote server did allow root remote access, but the password was changed and it is different from the documentation I have.

Permission denied (publickey,keyboard-interactive) in planetlab

I uploaded my public key and tried to ssh to one of my site nodes. But each time I am getting permission denied. Log information is attached.
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to planetlab2.utdallas.edu [129.110.125.52] port 22.
debug1: Connection established.
debug1: identity file /home/nazim/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/nazim/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT recenter code hereeived
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 25:a2:cc:c4:e7:e6:ea:ba:96:6d:a9:06:c9:58:41:c7
debug1: Host 'planetlab2.utdallas.edu' is known and matches the RSA host key.
debug1: Found key in /home/nazim/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/nazim/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
Please help me if you know what is going wrong.
Thanks,
Nazim
Try checking permissions on the destination machine. This is the biggest source of confusion. The requirements depend on /etc/ssh/sshd_conf, but by try:
/home/nazim must *not* be world executable (this actually bit me once!).
/home/nazim/.ssh must be chmod 700.

SSH to EC2 but get Permission denied (publickey)

I generated the key-pair by EC2-Console, and then store it in ~/.ssh/iForests_ABetADay.pem.
After that, chmod 400 iForests_ABetADay.pem, and ssh -i iForests_ABetADay.pem ubuntu#46.51.244.48 -v.
I did login yesterday, but now the error message I got is:
(Google a lot, but still can not find out a way to solve it...)
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 46.51.244.48 [46.51.244.48] port 22.
debug1: Connection established.
debug1: identity file iForests_ABetADay.pem type -1
debug1: identity file iForests_ABetADay.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '46.51.244.48' is known and matches the RSA host key.
debug1: Found key in /Users/iforests/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: iForests_ABetADay.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
The output clearly shows that it's trying wrong key. I suggest that you check
~/.ssh/config
/etc/ssh/ssh_config
/etc/ssh_config
to see if something forces your client to use iForests_ABetADay.pem. According to log it must be /etc/ssh_config.

github won't permit me to use my ssh key

I am trying to config my github account. However, I keep getting this error and for the life me cannot figure why. I have added my ssh key to github and I am sure that the ssh key is in the directory ~/.ssh/id_rsa. I don't know what else to do..
skline-mac:first_app skline$ sudo ssh -v git#github.com
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /var/root/.ssh/identity type -1
debug1: identity file /var/root/.ssh/id_rsa type 1
debug1: identity file /var/root/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5github2
debug1: match: OpenSSH_5.1p1 Debian-5github2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /var/root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /var/root/.ssh/identity
debug1: Offering public key: /var/root/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering public key: /var/root/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
skline-mac:first_app skline$
drop the sudo from your command. It's trying to load root's keys, not yours.