ssh access by public key failed "Permission denied (publickey)" - ssh

I wanted to set up crontab to fetch resources from remote server to local server.
Steps used as below
In local server
1. ssh-keygen with no passphrase
2. copied the pubic key over to the server using SCP
In the remote server
cat id_rsa.pub >> ~/.ssh/authorized_keys
edited .ssh config file sudo nano /etc/ssh/sshd_config as below
RSAAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePam no
reload ssh by sudo /etc/init.d/ssh reload
sudo chmod 700 .ssh
cd .ssh
sudo chmod 600 authorized_keys
After all this configuration, neither I am able to access remote server by public key or normal login credential into remote server.
If I tried to login through PuTTy asked for my login after has been entered. Its says "Disconnected: No supported authentication methods availble (server send: publickey)"
If I tried to login through SSH from local server ssh sana#127.168.1.1 it says "Permission denied (publickey)"
Server Details:
Ubuntu 14.04
I set up public key with another user not with root user.
Thanks in advance for all the support.

try
chmod 444 ~/.ssh/authorized_keys
the file should be only accessible to read and it should be accessible to read by your user.
And make sure that authorized_keys file is in the sana user home directory

Related

Permission denied (publickey). when disabling PasswordAuthentication

I have 2 machines:
Windows machine with WSL installed, that serves as a client.
Ubuntu machine, with a test-user user, that serves as a server.
Both computer are on the same network.
On the Ubuntu computer, what I did:
I used ssh-keygen to generate two keys, I copied the id_rsa file to the WSL.
Make sure the ssh service is up, with systemctl status ssh.
On the WSL, what I did:
Copied the id_rsa file as key.
Changed the permission of the key file with chmod 600 key.
Connect to the server machine :
ssh -i key test-user#XXX.XXX.XXX.XXX
This works well, but it also ask me the password of the user.
hamuto#DESKTOP-HLSFHPR:~$ ssh -i key test-user#XXX.XXX.XXX.XXX
test-user#XXX.XXX.XXX.XXX's password:
The problem with this thing is, that with Github Actions, I can't enter the password.
So I changed the file /etc/ssh/sshd_config in the server:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no <-- I've changed that to no, and uncomment the line
#PermitEmptyPasswords no
When I retry to connect with ssh:
hamuto#DESKTOP-HLSFHPR:~$ ssh -i key test-user#XXX.XXX.XXX.XXX
test-user#XXX.XXX.XXX.XXX: Permission denied (publickey).
Why is that?
After days of research, I found the solution:
First thing first, I needed to understand that you only need one pair of key, generated on the Ubuntu server.
In the server, you have to copy the id_rsa.pub in the ~/.ssh/authorized_keys.
Set the permission correctly:
chown -R username:username /home/username/.ssh
chmod 700 /home/username/.ssh
chmod 600 /home/username/.ssh/authorized_keys
Change the value of PubkeyAuthentication in the file /etc/ssh/sshd_config to yes and uncomment it.
Copy the private id_rsa key, to the client. Set the permission to 600.
You can connect to the server:
ssh -i ~/.ssh/id_rsa test-user#XXX.XXX.XX.XX
Now it works.

Password-less SSH login on Raspbain Wheezy

On Ubuntu machines I just add this line in ~/.ssh/authorized_keys
ssh-rsa XXXsdfsdfqw3eqwesdsdfasdfasdfadfrsdfsdfsdf=
I did the same on Raspberry PI running Raspbian Wheezy. But when I try to do password-less login using my private key in Putty, I get the following error:
Using username "pi".
Server refused our key
pi#192.168.0.5's password:
How do I get it to work with my existing key?
There is fastest and effective way to copy your public key to a remote machine's is with ssh-copy-id
ssh-copy-id pi#192.168.0.5
If you edit authorized_keys by hand ensure that authorized_keys and .ssh folder has the correct permissions :
chown -Rv -- pi:pi ~/.ssh/
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
It was permission related issue.
Did
sudo chown pi:pi .ssh
and
sudo chown pi:pi .ssh/autherized_keys
See https://www.raspberrypi.org/forums/viewtopic.php?t=79932&p=568968

Enabling rsync with ssh keygen and no password

I would like to setup a rsync a folder inside /etc, I followed this link http://news.softpedia.com/news/How-to-Use-RSA-Key-for-SSH-Authentication-38599.shtml and created one user added in visudo and then with ssh keygen, transferred the public key to remote machine, but still its asking for password.
Any other way would be recommended.
Thanks.
The link that you gave us is right, but there is something that they miss. In the backup-server you must change the file /etc/ssh/sshd_config, uncomment this line
AuthorizedKeysFile .ssh/authorized_keys
and your no password access should be working. In resume:
Client (where you have yours original files)
In a terminal write:
$ ssh-keygen -t rsa
this create the id_rsa.pub file in /home/USER/.ssh/
Server (where you will backup yours files)
modify the ssh_config file:
#nano /etc/ssh/sshd_config
and uncomment the line
AuthorizedKeysFile %h/.ssh/authorized_keys
and now just copy the content of .ssh/id_rsa.pub(Client) at the end of .ssh/authorized_keys(Server) and the no-password will be working(to connect from Client to Server). Maybe you need to restart your ssh server with
/etc/init.d/ssh restart
To make your rsync just do (you don't gave us too much information, but I suppose this)
rsync -az --delete --progress /etc/ server:destinationFolder/
this will make a backup of /etc/ in the Client to destinationFolder/ in the Server, show you the progress of the backup, will delete the file that are not in the source and will send compress the files. The access permissions to the .ssh/ directory in the Server must be 700, i.e: chmod -R 700 .ssh/
Possible errors:
1."Agent admitted failure using the key"
Sol: After you disconnect from the server (logged with the password) you must type in your client terminal ssh-add

Connecting to a remote Centos server using SSH Keys

I am trying to connect to a Centos 6.3 Server using an SSH Key so I can run a script remotely without it asking for a password everytime. I have followed the following instructions:
Login to the server using the normal ssh command and password one time so the server adds your computer to the known hosts
In your computer using cygwin-terminal generate the keys and leave the passphrase blank:ssh-keygen -t rsa
Now set permissions on your private key and ssh folder:chmod 700 ~/.ssh & chmod 600 ~/.ssh/id_rsa
Copy the public key (id_rsa.pub) to the server, login to the server and add the public key to the authorized_keys list: cat id_rsa.pub >> ~/.ssh/authorized_keys
Once you've imported the public key, you can delete it from the server. Set file permissions on the server: chmod 700 ~/.ssh & chmod 600 ~/.ssh/authorized_keys
Retart the ssh daemon on the server: service sshd restart
Test the connection from your computer:ssh root#198.61.220.107
But when I try to ssh to the remote server it is still asking me for the password. The .ssh folder was not created on the server so I had to created myself. Any ideas of what might be happening? did I miss something? Is there another way to set up the keys?
Well it turns out I had stupidly changed the owner of the /root directory when I was setting up the server so since this is where the /.ssh directory was for the user I was trying to loggin with (root) it was denying access to that directory because it belonged to another user.
Dec 10 16:25:49 thyme sshd[9121]: Authentication refused: bad ownership or modes for directory /root
I changed the owner back to root and that did it.
chown root /root
Thanks guys for you help.
Apparently this is a known bug. The suggested solution doesn't actually work, but I found that this would on a CentOS 6.2 system at work:
chmod 600 .ssh/authorized_keys
chmod 700 .ssh
Althogh OP had found a solution, I would like to record my solution of similar problem in the hope that it will be helpful to those who google similar problem and reach this answer.
The reason of my issue is that the .ssh directory in the user's home folder on CentOS server was not set a proper mode after being created by useradd command.
In addition, I need to manually set .ssh folder mode by following commands:
chmod g-w /home/user
chmod 700 /home/user/.ssh
chmod 600 /home/user/.ssh/authorized_keys
Other answers are generic, note that Centos 6 uses selinux. selinux can deny access to the authorised_keys file despite correct permissions and ownership
From the known issues in Centos 6 Release Notes:
Make sure that you setup correctly the selinux context of the public key if you transfer it to a CentOS 6 server with selinux
enabled. Otherwise selinux might forbid access to the
~/.ssh/authorized_keys file and by matter of consequence key
authentication will not work. In order to setup the correct context
you can use:
restorecon -R -v /home/user/.ssh
ssh-copy-id from CentOS 6 is aware of selinux contexts and the previous workaround is not needed.

How do I setup passwordless ssh on AWS

How do I setup passwordless ssh between nodes on AWS cluster
Following steps to setup password less authentication are tested thoroughly for Centos and Ubuntu.
Assumptions:
You already have access to your EC2 machine. May be using the pem key or you have credentials for a unix user which has root permissions.
You have already setup RSA keys on you local machine. Private key and public key are available at "~/.ssh/id_rsa" and "~/.ssh/id_rsa.pub" respectively.
Steps:
Login to you EC2 machine as a root user.
Create a new user
useradd -m <yourname>
sudo su <yourname>
cd
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
Append contents of file ~/.ssh/id_rsa.pub on you local machine to ~/.ssh/authorized_keys on EC2 machine.
chmod -R 700 ~/.ssh
chmod 600 ~/.ssh/*
Make sure sshing is permitted by the machine. In file /etc/ssh/sshd_config, make sure that line containing "PasswordAuthentication yes" is uncommented. Restart sshd service if you make any change in this file:
service sshd restart # On Centos
service ssh restart # On Ubuntu
Your passwordless login should work now. Try following on your local machine:
ssh -A <yourname>#ec2-xx-xx-xxx-xxx.ap-southeast-1.compute.amazonaws.com
Making yourself a super user. Open /etc/sudoers. Make sure following two lines are uncommented:
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
Add yourself to wheel group.
usermod -aG wheel <yourname>
This may help someone
Copy the pem file on the machine then copy the content of pem file to the .ssh/id_rsa file you can use bellow command or your own
cat my.pem > ~/.ssh/id_rsa
try ssh localhost it should work and same with the other machines in the cluster
how I made Paswordless shh work between two instances is the following:
create ec2 instances – they should be in the same subnet and have the same security group
Open ports between them – make sure instances can communicate to each other. Use the default security group which has one rule relevant for this case:
Type: All Traffic
Source: Custom – id of the security group
Log in to the instance you want to connect from to the other instance
Run:
1 ssh-keygen -t rsa -N "" -f /home/ubuntu/.ssh/id_rsa
to generate a new rsa key.
Copy your private AWS key as ~/.ssh/my.key (or whatever name you want to use)
Make sure you change the permission to 600
1 chmod 600 .ssh/my.key
Copy the public key to the instance you wish to connect to passwordless
1 cat ~/.ssh/id_rsa.pub | ssh -i ~/.ssh/my.key ubuntu#10.0.0.X "cat >> ~/.ssh/authorized_keys"
If you test the passwordless ssh to the other machine, it should work.
1 ssh 10.0.0.X
you can use ssh keys like described here:
http://pkeck.myweb.uga.edu/ssh/