I try to connect to my bluemix running container but I get this error :
ssh -p 22 login#134.*.*.*
Connection to 134.*.*.* closed by remote host.
Connection to 134.*.*.* closed.
I hidden ip for security.
During docker container building, I add my ssh public key to /home/login/.ssh/authorized_keys. Then I start my container (with sshd running) and open 22 port.
In local (with docker on my server), I can connect to ssh with my private key to the container. But when I start container on Bluemix, I can't connect to ssh even after attribute public ip address and, of course, publish 22 tcp port.
To run my container that I push to ibm repo, I use ICE cli to run container with a entry point script which start all services (within sshd).
ice run --publish 8572 --publish 8787 --publish 22 --memory 2048 --name boardvisor registry.ng.bluemix.net/org/test:latest /run.sh
Then I go to bluexmix web dashboard to attribute public ip address
As I receive a response to sshd server, the container seems work and reachable but I don't understand why I can connect on my docker server but not on bluemix server.
I provide you the ssh verbose connection :
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 134.168.6.95 [134.168.6.95] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/idcware/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/idcware/.ssh/id_rsa type 1
debug1: identity file /home/idcware/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/idcware/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/idcware/.ssh/id_dsa type -1
debug1: identity file /home/idcware/.ssh/id_dsa-cert type -1
debug1: identity file /home/idcware/.ssh/id_ecdsa type -1
debug1: identity file /home/idcware/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/idcware/.ssh/id_ed25519 type -1
debug1: identity file /home/idcware/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "134.168.6.95" from file "/home/idcware/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/idcware/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-dss-cert-v01#openssh.com,ssh-rsa-cert-v00#openssh.com,ssh-dss-cert-v00#openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib#openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5-etm#openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug2: mac_setup: setup hmac-md5-etm#openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: curve25519-sha256#libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256#libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f8:88:10:d1:91:bd:42:ec:d1:04:e5:00:c6:ab:11:e9
debug3: load_hostkeys: loading entries for host "134.168.6.95" from file "/home/idcware/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/idcware/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug1: Host '134.168.6.95' is known and matches the ECDSA host key.
debug1: Found key in /home/idcware/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/idcware/.ssh/id_rsa (0x7fb6e3792fd0),
debug2: key: /home/idcware/.ssh/id_dsa ((nil)),
debug2: key: /home/idcware/.ssh/id_ecdsa ((nil)),
debug2: key: /home/idcware/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/idcware/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/idcware/.ssh/id_dsa
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA 33:a3:84:5c:55:b4:4e:2d:c9:83:19:51:37:c6:5e:27
debug2: we sent a publickey packet, wait for reply
debug1: Authentication succeeded (publickey).
Authenticated to 134.168.6.95 ([134.168.6.95]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t3 r-1 i0/0 o0/0 fd 4/5 cc -1)
Connection to 134.168.6.95 closed by remote host.
Connection to 134.168.6.95 closed.
Transferred: sent 3756, received 2112 bytes, in 0.0 seconds
Bytes per second: sent 278448.9, received 156571.9
debug1: Exit status -1
For container log, I only have this in consignation from bluemix web dashboard:
Dec 4 14:16:31 instance-0007a14f syslog-ng[11]: Log statistics; processed='src.internal(s_sys#1)=12', stamp='src.internal(s_sys#1)=1449234391', processed='destination(d_mlal)=0', processed='center(received)=12', processed='destination(d_spol)=0', processed='destination(d_mesg)=24', processed='destination(d_mail)=0', processed='destination(d_auth)=61', processed='destination(d_cron)=0', processed='destination(d_bv_info)=0', processed='center(queued)=85', processed='source(s_bv_syslog)=0', processed='src.none()=0', stamp='src.none()=0', processed='destination(d_bv_crit)=0', processed='global(payload_reallocs)=20', processed='global(sdata_updates)=0', processed='destination(d_bv_all)=0', processed='destination(d_bv_err)=0', processed='destination(d_boot)=0', processed='destination(d_kern)=0', processed='global(msg_clones)=0', processed='source(s_sys)=12', processed='destination(d_bv_process)=0'
One principle in using containers is that a container should not start more than one process, in your case ssh and whatever the container is running.
Also there is another way to access your container with exec
Scince Docker 1.3 you can access an runing container with:
docker exec COMMAND
in practice for bluemix:
cf ic exec -it CONTAINER /bin/bash
this starts the binary bash with an absolute path (/bin/bash part) and attaches the tty interactively + keeps connection open (-it part).
More infos: https://www.ng.bluemix.net/docs/containers/container_cli_reference_cfic.html#container_cli_reference_cfic__exec
Since the container works and it is reachable but you can't access it only on Bluemix, I suggest you to open a support request directly from your Bluemix console using the support/help widget or sending an email to support#bluemix.net: in this way you'll involve IBM Containers support team in checking and fix this issue. They will be able to perform in-depth investigation of your error.
Please provide org and space guids and some details on the image you used.
You can retrieve org and space guids using CF CLI (when you already logged in):
cf org <orgname> --guid
cf space <spacename> --guid
Related
I have built a brand-new AWS-hosted GitLab Omnibus server (14.7.3-ee) with its own domain name. I have been building this server from Terraform and Ansible for years and never had a problem. But it was based upon CentOS 8, and I’ve just updated it to use "CentOS Stream".
cat /etc/os-release
NAME="CentOS Stream"
VERSION="8"
Since then I cannot seem to get ssh working at all. And I'm pretty sure that the OS is a factor, because if I build the server with the same Ansible and Terraform, but specify Amazon Linux as the OS I don't have this problem.
I’ve created an ssh keypair, again using a script that I’ve had for years. Pasted the pub part into https://gitlab#mydomain.com/-/profile/keys and it has been saved OK. But when I try to use ssh I get the dreaded: “Permission denied (publickey,gssapi-keyex,gssapi-with-mic)”. But I’m completely stumped as to what the problem is.
I’ve tried loads of troubleshooting articles and got nowhere; and I can’t even find the ssh log on the GitLab server as /var/log/auth.log doesn’t exist.
So what I'm really after is any advice on how to troubleshoot this problem further?
ssh -vvvv output shown below.
$ ssh -i /home/peter/.ssh/root-mydomain.com_id_rsa -Tvvvv git#gitlab#mydomain.com
OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/peter/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "mydomain.com" port 22
debug2: ssh_connect_direct
debug1: Connecting to mydomain.com [3.9.50.219] port 22.
debug1: Connection established.
debug1: identity file /home/peter/.ssh/root-mydomain.com_id_rsa type 0
debug1: identity file /home/peter/.ssh/root-mydomain.com_id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to mydomain.com:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/peter/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/peter/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from mydomain.com
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.c
om,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,di
ffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nist
p256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,rsa-sha2-
512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256#openssh.com,ssh-ed25519,sk-ssh-ed25519#openssh.com,rsa-s
ha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#opens
sh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#opens
sh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,di
ffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes256-ctr,aes256-cbc,aes128-gcm#openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes256-ctr,aes256-cbc,aes128-gcm#openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha2-256,hmac-sha1,umac-128#open
ssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha2-256,hmac-sha1,umac-128#open
ssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ruhWAao5k3Y9OCJVphXBc1I8WkqRXeRu6p5LQmdbXCU
debug3: hostkeys_foreach: reading file "/home/peter/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/peter/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from mydomain.com
debug3: hostkeys_foreach: reading file "/home/peter/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/peter/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from 3.9.50.219
debug1: Host 'mydomain.com' is known and matches the ECDSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:3
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/peter/.ssh/root-mydomain.com_id_rsa RSA SHA256:foPG+FSppSKdlcygi8+FuqMsfPJO5VaVs7ZqvuBsaLI explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/peter/.ssh/root-mydomain.com_id_rsa RSA SHA256:foPG+FSppSKdlcygi8+FuqMsfPJO5VaVs7ZqvuBsaLI explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git#mydomain.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I am trying to establish connectivity between two computers. I followed the same step for generating key and publishing the public key on the remote system. It worked fine from same source computer to few remote computers and not for few remote computer. Even after publishing the public key on the authorized_keys, ssh connectivity asks for password.
I have verified that .ssh is having 700 permission and authorized_keys & known_hosts file is in 644 permission. The same permission is on the computers where the ssh works fine. Below is the verbose output. Kindly help me in debugging.
Note: The source and target computers are RH and the SSH into the target using putty works fine.
Thanks in advance.
[root#eqvlgittooldr01 ~]# ssh -vvv user2#10.10.114.30
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.10.114.30 [10.10.114.30] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.10.114.30" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:12
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-dss-cert-v01#openssh.com,ssh-rsa-cert-v00#openssh.com,ssh-dss-cert-v00#openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib#openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5-etm#openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug2: mac_setup: setup hmac-md5-etm#openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: curve25519-sha256#libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256#libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 11:75:82:51:68:fc:35:c0:01:fd:f8:78:8b:f0:07:32
debug3: load_hostkeys: loading entries for host "10.10.114.30" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:12
debug3: load_hostkeys: loaded 1 keys
debug1: Host '10.10.114.30' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:12
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x7fa45045b760),
debug2: key: /root/.ssh/id_dsa ((nil)),
debug2: key: /root/.ssh/id_ecdsa ((nil)),
debug2: key: /root/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
user2#10.10.114.30's password:
I'm trying to use Ansible to connect to an AWS EC2 instance from a Codeship build. This has been working perfectly in another AWS region (eu-west-1) but now I want to setup servers in us-east-1 and I'm getting the following error:
<ec2-52-11-9-45.compute-1.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<ec2-52-11-9-45.compute-1.amazonaws.com> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/rof/.ansible/cp/ansible-ssh-%h-%p-%r -tt ec2-52-11-9-45.compute-1.amazonaws.com '( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108 )" )'
fatal: [ec2-52-11-9-45.compute-1.amazonaws.com]: UNREACHABLE! => {"changed": false, "msg": "ERROR! SSH encountered an unknown error. The output was:\nOpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/rof/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket \"/home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user\" does not exist
debug2: ssh_connect: needpriv 0
debug1: Connecting to ec2-52-11-9-45.compute-1.amazonaws.com [52.1.39.45] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 10000 ms remain after connect
debug3: Incorrect RSA1 identifier
debug3: Could not load \"/home/rof/.ssh/id_rsa\" as a RSA1 public key
debug1: identity file /home/rof/.ssh/id_rsa type -1
debug1: identity file /home/rof/.ssh/id_rsa-cert type -1
debug1: identity file /home/rof/.ssh/id_dsa type -1
debug1: identity file /home/rof/.ssh/id_dsa-cert type -1
debug1: identity file /home/rof/.ssh/id_ecdsa type -1
debug1: identity file /home/rof/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/rof/.ssh/id_ed25519 type -1
debug1: identity file /home/rof/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host \"ec2-52-11-9-45.compute-1.amazonaws.com\" from file \"/dev/null\"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-dss-cert-v01#openssh.com,ssh-rsa-cert-v00#openssh.com,ssh-dss-cert-v00#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: zlib#openssh.com,zlib,none
debug2: kex_parse_kexinit: zlib#openssh.com,zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5-etm#openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com zlib#openssh.com
debug2: mac_setup: setup hmac-md5-etm#openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com zlib#openssh.com
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f6:db:c0:15:19:17:45:cc:db:6f:16:f4:6f:02:bf:79
debug3: load_hostkeys: loading entries for host \"ec2-52-11-9-45.compute-1.amazonaws.com\" from file \"/dev/null\"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host \"52.1.39.45\" from file \"/dev/null\"
debug3: load_hostkeys: loaded 0 keys
Warning: Permanently added 'ec2-52-11-9-45.compute-1.amazonaws.com,52.1.39.45' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/rof/.ssh/id_rsa (0x7fbfa369ea30),
debug2: key: /home/rof/.ssh/id_rsa ((nil)),
debug2: key: /home/rof/.ssh/id_dsa ((nil)),
debug2: key: /home/rof/.ssh/id_ecdsa ((nil)),
debug2: key: /home/rof/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rof/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 6a:73:a4:d1:c5:79:9d:6b:6f:3f:7d:cd:8e:60:97:84
debug3: sign_and_send_pubkey: RSA 6a:73:a4:d1:c5:79:9d:6b:6f:3f:7d:cd:8e:60:97:84
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to ec2-52-11-9-45.compute-1.amazonaws.com ([52.1.39.45]:22).
debug1: setting up multiplex master socket
debug3: muxserver_listen: temporary control path /home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user.WpJOoaH4MuX8djA0
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 0: new [/home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user]
debug3: muxserver_listen: mux listener channel 0 fd 4
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x08
debug1: control_persist_detach: backgrounding master process
debug2: control_persist_detach: background process is 8248
Control socket connect(/home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user): Connection refused
Failed to connect to new control master
", "unreachable": true}
I am able to connect with a simple ssh command like this ssh ec2-user#ec2-52-11-9-45.compute-1.amazonaws.com so I'm pretty sure the ssh keys are setup correctly. The only difference is the region and the AMI, but the AMI is Amazon Linux in both cases.
Can someone tell me the problem or point me in the right direction please.
Failed to connect to new control master
means you've problem using control connections (connecting to your control socket file). Check the permissions or remove the socket file and try again.
Normally these settings are in your ~/.ssh/config, so either disable it (ControlMaster no) or change the path (e.g. ControlPath /tmp or check this post).
Since you're using Ansible, you can disable control connections in your ansible.cfg (e.g. /etc/ansible/ansible.cfg):
ssh_args = -o ControlMaster=no
as per this post. Or try disabling accelerate if enabled (as per this post):
accelerate: false
And try again.
I have set up a machine with Vagrant, and created a basic Ansible playbook for it.
Everything works as expected when I run
vm-abla> vagrant provision
But I cannot send an ad-hoc command to the machine with Ansible, why is that?
I have highlighted the line which I think might indicate the cause.
vm-abla> ansible jon -i provisioning/hosts -a "echo 'TEST'" -vvvv
<192.168.33.2> ESTABLISH CONNECTION FOR USER: user
<192.168.33.2> REMOTE_MODULE command echo 'TEST'
<192.168.33.2> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/user/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', '192.168.33.2', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1394126994.26-73015876561126 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1394126994.26-73015876561126 && echo $HOME/.ansible/tmp/ansible-tmp-1394126994.26-73015876561126'"]
192.168.33.2 | FAILED => SSH encountered an unknown error. The output was:
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
### debug1: Control socket "/home/user/.ansible/cp/ansible-ssh-192.168.33.2-22-user" does not exist
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.33.2 [192.168.33.2] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 10000 ms remain after connect
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_ecdsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_ecdsa type 3
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.33.2" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/user/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01#openssh.com,ssh-dss-cert-v01#openssh.com,ssh-rsa-cert-v00#openssh.com,ssh-dss-cert-v00#openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: zlib#openssh.com,zlib,none
debug2: kex_parse_kexinit: zlib#openssh.com,zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 zlib#openssh.com
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 zlib#openssh.com
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 32:53:5d:95:d9:2b:c0:92:ab:1d:a4:87:95:a6:5a:e2
debug3: load_hostkeys: loading entries for host "192.168.33.2" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/user/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.33.2' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:10
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/id_rsa (0x7fa1272d15d0)
debug2: key: /home/user/.ssh/id_dsa (0x7fa1272d1610)
debug2: key: /home/user/.ssh/id_ecdsa (0x7fa1272cd270)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: /home/user/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering ECDSA public key: /home/user/.ssh/id_ecdsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password).
After reading the Troubleshooting section of this page, I have also tried to use Vagrant's SSH key by adding this at the end of the command, with a very similar result:
-c ssh --private-key=~/.vagrant.d/insecure_private_key
Any idea of what is going wrong?
Thank you
EDIT: Ah! I managed to login to the machine using SSH, but I had to declare that I was user "vagrant" on the virtual machine, like this:
ssh vagrant#192.168.33.2
So, now that this works, how could I do the same with ansible? (or would this not be a good solution?)
As #mascip already self-answered, you need to tell ansible: inventory_file, ssh_user and ssh_private_key. (I don't think the -c ssh setting is needed.)
The "elegant way" is to put all those settings into a project-specific ansible.cfg file. Then you can just run ansible jon -a "echo 'TEST'".
One "gotcha" is that ansible.cfg must be in the same directory as where you're running the ansible command. I like to put ansible.cfg under my ansible directory, so that means I need to cd there first. If you want to run ansible from your project root, then put ansible.cfg there instead (and adjust the relative paths in the sample config file below).
ansible.cfg:
[defaults]
remote_user = vagrant
private_key_file = ~/.vagrant.d/insecure_private_key
# aka inventory file
hostfile = ../.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory
I managed:
vm-abla> ansible jon -i provisioning/hosts -a "echo 'TEST'" -vvvv -c ssh --user=vagrant --private-key=~/.vagrant.d/insecure_private_key
But if someone has a more elegant or secure solution, I'm interested.
I've been accessing my EC2 instance via SSH on Win7. I'm not trying to ssh it on another pc on Ubuntu 12.04, getting a "Permission denied (publickey)." error. I've been searching for this problem, and tried the following:
Deleted the existing key and created/downloaded a new one on EC2 dashboard.
Placed the new key in my ~/.ssh folder.
Changed the access permissions of the key with this command (Also tried 400):
chmod 600 ~/.ssh/leno.pem
Changed the access permissions of the .ssh folder with this command (Also tried 700):
chmod 755 ~/.ssh
Tried doing this as well:
add-ssh ~/.ssh/leno.pem
No luck. When I try run the following:
ssh -vvv -i ~/.ssh/leno.pem ubuntu#ec2-50-19-199-128.compute-1.amazonaws.com
I get this message:
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ec2-50-19-199-128.compute-1.amazonaws.com [50.19.199.128] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/murat/.ssh/leno.pem" as a RSA1 public key
debug1: identity file /home/murat/.ssh/leno.pem type -1
debug1: identity file /home/murat/.ssh/leno.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu6
debug1: match: OpenSSH_5.5p1 Debian-4ubuntu6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "ec2-50-19-199-128.compute-1.amazonaws.com" from file "/home/murat/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/murat/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01#openssh.com,ssh-rsa-cert-v00#openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01#openssh.com,ssh-rsa-cert-v00#openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ssh-dss-cert-v01#openssh.com,ssh-dss-cert-v00#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib#openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64#openssh.com,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit: none,zlib#openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 142/256
debug2: bits set: 534/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA c4:de:26:09:64:6f:7c:48:6b:2b:ef:8c:c5:b7:cc:1f
debug3: load_hostkeys: loading entries for host "ec2-50-19-199-128.compute-1.amazonaws.com" from file "/home/murat/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/murat/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "50.19.199.128" from file "/home/murat/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/murat/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'ec2-50-19-199-128.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /home/murat/.ssh/known_hosts:1
debug2: bits set: 514/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: leno.pem (0x7feb7db9aa10)
debug2: key: /home/murat/.ssh/leno.pem ((nil))
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: leno.pem
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/murat/.ssh/leno.pem
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA ab:3a:89:be:34:43:5a:40:5f:8a:0c:ba:5d:33:bd:cb
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
How can I access my EC2 insance via ssh? What am I doing wrong?
When you do this:
Deleted the existing key and created/downloaded a new one on EC2
dashboard.
You do not change the key on existing instances. All you do is create a new key that could be assigned to newly launched instances.
You are connecting to the instance and it is responding. When you get this error it means that either the user you are connecting to does not exist, or your public key is not installed in that users authorized_keys file.
I resolved this problem by following below steps:
1- Grant permission to you ssh-key.pem with this command:
chmod 400 ssh-key.pem
2- Use command ssh-keygen to get publicKey and copy it:
ssh-keygen -y -f ssh-key.pem
3- Open your AWS console and select your instance and click on connect button.
4- Click on EC2 Instance connect and click on button connect to open remote terminal.
5- After that execute command:
vi ~/.ssh/authorized_keys
6- Change server key by your local generated key on step2.
7- Save your file.
8- open your local terminal.
9- Use this command to connect:
ssh -i ssh-key.pem ubuntu#yourIpAdress
I got this error:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
The resolution was adding the ec2-user (default user) before the public dns.