SSH permission denied (publickey) - Laravel Forge - ssh

I have followed Jeffrey Way's instructions and I am continuously getting the same SSH error within Terminal.
I am wanting to connect through Sequel Pro and upon digging further into it, this is the most accurate log description:
debug1: Host 'IP ADDRESS' is known and matches the RSA host key.
debug1: Found key in /Users/ben/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/ben/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/ben/.ssh/id_rsa.pub
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I generate my SSH key this way:
ssh-keygen -t rsa -C "your_email#example.com"
Then copy it into Laravel Forge by:
cat ~/.ssh/id_rsa.pub | pbcopy
It saves without error. But then I try forge#ip_address and it returns the Permission denied error, always.
Any help would be hugely appreciated.

I had the same problem follwing the instructions.
Try:
pbcopy < ~/.ssh/id_rsa.pub

I solved this problem by recreating the server on Forge. pbcopy also failed to work.

If you added your key from the Forge "Account" > "SSH keys" page after creating your server, you'll need to also add your key here:
Servers > [your server name] > SSH keys > Add

Related

Error trying to connect to google cloud over SSH

I'm trying to connect to Google Cloud ssh, but I'm not getting it, I get a denied permission error in the public key. I followed some internet tutorials and none worked.
chmod 0700 in the .ssh folder and the files inside it 0600
None of the options below worked.
ssh-add
eval "$ (ssh-agent -s)"
ssh-add ~ / .ssh / id_rsa
authorized_keys
Error log:
debug1: Found key in /home/dev01/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs =
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/dev01/.ssh/id_rsa.pub
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
This guide shows you how to control access to Linux instances by creating SSH keys and editing public SSH key metadata. After you've generated the SSH key using the ssh-keygen tool, you would need to add the key to your instance based or project-wide metadata. This article will help.

adding ssh public key to server

I'm trying to push my id_rsa.pub to server so I can ssh into it.
I've run the following command,
cat ~/.ssh/id_rsa.pub | ssh -v -p 12345 myname#123.45.67.8 'cat >> ~/.ssh/authorized_keys'
which returns the following debugging:
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 123.45.67.8 [123.45.67.8] port 12345.
debug1: Connection established.
debug1: identity file /Users/myname/.ssh/id_rsa type 1
debug1: identity file /Users/myname/.ssh/id_rsa-cert type -1
debug1: identity file /Users/myname/.ssh/id_dsa type -1
debug1: identity file /Users/myname/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA [some server host key]
debug1: Host '[123.45.67.8]:12345' is known and matches the RSA host key.
debug1: Found key in /Users/myname/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/myname/.ssh/github_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/myname/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/myname/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I can't figure out what the problem is..
can anybody please help me out?
Key based authentication will only work if the authorized_keys has
Correct permissions.
Try to do a chmod 600 ~/.ssh/authorized_keys
Your command will only work if you can ssh to the server by entering a password. It also requires the dir ~/.ssh to be created on the remote server and lastly (as Jan-Erik Revsbech points out) the permissions on the local and the remote ~/.ssh needs to disallow others reading it.
If you instead use ssh-copy-id remote-server to copy your keys, then both the dir and permissions on the remote system will be set correctly. It will still require you to enter the password the first time, though.
Make sure to also set the correct owner :)
I tried ssh-copy-id remote-server as suggested by Ole and got an error like this:
Cannot write to .ssh/authorized_keys. Permission denied
The directory ~/.ssh as well as the file authorized_keys were already present on the server and set up with the right permission... but for the wrong user! Here is, what solved it:
chown right-user:right-user .ssh
chown right-user:right-user .ssh/authorized_keys
I changed the owner of the file and the directory. Then ssh-copy-id worked.

nohup causes "read_passphrase: can't open /dev/tty"

I have a simple remote ssh command in script, nohupssh.sh
sleep 30
ssh -v -l developer server11 "/usr/local/jdk1.7.0_45/bin/jmap -histo:live 1770;"
I run the script as follows:
nohup nohupssh.sh > out.log 2>&1 &
When I execute it as shown above, the jmap utility successfully executes on the remote server. However, if I execute it as shown above and exit the bash shell, I get the error shown below.
Note that I have a properly formatted authorized_keys in both local and remote servers. Also note that there is NO id_rsa in either server since these servers are shared.
I've tried many combinations:
ssh -v -A -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null server11 ....
but to no avail. I've closely examined the man page for ssh for clues, trying various options. I presume there must be a single or set of ssh options that will solve this problem. The real script (rather than the abridged above) has scp as well. Hence, I hope the options that are eluding me will work for both scp and ssh.
The full verbose log is
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /home/developer/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server11 [10.255.10.20] port 22.
debug1: fd 4 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /home/developer/.ssh/identity type -1
debug1: identity file /home/developer/.ssh/id_rsa type -1
debug1: identity file /home/developer/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Warning: Permanently added 'server11,10.255.10.20' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
****************************************************************************
WARNING: Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored.
****************************************************************************
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/developer/.ssh/identity
debug1: Trying private key: /home/developer/.ssh/id_rsa
debug1: Trying private key: /home/developer/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
I had this read_passphrase: can't open /dev/tty error when my private key was wrongly formatted - instead of many lines, it was passed as a one-liner, and you might have any other format issue like a forgotten "-" at the start or end, or something wrong at the end of the lines, like a missing newline format or an additional letter at the end of a line.
See Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty” for more details, in short:
The main error is caused by the
echo "$ssh_prv_key" > /root/.ssh/id_rsa
which passes a wrongly formatted ssh_prv_key, as just one line, although the private key needs many lines.
With the main idea from Add private key to ssh-agent in docker file, which again had the idea from Gitlab CI/Docker: ssh-add keeps asking for passphrase.
From the error log:
Authentications that can continue: publickey,password
Since you don't have a publickey set up ("there is NO id_rsa"), you need to enter a password to access the remote server, but you've disconnected stdin:
read_passphrase: can't open /dev/tty: No such device or address
SSH is not very amenable to hacks to automate password entry, so if you can't put an id_rsa on there, your best bet is to background and detach after entering the remote server's password. Try ^Z:
Run nohup nohupssh.sh > out.log 2>&1
Wait 30 seconds, then enter the remote server password
Hit control-Z
Run bg %1
You should now be able to exit the shell.

ssh password-less login to localhost

I am trying to setup password-less login into my localhost for a distributed computing tutorial. (I've set it up successfully for multiple remote hosts.) I went through the normal steps of generating an rsa key and appending the public key to authorized_keys but I am still prompted for a password. I've also enabled RSAAuthentication and PubKeyAuthentication in /etc/ssh_config. Following other suggestions I've seen, I tried:
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
But the problem persists.
Here is the output from ssh -v localhost:
(tutorial)bnels21-2:tutorial bnels21$ ssh -v localhost
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/bnels21/.ssh/id_rsa type 1
debug1: identity file /Users/bnels21/.ssh/id_rsa-cert type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 1c:31:0e:56:93:45:dc:f0:77:6c:bd:90:27:3b:c6:43
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/bnels21/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/bnels21/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: id_rsa3
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/bnels21/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
Any suggestions? I'm running OSX 10.8.
Since you seem to have multiple keys I would assign the specific key to a specific connection in ~/.ssh/config.
Example:
Host local
HostName 127.0.0.1
Port 22
User your_username
IdentityFile ~/.ssh/your_key-id_rsa
Then just try to ssh local.
I had same problem. I checked the system passwd and group files, and discovered that my user and group was not present. To build this files (my user was a domain user) I need to run two commands at cygwin shell:
mkpasswd -l -d > /etc/passwd
mkgroup -l -d > /etc/group
After that, ssh works fine!
Elvys Borges
It looks like you are using protocol version 2.0 when connecting to localhost, so try moving authorized_keys to authorized_keys2.
Source: this post explains the difference between the two keys files.
I was at my wits end... I was under the mistaken impression ssh-copy-id was a Linux-only utility. Finally I just swallowed my pride and typed the command is the macOS Terminal and it worked!
ssh-copy-id me#sshd-server
I don't know what magic ssh-copy-id does, but it just worked. I was able to log in without a password successfully with the simple command:
ssh me#sshd-server
I had zero luck with cat id_rsa.pub >> ~/.ssh/authorized_hosts. Every time I tried ssh'ing to the server it just kept asking me for the passphrase. This is with the correct 600 permission on authorized_hosts and 700 on ~/.ssh.

Permission denied (publickey) with bitami AMI & EC2

I created an EC2 instance using a bitami AMI. I created a ec2 key pair using ec2-add-keypair utility
when I tried ssh -i id_rsa-my-keypair bitami#<myinstance> -v
I got the following error
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: settwo_05012012.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: id_rsa-my-keypair
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
The interesting thing is that I tried create another instance using the same keypair with an ubuntu ami, I have no problem getting in. I already rule out port 22 issue. I really want to use this bitami. Help would be much appreciated.
Here are few lines in the ssh config
cat ssh_config|grep -v "#"
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
Try this: ssh -i id_rsa-my-keypair bitnami#myinstance -v
User should be bitnami not bitami.