I'm trying to push my id_rsa.pub to server so I can ssh into it.
I've run the following command,
cat ~/.ssh/id_rsa.pub | ssh -v -p 12345 myname#123.45.67.8 'cat >> ~/.ssh/authorized_keys'
which returns the following debugging:
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 123.45.67.8 [123.45.67.8] port 12345.
debug1: Connection established.
debug1: identity file /Users/myname/.ssh/id_rsa type 1
debug1: identity file /Users/myname/.ssh/id_rsa-cert type -1
debug1: identity file /Users/myname/.ssh/id_dsa type -1
debug1: identity file /Users/myname/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA [some server host key]
debug1: Host '[123.45.67.8]:12345' is known and matches the RSA host key.
debug1: Found key in /Users/myname/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/myname/.ssh/github_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/myname/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/myname/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I can't figure out what the problem is..
can anybody please help me out?
Key based authentication will only work if the authorized_keys has
Correct permissions.
Try to do a chmod 600 ~/.ssh/authorized_keys
Your command will only work if you can ssh to the server by entering a password. It also requires the dir ~/.ssh to be created on the remote server and lastly (as Jan-Erik Revsbech points out) the permissions on the local and the remote ~/.ssh needs to disallow others reading it.
If you instead use ssh-copy-id remote-server to copy your keys, then both the dir and permissions on the remote system will be set correctly. It will still require you to enter the password the first time, though.
Make sure to also set the correct owner :)
I tried ssh-copy-id remote-server as suggested by Ole and got an error like this:
Cannot write to .ssh/authorized_keys. Permission denied
The directory ~/.ssh as well as the file authorized_keys were already present on the server and set up with the right permission... but for the wrong user! Here is, what solved it:
chown right-user:right-user .ssh
chown right-user:right-user .ssh/authorized_keys
I changed the owner of the file and the directory. Then ssh-copy-id worked.
Related
I am tring to remote access of my server terminal using SSH command. But I am facing error.
I have created my ".ppk" file and trying to do as:
ssh -i MYFILE.ppk USER_NAME#192.188.28.109 -v -p 21098
I have entered the correct password, username, IP address and port. I am able to connect with putty but not using terminal/CMD.
Please suggest.
I am getting this error:
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 198.187.29.149 [198.187.29.149] port 21098.
debug1: Connection established.
debug1: identity file MYFILE.ppk type -1
debug1: identity file MYFILE.ppk-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to 198.187.29.149:21098 as 'USER_NAME'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:LQPAAsZ1vHcK//jXTbyUFWmqQ3FEEpKgb8FV6jbjoZE
debug1: Host '[198.187.29.149]:21098' is known and matches the RSA host key.
debug1: Found key in /Users/utkarsh/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: Will attempt key: MYFILE.ppk explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: MYFILE.ppk
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0777 for 'MYFILE.ppk' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "MYFILE.ppk": bad permissions
debug1: Next authentication method: password
MYFILE#198.187.29.149's password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.```
The error you getting WARNING: UNPROTECTED PRIVATE KEY FILE! because private key file should be read-only file due to security reasons. Use the command chmod 400 MYFILE.ppk to assign 400 permission and then retry the same command it should work.
Moreover, the recommended approach to connect using ssh is to get .pem file (if you don't have .pem file convert your .ppk)
Please follow the below instructions to connect using ssh.
convert you .ppk file into .pem
change permission to read-only by using the command chmod 400 my_file.pem
connect the remote server using command ssh -i MYFILE.ppk USER_NAME#192.188.28.109 -v -p 21098
Hope your doubt is resolved.
Logging to EC2 for first time via SSH.
It's not able to open private key file. So I changed chmod to 700 but its still throwing same error. Please suggest how can I fix it.
Macs-MacBook-Pro:~ Macbook$ ssh -v -i ~/.ssh/aug1981.pem ubuntu#ec2-54-200-94-18.us-west-2.compute.amazonaws.com
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-54-200-94-18.us-west-2.compute.amazonaws.com [54.200.94.18] port 22.
debug1: Connection established.
debug1: identity file /Users/Macbook/.ssh/aug1981.pem type -1
debug1: identity file /Users/Macbook/.ssh/aug1981.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 8d:e2:20:42:95:c5:bc:14:42:10:a5:cf:40:d8:d9:fa
debug1: Host 'ec2-54-200-94-18.us-west-2.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/Macbook/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/Macbook/.ssh/aug1981.pem
debug1: could not open key file '/Users/Macbook/.ssh/aug1981.pem': Permission denied
debug1: No more authentication methods to try.
Permission denied (publickey).
Where is the file located the you downloaded from your EC2 instance?
Can you do an ls -la on the dir with the .pem so we can see who owns the .pem file?
Also did you setup any security measures on the EC2 instance like 192.168.0.0/24 can access port 22/tcp of this instance?
You have a permission denied error for trying to open the keyfile.
I would do a ls -la and see if your user actually owns the file and that it is set to permissions 0700.
If it is not owned by your user the you need to:
whoami # this will tell you your user's name
chown user aug1981.pem
I know there are alot of questions regarding AWS & SSH sessions, and I've attempted to make use of them, but all have failed.
I have an instance running, and the ssh string given by the EC2 Management Console is
ssh -i -v jason.pem ubuntu#ec2-54-227-167-156.compute-1.amazonaws.com
which produces the output
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-54-227-167-156.compute-1.amazonaws.com [54.227.167.156] port 22.
debug1: Connection established.
debug1: identity file jason.pem type -1
debug1: identity file jason.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian- 5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ea:b6:50:fe:49:49:90:76:03:91:21:6d:73:0e:04:d2
debug1: Host 'ec2-54-227-167-156.compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/jason/.ssh/known_hosts:27
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Trying private key: jason.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I've done the following:
Created new keypair, downloaded jason.pem and set to 0400 chmod permissions
Added ChallengeResponseAuthentication yes to /etc/ssh/ssh_config
What exactly is going on, and why is the jason.pem file not being accepted?
The public key on your instance doesn't align with your private keypair. If that instance's configuration is important and you want to keep it (I say this based upon the fact that you shutdown the instance rather than just creating a new one):
Create a new keypair
Create an AMI of the instance you want to access
Create a new instance from that AMI using the new keypair
Attempt to ssh into it again using the new downloaded keypair
400 permissions should be fine for the keypair.
I can't seem to use SSH to connect to AWS although I don't usually have any problems with github or heroku. The debug is below, I've tried #ubuntu and #ec2-user (it should be #ubuntu), I've also tried creating a config file in .ssh (on windows) and adding 'ChallengeResponseAuthentication yes' as that seemed to fix it on another thread, but no luck. I've modified the permissions of the.pem file to 400. I don't understand why it says it all sounds positive but then fails, if I could get a better idea of what the error is I might be able to find a solution. Any help very much appreciated!
$ ssh -v -i futurebot2.pem ubuntu#ec2-54-218-75-37.us-west-2.compute.amazonaws.com
OpenSSH_6.2p2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/Mark/.ssh/config
debug1: Connecting to ec2-54-218-75-37.us-west-2.compute.amazonaws.com [54.218.75.37] port 22.
debug1: Connection established.
debug1: identity file futurebot2.pem type -1
debug1: identity file futurebot2.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f2:cd:94:4d:a1:9a:b5:67:cb:f7:91:d7:ef:4d:a4:3d
debug1: Host 'ec2-54-218-75-37.us-west-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/Mark/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: futurebot2.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Two reasons why this might happen.
User does not exist, this might be due to connecting with the wrong user or an instance that is not your own (wrong ip address)
The user does not have your key in its authorized keys file. In AWS, the key you select at launch is added to your instance, but if you want to use other keys, you need to add them to your authorized_keys file manually.
I am trying to setup password-less login into my localhost for a distributed computing tutorial. (I've set it up successfully for multiple remote hosts.) I went through the normal steps of generating an rsa key and appending the public key to authorized_keys but I am still prompted for a password. I've also enabled RSAAuthentication and PubKeyAuthentication in /etc/ssh_config. Following other suggestions I've seen, I tried:
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
But the problem persists.
Here is the output from ssh -v localhost:
(tutorial)bnels21-2:tutorial bnels21$ ssh -v localhost
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/bnels21/.ssh/id_rsa type 1
debug1: identity file /Users/bnels21/.ssh/id_rsa-cert type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 1c:31:0e:56:93:45:dc:f0:77:6c:bd:90:27:3b:c6:43
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/bnels21/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/bnels21/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: id_rsa3
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/bnels21/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
Any suggestions? I'm running OSX 10.8.
Since you seem to have multiple keys I would assign the specific key to a specific connection in ~/.ssh/config.
Example:
Host local
HostName 127.0.0.1
Port 22
User your_username
IdentityFile ~/.ssh/your_key-id_rsa
Then just try to ssh local.
I had same problem. I checked the system passwd and group files, and discovered that my user and group was not present. To build this files (my user was a domain user) I need to run two commands at cygwin shell:
mkpasswd -l -d > /etc/passwd
mkgroup -l -d > /etc/group
After that, ssh works fine!
Elvys Borges
It looks like you are using protocol version 2.0 when connecting to localhost, so try moving authorized_keys to authorized_keys2.
Source: this post explains the difference between the two keys files.
I was at my wits end... I was under the mistaken impression ssh-copy-id was a Linux-only utility. Finally I just swallowed my pride and typed the command is the macOS Terminal and it worked!
ssh-copy-id me#sshd-server
I don't know what magic ssh-copy-id does, but it just worked. I was able to log in without a password successfully with the simple command:
ssh me#sshd-server
I had zero luck with cat id_rsa.pub >> ~/.ssh/authorized_hosts. Every time I tried ssh'ing to the server it just kept asking me for the passphrase. This is with the correct 600 permission on authorized_hosts and 700 on ~/.ssh.