Matching key found, but still require password [preauth] - ssh

I use SSH to connect to a machine. There is no password access, only an existing SSH key which works.
I need to create a new key (production.key, production.key.pub) which I did like this, without choosing a passphrase:
cd /home
sudo ssh-keygen -t rsa
I then copied the public key to the machine like this:
cat /home/production.key.pub | ssh -i /home/old_key user#<IP> "cat >> /root/.ssh/authorized_keys"
I then tried to log in like this:
ssh -i /home/production.key user#<IP>
But I still get a password prompt. So I tried again with sshd in debug mode, and got this output:
debug1: matching key found: file /root/.ssh/authorized_keys, line 2 RSA XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
debug1: restore_uid: 0/0
Postponed publickey for root from XX.XX.XX.XX port 60407 ssh2 [preauth]
debug1: userauth-request for user root service ssh-connection method password [preauth]
What am I doing wrong? Why do I still get a password prompt when it says 'matching key found'? How do I fix this?

I had the same message from sshd and figured out the private key file was actually missing on the client side. Only the public key was there.

I fixed this by changing the permissions on the private key from 600 to 644:
sudo chmod 644 /home/production.key

Related

Google Cloud Source Repositories: Permission denied (publickey)

I have a source repository setup in a project. I have my main admin user and I created a second user (did try a service account at first) and gave that user "Project Owner" access on the project with the source repo.
I created an SSH key on my local machine by running: ssh-keygen -t rsa -P "" -C "user#domain.com" -f "mysshfile"
I created a config file in my .ssh folder:
Host source.developers.google.com
HostName source.developers.google.com
Port 2022
IdentityFile /Users/XXXXX/.ssh/mysshfile
I copied the contents of my mysshfile.pub and registered it with Cloud repo SSH keys.
When git clone as the my second user it fails with the error message of: Permission denied (publickey). When I git clone as my main admin user, it works.
So I ran the ssh command with verbose to check: ssh -p 2022 -l admin#domain.com -v source.developers.google.com, I get:
........
debug1: Offering public key: /Users/xxxxxx/.ssh/mysshfile RSA SHA256:U+XREDACTED explicit
debug1: Server accepts key: /Users/xxxxxx/.ssh/mysshfile RSA SHA256:U+XREDACTED explicit
debug1: Authentication succeeded (publickey).
Authenticated to source.developers.google.com ([74.125.197.82]:2022).
When I run the same command as my test user: ssh -p 2022 -l test#domain.com -v source.developers.google.com, I get:
debug1: Offering public key: /Users/xxxxxxx/.ssh/mysshfile RSA SHA256:U+XJREDACTED explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
test#domain#source.developers.google.com: Permission denied (publickey).
I can't figure out why the git clone using ssh works for one user (the one I don't even want) and not another?
You need to add the following line into your config file:
PubkeyAcceptedKeyTypes +ssh-rsa
So it should now be:
Host source.developers.google.com
HostName source.developers.google.com
Port 2022
IdentityFile /Users/XXXXX/.ssh/mysshfile
PubkeyAcceptedKeyTypes +ssh-rsa
On the verbose mode you will see the following lines:
debug1: send_pubkey_test: no mutual signature algorithm
It means that ssh-rsa algorithm was disabled. Which can be re-enabled as explained here.

When I try to use ssh in DDEV web container after `ddev auth ssh`, the ssh keys don't seem to work, "too many authentication failures"

I've used ddev auth ssh to add my ssh identities to my DDEV-Local projects.
But when I use ssh to connect to an external host, ssh example.com I get "Too many authentication failures"
Received disconnect from 174.127.116.22 port 22:2: Too many authentication failures
Disconnected from 174.127.116.22 port 22
When I use ssh -v example.com I see it trying six different keys before giving up with the "Too many authentication failures":
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: rfay#rfay-mbp-2017.local RSA SHA256:LrokWMbl1bD0vV0z7Qpn4HLd168NYSIAbqsek6aXIaE agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: rfay#rfay-mbp-2017.local RSA SHA256:ecpRhfcaRWS8EfmYyLuJ81ayhyPWAZd9MG3mKOUKMqA agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: rfay#rfay-mbp-2017.local RSA SHA256:07LrVlDSWu4r+4Eb6WP8FpWYYcREw7IcGm4rtp5v+Ws agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: rfay#rfay-mbp-2017.local RSA SHA256:6L9cIsLlu858CPgb5zZ3v3+5p808uNencyAxJ0S9wOM agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: rfay#rfay-mbp-2017.local RSA SHA256:HwksLkZqEXAK6Zo21+y/C508Mjx2I7EvUQWFScKHsAQ agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: rfay#rfay-mbp-2017.local RSA SHA256:dsGaELF0OPNyQfIYZoEyI+dP3AQqh5r+15iUwfalNtc agent
Received disconnect from 174.127.116.75 port 22:2: Too many authentication failures
Disconnected from 174.127.116.75 port 22
How can I solve this problem? Note that I have 10 different private keys in my ~/.ssh directory.
It seems ssh wasn't designed for use with loads and loads of private keys, but some people end up with lots of them anyway. (Note that you can use a single private key for many, many purposes; all you share with the world or an external service is the public key, which does not give away any information about the private key.)
Since ddev auth ssh is setting up an ssh agent for you, and there doesn't seem to be a way to make ssh choose a specific identity from among the identities provided by the agent, you'll need to use one of two workarounds.
Workaround #1: Use just a few keys
You could, of course, winnow down the number of keys in your ~/.ssh directory to 6 or fewer (6 is the default in sshd on the server side for MaxAuthTries). But let's assume you don't want to do that.
Create a directory, maybe ~/ddev-ssh-keys. In that directory, either copy or symlink the 6 keys you use most often. So cd ~/ddev-ssh-keys && for item in goodkey1 goodkey2 ... googdkey6; do ln -s ~/.ssh/$item; done (or any way you want to accomplish the linking or copying).
Now ddev auth ssh -d ~/ddev-ssh-keys and the ddev-ssh-agent will only have those 6 keys. If they're the right keys to solve most of your problems, you should be good with this approach.
Workaround #2: Copy keys into the container using .ddev/homeadditions
This workaround will let you actually copy the key(s) you want into the web container. This isn't probably as secure as the first approach (because you should never really copy your private keys anywhere), but it works.
If you really want the keys in the container (as opposed to using the agent), then mkdir -p .ddev/homeadditions/.ssh && cp ~/.ssh/<yourimportantkey(s)> .ddev/homeadditions/.ssh && chmod 700 .ddev/homeadditions/.ssh && chmod 600 .ddev/homeadditions/.ssh/*. You can then use the .ddev/homeadditions/.ssh/config file any way you want, including specifying keys.
This answer is adapted from https://github.com/drud/ddev/pull/2224
This is an extension of rfay's Workaround #2, to make it more secure. You can use the public part of a key pair to specify which private key you want to use from the ssh agent. So, instead of copying your private keys into the .ddev/homeadditions/.ssh folder, just copy the pub keys. For example, mkdir -p .ddev/homeadditions/.ssh && cp ~/.ssh/*.pub .ddev/homeadditions/.ssh && chmod 700 .ddev/homeadditions/.ssh && chmod 600 .ddev/homeadditions/.ssh/*.
Technically, you don't even need to 'chmod 600' the key files since they're the pub keys, but it does add some security.
You can then specify the key to use on the command line:
ssh -i ~/.ssh/id_rsa.pub example#example.com
ssh -o IdentityFile=~/.ssh/id_rsa.pub example#example.com
Or you can specify the IdentityFile in your .ssh/config file.

"Failed to connect to the host via ssh: Permission denied (publickey).", [duplicate]

I generate a ssh key pair on my mac and add the public key to my ubuntu server(in fact, it is a virtual machine on my mac),but when I try to login the ubuntu server,it says:
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for '/Users/tudouya/.ssh/vm/vm_id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Permission denied (publickey,password).
I have tried many ways to solve this, change the key file mode, change the folder mode,as some answer on stackoverflow,but it doesn't work.
the key file permission:
vm dir:
drwxr-xr-x 4 tudouya staff 136 4 29 10:37 vm
key file:
-rw------- 1 tudouya staff 1679 4 29 10:30 vm_id_rsa
-rw-r--r-- 1 tudouya staff 391 4 29 10:30 vm_id_rsa.pub
please give me some idea...
=========================================
I write the host infomation to ssh_config:
Host ubuntuvm
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa.pub
I run command "ssh -v ubuntuvm",it displays:
ssh -v ubuntuvm
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 103: Applying options for *
debug1: /etc/ssh_config line 175: Applying options for ubuntuvm
debug1: Connecting to 10.211.55.17 [10.211.55.17] port 22.
debug1: Connection established.
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub type 1
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-8 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 55:6d:4f:0f:23:51:ac:8e:70:01:ec:0e:62:9e:1c:10
debug1: Host '10.211.55.17' is known and matches the RSA host key.
debug1: Found key in /Users/tudouya/.ssh/known_hosts:54
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
debug1: Server accepts key: pkalg ssh-rsa blen 279
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for '/Users/tudouya/.ssh/vm/vm_id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
debug1: No more authentication methods to try.
Permission denied (publickey,password).
I suggest you to do:
chmod 400 ~/.ssh/id_rsa
It works fine for me.
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub type 1
It appears that you're trying to use the wrong key file. The file with the ".pub" extension contains the public portion of the key. The corresponding file without the ".pub" extension contains the private part of the key. When you run an ssh client to connect to a remote server, you have to provide the private key file to the ssh client.
You probably have a line in the your .ssh/config file (or /etc/ssh_config) which looks like this:
IdentityFile .../.ssh/vm/vm_id_rsa.pub
You need to remove the ".pub" extension from the filename:
IdentityFile .../.ssh/vm/vm_id_rsa
Key should be readable by the logged in user.
Try this:
chmod 400 ~/.ssh/Key file
chmod 400 ~/.ssh/vm_id_rsa.pub
chmod 400 path/to/filename
This work for me. When I did this file I am able to connect to my EC2 instance
change your KEY permission to
chmod 400 your_key.pem
It should work !
After running below command it works for me
sudo chmod 600 /path/to/my/key.pem
In my case, it was a .pem file. Turns out holds good for that too. Changed permissions of the file and it worked.
chmod 400 ~/.ssh/dev-shared.pem
Thanks for all of those who helped above.
SSH keys are meant to be private so a 644 permission is too open.
Binary references to set Permissions
r(read) = 4
w(write) = 2
x(execute) = 1
So by adding these numbers and by passing the summed digit to chmod command,We set the permission of file/directory.
The first digit sets permission for the owner, second digit for group and the third one for all other users on the system who have no right to the file.
A permission of 644 means
(4+2) = read/write permission for the owner
(4) = read permission for the group
(4) = read permission for all other users
By changing the the permission of the file to 400 using
chmod 400 <filename>
solves the issue. As it makes the key read-only accessible to the owner.
Ref: https://www.linux.com/training-tutorials/understanding-linux-file-permissions/
Lot's of similar answers but no explanations...
The error is thrown because the private key file permissions are too open. It is a security risk.
Change the permissions on the private key file to be minimal (read only by owner)
Change owner chown <unix-name> <private-key-file>
Set minimal permissions (read only to file owner) chmod 400 <private-key-file>
If the keys are in the ~/.ssh directory , use
chmod 400 ~/.ssh/id_rsa
If the keys are in different directory, use
chmod 400 directory_path/id_rsa
This worked for me.
chmod 600 id_rsa
Run above command from path where key is stored in vm ex: cd /home/opc/.ssh
I have similar issue and solved it by changing the permission of the respective files and folder worked for me.
This is the solution which is worked for me:
$ chmod 0600 ~/.ssh/id_rsa.pub
$ chmod 0600 ~/.ssh/authorized_keys
$ chmod 0600 ~/.ssh/id_rsa
$ chmod 0700 ~/.ssh
You have to run the command bellow
chmod 400 /path/to/my/key.pem
As for me, the default mode of id_rsa is 600, which means readable and writable.
After I push this file to a git repo and pull it from another pc, sometimes the mode of the private key file becomes -rw-r--r--.
When I pull the repo with ssh after specify the private key file, it failed and prompted warnings the same with you. Following is my script.
ssh-agent bash -c "ssh-add $PATH_OF_RSA/id_rsa; \
git pull git#gitee.com:someone/somerepo.git "
I fix this problem just by changing the mode to 600.
chmod 600 $PATH_TO_RSA/id_rsa
giving permision 400 makes the key private and not accessible by someone unknown. It makes the key as a protected one.
chmod 400 /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Just run below to your pem's
sudo chmod 600 /path/to/my/key.pem
If youre using a .ssh/config file try to
chmod 0400 .ssh/config
then:
chmod 0400 .ssh/<<KEYFILE_PATH>>
This should do the trick:
chmod 600 id_rsa
chmod 400 /etc/ssh/* works for me.
Those who suggested chmod 400 id_rsa.pub did not sound right at all. It was quite possible that op used pub key instead of private key to ssh.
So it might be as simple as ssh -i /Users/tudouya/.ssh/vm/vm_id_rsa (the private key) user#host to fix it.
--- update ---
Check this article https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2 for how to set up ssh key
I had this issue with a macbook m1, I later realized that i was missing sudo from the connection script
sudo ssh -i "key.pem" ubuntu#IP_Address
Ensure you are not missing the sudo in your connection script if you are using a macbook.
This problem had a quick and easy fix. You just had to change the permissions on the pem file using the following command.
chmod 400 /Users/yourUserName/pathOfYourFile/fileName.pem
This command will make the file read only and remove all other permissions on the file
There has been a lot of great explanation above, so I recommend reading and understanding.
Here is my simple step by step solution:
On your terminal, run:
open ~/.ssh/config
In your file, you will see something similar to this (in my personal case):
Host *
IgnoreUnknown UseKeychain
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519.pub
or like this (as per the example in this question).
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Remove the ".pub" extention from the last line, which should look like:
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa
or in my case:
Host *
IgnoreUnknown UseKeychain
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Save the file and test your ssh connection.
i had similar issues and this was what i did and it worked.
sudo ssh -i webhost.pem ubuntu#ipaddress
I removed the .pub file, and it worked.

gcloud: permission denied (public key) when ssh-ing to server

I am trying to set up a new ssh key for a gcloud instance. I followed the instructions here verbatim (https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys), generating a new key, putting the public rsa-ssh key with my username on the SSH Keys section of the Metadata tab in the Google Cloud Platform interface, and setting the appropriate permissions for my public and private keys with chmod.
I am getting an error which ends as follows, when attempting to ss using the -vvv verbose flag:
...
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/erickofman/.ssh/salsadb
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
I have (with a co-worker) ensured that my public key is contained within the authorized_keys file in the server's .ssh folder. Thinking that perhaps something was just stale, I also tried restarting the ssh server using service sshd restart to no avail.
I also tried setting up ssh using the gcloud tool, same result.
I have the correct role/permissions for the site from what I can tell.
This is what the log looks like on the server side:
admin#awesome-website:~$ tail /var/log/auth.log
Nov 15 20:40:16 awesome-website sshd[18846]: input_userauth_request: invalid user ekofman [preauth]
Nov 15 20:40:17 awesome-website sshd[18846]: Connection closed by 10.100.100.10 port 90001 [preauth]
Nov 15 20:41:17 awesome-website sshd[18848]: Connection closed by 200.200.20.20 port 90002 [preauth]
Been banging my head on this for a bit, any help much appreciated!
Whelp, turns out that new ssh keys do not get incorporated unless a full instance restart is effected. Not ssh server restart, but a full instance restart (stop gcloud instance, then start gcloud instance). It doesn't say this in the documentation, good to know for future reference.
Per this make sure you're .ssh/authorized_keys in your user's directory.
You also want to ensure your .ssh directory and authorized_keys have the proper permissions set. (700 and 600 respectively).
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/authorized_keys

SSH Key: “Permissions 0644 for 'id_rsa.pub' are too open.” on mac

I generate a ssh key pair on my mac and add the public key to my ubuntu server(in fact, it is a virtual machine on my mac),but when I try to login the ubuntu server,it says:
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for '/Users/tudouya/.ssh/vm/vm_id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Permission denied (publickey,password).
I have tried many ways to solve this, change the key file mode, change the folder mode,as some answer on stackoverflow,but it doesn't work.
the key file permission:
vm dir:
drwxr-xr-x 4 tudouya staff 136 4 29 10:37 vm
key file:
-rw------- 1 tudouya staff 1679 4 29 10:30 vm_id_rsa
-rw-r--r-- 1 tudouya staff 391 4 29 10:30 vm_id_rsa.pub
please give me some idea...
=========================================
I write the host infomation to ssh_config:
Host ubuntuvm
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa.pub
I run command "ssh -v ubuntuvm",it displays:
ssh -v ubuntuvm
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 103: Applying options for *
debug1: /etc/ssh_config line 175: Applying options for ubuntuvm
debug1: Connecting to 10.211.55.17 [10.211.55.17] port 22.
debug1: Connection established.
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub type 1
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-8 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 55:6d:4f:0f:23:51:ac:8e:70:01:ec:0e:62:9e:1c:10
debug1: Host '10.211.55.17' is known and matches the RSA host key.
debug1: Found key in /Users/tudouya/.ssh/known_hosts:54
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
debug1: Server accepts key: pkalg ssh-rsa blen 279
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0644 for '/Users/tudouya/.ssh/vm/vm_id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/tudouya/.ssh/vm/vm_id_rsa.pub
debug1: No more authentication methods to try.
Permission denied (publickey,password).
I suggest you to do:
chmod 400 ~/.ssh/id_rsa
It works fine for me.
debug1: identity file /Users/tudouya/.ssh/vm/vm_id_rsa.pub type 1
It appears that you're trying to use the wrong key file. The file with the ".pub" extension contains the public portion of the key. The corresponding file without the ".pub" extension contains the private part of the key. When you run an ssh client to connect to a remote server, you have to provide the private key file to the ssh client.
You probably have a line in the your .ssh/config file (or /etc/ssh_config) which looks like this:
IdentityFile .../.ssh/vm/vm_id_rsa.pub
You need to remove the ".pub" extension from the filename:
IdentityFile .../.ssh/vm/vm_id_rsa
Key should be readable by the logged in user.
Try this:
chmod 400 ~/.ssh/Key file
chmod 400 ~/.ssh/vm_id_rsa.pub
chmod 400 path/to/filename
This work for me. When I did this file I am able to connect to my EC2 instance
change your KEY permission to
chmod 400 your_key.pem
It should work !
After running below command it works for me
sudo chmod 600 /path/to/my/key.pem
In my case, it was a .pem file. Turns out holds good for that too. Changed permissions of the file and it worked.
chmod 400 ~/.ssh/dev-shared.pem
Thanks for all of those who helped above.
SSH keys are meant to be private so a 644 permission is too open.
Binary references to set Permissions
r(read) = 4
w(write) = 2
x(execute) = 1
So by adding these numbers and by passing the summed digit to chmod command,We set the permission of file/directory.
The first digit sets permission for the owner, second digit for group and the third one for all other users on the system who have no right to the file.
A permission of 644 means
(4+2) = read/write permission for the owner
(4) = read permission for the group
(4) = read permission for all other users
By changing the the permission of the file to 400 using
chmod 400 <filename>
solves the issue. As it makes the key read-only accessible to the owner.
Ref: https://www.linux.com/training-tutorials/understanding-linux-file-permissions/
Lot's of similar answers but no explanations...
The error is thrown because the private key file permissions are too open. It is a security risk.
Change the permissions on the private key file to be minimal (read only by owner)
Change owner chown <unix-name> <private-key-file>
Set minimal permissions (read only to file owner) chmod 400 <private-key-file>
If the keys are in the ~/.ssh directory , use
chmod 400 ~/.ssh/id_rsa
If the keys are in different directory, use
chmod 400 directory_path/id_rsa
This worked for me.
chmod 600 id_rsa
Run above command from path where key is stored in vm ex: cd /home/opc/.ssh
I have similar issue and solved it by changing the permission of the respective files and folder worked for me.
This is the solution which is worked for me:
$ chmod 0600 ~/.ssh/id_rsa.pub
$ chmod 0600 ~/.ssh/authorized_keys
$ chmod 0600 ~/.ssh/id_rsa
$ chmod 0700 ~/.ssh
You have to run the command bellow
chmod 400 /path/to/my/key.pem
As for me, the default mode of id_rsa is 600, which means readable and writable.
After I push this file to a git repo and pull it from another pc, sometimes the mode of the private key file becomes -rw-r--r--.
When I pull the repo with ssh after specify the private key file, it failed and prompted warnings the same with you. Following is my script.
ssh-agent bash -c "ssh-add $PATH_OF_RSA/id_rsa; \
git pull git#gitee.com:someone/somerepo.git "
I fix this problem just by changing the mode to 600.
chmod 600 $PATH_TO_RSA/id_rsa
giving permision 400 makes the key private and not accessible by someone unknown. It makes the key as a protected one.
chmod 400 /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Just run below to your pem's
sudo chmod 600 /path/to/my/key.pem
If youre using a .ssh/config file try to
chmod 0400 .ssh/config
then:
chmod 0400 .ssh/<<KEYFILE_PATH>>
This should do the trick:
chmod 600 id_rsa
chmod 400 /etc/ssh/* works for me.
Those who suggested chmod 400 id_rsa.pub did not sound right at all. It was quite possible that op used pub key instead of private key to ssh.
So it might be as simple as ssh -i /Users/tudouya/.ssh/vm/vm_id_rsa (the private key) user#host to fix it.
--- update ---
Check this article https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2 for how to set up ssh key
I had this issue with a macbook m1, I later realized that i was missing sudo from the connection script
sudo ssh -i "key.pem" ubuntu#IP_Address
Ensure you are not missing the sudo in your connection script if you are using a macbook.
This problem had a quick and easy fix. You just had to change the permissions on the pem file using the following command.
chmod 400 /Users/yourUserName/pathOfYourFile/fileName.pem
This command will make the file read only and remove all other permissions on the file
There has been a lot of great explanation above, so I recommend reading and understanding.
Here is my simple step by step solution:
On your terminal, run:
open ~/.ssh/config
In your file, you will see something similar to this (in my personal case):
Host *
IgnoreUnknown UseKeychain
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519.pub
or like this (as per the example in this question).
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa.pub
Remove the ".pub" extention from the last line, which should look like:
Hostname 10.211.55.17
PreferredAuthentications publickey
IdentityFile /Users/tudouya/.ssh/vm/vm_id_rsa
or in my case:
Host *
IgnoreUnknown UseKeychain
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
Save the file and test your ssh connection.
i had similar issues and this was what i did and it worked.
sudo ssh -i webhost.pem ubuntu#ipaddress
I removed the .pub file, and it worked.