I am trying to setup password-less login into my localhost for a distributed computing tutorial. (I've set it up successfully for multiple remote hosts.) I went through the normal steps of generating an rsa key and appending the public key to authorized_keys but I am still prompted for a password. I've also enabled RSAAuthentication and PubKeyAuthentication in /etc/ssh_config. Following other suggestions I've seen, I tried:
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
But the problem persists.
Here is the output from ssh -v localhost:
(tutorial)bnels21-2:tutorial bnels21$ ssh -v localhost
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/bnels21/.ssh/id_rsa type 1
debug1: identity file /Users/bnels21/.ssh/id_rsa-cert type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 1c:31:0e:56:93:45:dc:f0:77:6c:bd:90:27:3b:c6:43
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/bnels21/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/bnels21/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: id_rsa3
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/bnels21/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
Any suggestions? I'm running OSX 10.8.
Since you seem to have multiple keys I would assign the specific key to a specific connection in ~/.ssh/config.
Example:
Host local
HostName 127.0.0.1
Port 22
User your_username
IdentityFile ~/.ssh/your_key-id_rsa
Then just try to ssh local.
I had same problem. I checked the system passwd and group files, and discovered that my user and group was not present. To build this files (my user was a domain user) I need to run two commands at cygwin shell:
mkpasswd -l -d > /etc/passwd
mkgroup -l -d > /etc/group
After that, ssh works fine!
Elvys Borges
It looks like you are using protocol version 2.0 when connecting to localhost, so try moving authorized_keys to authorized_keys2.
Source: this post explains the difference between the two keys files.
I was at my wits end... I was under the mistaken impression ssh-copy-id was a Linux-only utility. Finally I just swallowed my pride and typed the command is the macOS Terminal and it worked!
ssh-copy-id me#sshd-server
I don't know what magic ssh-copy-id does, but it just worked. I was able to log in without a password successfully with the simple command:
ssh me#sshd-server
I had zero luck with cat id_rsa.pub >> ~/.ssh/authorized_hosts. Every time I tried ssh'ing to the server it just kept asking me for the passphrase. This is with the correct 600 permission on authorized_hosts and 700 on ~/.ssh.
Related
This command for connecting to my aws server works well:
ssh -i my_pem.pem ubuntu#ec2-xx-xx-xx-xx.eu-west-1.compute.amazonaws.com
But this not:
$ scp -v -i my_pem.pem file1 file2 ubuntu#ec2-xx-xx-xx-xx.eu-west-1.compute.amazonaws.com:/home/ubuntu/folder1
UPDATE1:
$ ssh -v -i 123.pem ubuntu#xx-xx-xx-xx.xx-west-1.compute.amazonaws.com
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xx-xx-xx-xx.xx-west-1.compute.amazonaws.com [11.22.33.44] port 22.
debug1: Connection established.
debug1: identity file docs/toh_server.pem type -1
debug1: identity file docs/toh_server.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA xx:bb:cc:dd:ee:fdsfdsfdsfdsfdsfds
debug1: Host 'xx-xx-xx-xx.xx-west-1.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/me123/.ssh/known_hosts:19
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: docs/toh_server.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to xx-xx-xx-xx.xx-west-1.compute.amazonaws.com ([11.33.44.55]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_HK.UTF-8
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-48-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information disabled due to load higher than 2.0
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
Error:
Executing: program /usr/bin/ssh host ip-xx-xx-xx-xx, user ubuntu, command scp -v -d -t /home/ubuntu/folder1
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
ssh: Could not resolve hostname ip-xx-xx-xx-xx: Name or service not known
lost connection
What's the matter?
See the difference
debug1: Connecting to xx-xx-xx-xx.xx-west-1.compute.amazonaws.com [11.22.33.44] port 22.
and
Executing: program /usr/bin/ssh host ip-xx-xx-xx-xx, user ubuntu, command scp -v -d -t /home/ubuntu/folder1
ssh: Could not resolve hostname ip-xx-xx-xx-xx: Name or service not known
Your scp is connecting somewhere else and since you obfuscated the IPs/addresses I have no idea if that is intention or that the it really does.
The scp is parsing your files and probably found some : character in your file name (first guess about # was false) and parses that filename as host:path? Give it a try with only one of the files, post the real name of files.
Or rather use sftp. It does not care about the syntax on command line. Just sftp your host and then:
cd folder1
put my_file file2
I'm trying to push my id_rsa.pub to server so I can ssh into it.
I've run the following command,
cat ~/.ssh/id_rsa.pub | ssh -v -p 12345 myname#123.45.67.8 'cat >> ~/.ssh/authorized_keys'
which returns the following debugging:
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 123.45.67.8 [123.45.67.8] port 12345.
debug1: Connection established.
debug1: identity file /Users/myname/.ssh/id_rsa type 1
debug1: identity file /Users/myname/.ssh/id_rsa-cert type -1
debug1: identity file /Users/myname/.ssh/id_dsa type -1
debug1: identity file /Users/myname/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA [some server host key]
debug1: Host '[123.45.67.8]:12345' is known and matches the RSA host key.
debug1: Found key in /Users/myname/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/myname/.ssh/github_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/myname/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/myname/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I can't figure out what the problem is..
can anybody please help me out?
Key based authentication will only work if the authorized_keys has
Correct permissions.
Try to do a chmod 600 ~/.ssh/authorized_keys
Your command will only work if you can ssh to the server by entering a password. It also requires the dir ~/.ssh to be created on the remote server and lastly (as Jan-Erik Revsbech points out) the permissions on the local and the remote ~/.ssh needs to disallow others reading it.
If you instead use ssh-copy-id remote-server to copy your keys, then both the dir and permissions on the remote system will be set correctly. It will still require you to enter the password the first time, though.
Make sure to also set the correct owner :)
I tried ssh-copy-id remote-server as suggested by Ole and got an error like this:
Cannot write to .ssh/authorized_keys. Permission denied
The directory ~/.ssh as well as the file authorized_keys were already present on the server and set up with the right permission... but for the wrong user! Here is, what solved it:
chown right-user:right-user .ssh
chown right-user:right-user .ssh/authorized_keys
I changed the owner of the file and the directory. Then ssh-copy-id worked.
I was connecting my ec2 instance via ssh well,after adding new EBS volume restarted the machine by 'sudo shutdown -r now'
And after that I tried to access by using follwing command:
ssh -v -i primary_key.pem ubuntu#ec2-23-22-245-160.compute-1.amazonaws.com
which is retuning like below:
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/caveman/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to ec2-23-22-245-160.compute-1.amazonaws.com [23.22.245.160] port 22.
debug1: Connection established.
debug1: identity file primary_key.pem type -1
debug1: identity file primary_key.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-23-22-245-160.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/caveman/.ssh/known_hosts:31
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: primary_key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
What is wrong?Any point that I am missing?
This is normal Amazon EC2 behaviour. After restarting the instance, associated public Ip (yours was ec2-23-22-245-160.compute-1.amazonaws.com) will be changed.
There are 2 way to connect your instance via ssh
Log into your Amazon AWS Console and check running instance then copy Public DNS and try to connect with ssh. (ssk key is the same)
If you don't want your instance's public ip to change on every restart/termination use Elastic IP. Elastic Ips associated with account (not the instance) so you can assign Elastic Ip on any instance you want.
You can connect with ssh ssh -v -i primary_key.pem ubuntu#<ElasticIp>
I had the similar issue. Here is what I did..!
ssh -i < .pem file> -vvv <server IP>
The above command will show debug logs and after ECDSA key is accepted you are in.
When I try to ssh into localhost, it accepts the public key and immediately closes the connection. I've been going through pages of Google results for hours now with no progress. Here's what I get after ssh -v user#localhost:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/user/.ssh/id_rsa type -1
debug1: identity file /Users/user/.ssh/id_rsa-cert type -1
debug1: identity file /Users/user/.ssh/id_dsa type 2
debug1: identity file /Users/user/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 67:2f:0b:c8:40:e8:87:0f:57:ee:c7:68:ae:8a:5a:02
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/user/.ssh/id_rsa
debug1: Offering DSA public key: /Users/user/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
Connection closed by ::1
I'm running OSX 10.8, using ssh through Terminal.
Okay, so what finally worked was explicitly allowing connections from user. Setting System Prefs > Sharing > Remote Login > Allow access for: to All Users doesn't work; instead I had to check Only these users: and manually add all users. Hope this helps anyone else having the same problem.
A long time ago I had the same problem with Telnet, and if I remember it well, the problem was with the user having no home directory in /etc/passwd.
I am assuming that you are trying to create a password-less connection, am I right?
When you google it, there is a good explanation of it here: http://diuf.unifr.ch/main/tech/node/57
Also, here is an explanation how to quickly make the password less connection http://greg-n-blog.blogspot.com/search/label/scp
This worked for me in Cygwin using Windows within a large domain:
Add your Windows user ID to /etc/passwd. You can get it by typing $ mkpasswd -d | grep [username]. In a large domain, you may have to wait several hours.
Make sure the user ID given in /etc/passwd matches that in $ id -u, and the group ID matches that for Administrators in /etc/group
So, I'm going through this tutorial (Running Hadoop on windows using cygwin...) to setup hadoop on my WINDOWS (please don't ask why I would use Linux). So I got to this point that I need to SSH to my localhost and test the SSH using Cygwin, but it closes the connection and says:
Connection closed by 127.0.0.1
I've googled a lot but couldn't find any proper answer for my problem.
P.S.: I'm running cygwin on Windows 7 professional x64
any idea?
BTW, Here is a sample run:
$ ssh -v localhost
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/Soroush/.ssh/id_rsa type 1
debug1: identity file /home/Soroush/.ssh/id_rsa-cert type -1
debug1: identity file /home/Soroush/.ssh/id_dsa type -1
debug1: identity file /home/Soroush/.ssh/id_dsa-cert type -1
debug1: identity file /home/Soroush/.ssh/id_ecdsa type -1
debug1: identity file /home/Soroush/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 19:2d:f6:84:4d:e5:0d:d4:5e:e6:e5:a4:6a:3c:ea:8b
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/Soroush/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/Soroush/.ssh/id_rsa
Connection closed by 127.0.0.1
When you installed Cygwin and ran ssh-host-config, you might have created user cyg_server. So when you are connecting to ssh, you need to use the user cyg_server#localhost.
When you run ssh with that user, it will ask you for the password that you provided when you ran ssh-host-config.
$ ssh cyg_server#localhost
cyg_server#localhost's password:
Last login: Mon Dec 31 01:14:44 2012 from ::1
cyg_server#polorumpus ~
$
I hope it will be useful.
It looks like the key isn't being accepted. Check that /home/Soroush/.ssh/id_rsa.pub has been added to /home/Soroush/.ssh/authorized_keys
I would also check that
RSAAuthentication yes is set in /etc/ssh/sshd_config
I had to do these to fix the problem:
chown <USERNAME> /var/log/sshd.log
chown -R <USERNAME> /var/empty
chown <USERNAME> /etc/ssh*
chmod 755 /var/empty
chmod 644 /var/log/sshd.log
Note that the is my desired user name, not cyg_server.
I Found this post relating to my issue, but it turned out that my cyg_server account did not have administrator privilege.
I had the same problem, and it was generated by Putty authentication agent (Pageant): it was running with a private key. For some reason, it tried to use it to connect to localhost. If I closed Pageant (or removed the key), I could ssh to localhost.
But as I wanted to have Pageant running (to be a client of other ssh servers), I managed to modify the local sshd service, so that it 'ignored' in some way Pageant, to accept connections:
Modify /etc/ssh/sshd_config:
PubkeyAuthentication no
Now, it works
I had to use the 64-bit version of Cygwin to get this to work.