ssh localhost connection closed by 127.0.0.1? - ssh

So, I'm going through this tutorial (Running Hadoop on windows using cygwin...) to setup hadoop on my WINDOWS (please don't ask why I would use Linux). So I got to this point that I need to SSH to my localhost and test the SSH using Cygwin, but it closes the connection and says:
Connection closed by 127.0.0.1
I've googled a lot but couldn't find any proper answer for my problem.
P.S.: I'm running cygwin on Windows 7 professional x64
any idea?
BTW, Here is a sample run:
$ ssh -v localhost
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/Soroush/.ssh/id_rsa type 1
debug1: identity file /home/Soroush/.ssh/id_rsa-cert type -1
debug1: identity file /home/Soroush/.ssh/id_dsa type -1
debug1: identity file /home/Soroush/.ssh/id_dsa-cert type -1
debug1: identity file /home/Soroush/.ssh/id_ecdsa type -1
debug1: identity file /home/Soroush/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 19:2d:f6:84:4d:e5:0d:d4:5e:e6:e5:a4:6a:3c:ea:8b
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/Soroush/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/Soroush/.ssh/id_rsa
Connection closed by 127.0.0.1

When you installed Cygwin and ran ssh-host-config, you might have created user cyg_server. So when you are connecting to ssh, you need to use the user cyg_server#localhost.
When you run ssh with that user, it will ask you for the password that you provided when you ran ssh-host-config.
$ ssh cyg_server#localhost
cyg_server#localhost's password:
Last login: Mon Dec 31 01:14:44 2012 from ::1
cyg_server#polorumpus ~
$
I hope it will be useful.

It looks like the key isn't being accepted. Check that /home/Soroush/.ssh/id_rsa.pub has been added to /home/Soroush/.ssh/authorized_keys
I would also check that
RSAAuthentication yes is set in /etc/ssh/sshd_config

I had to do these to fix the problem:
chown <USERNAME> /var/log/sshd.log
chown -R <USERNAME> /var/empty
chown <USERNAME> /etc/ssh*
chmod 755 /var/empty
chmod 644 /var/log/sshd.log
Note that the is my desired user name, not cyg_server.

I Found this post relating to my issue, but it turned out that my cyg_server account did not have administrator privilege.

I had the same problem, and it was generated by Putty authentication agent (Pageant): it was running with a private key. For some reason, it tried to use it to connect to localhost. If I closed Pageant (or removed the key), I could ssh to localhost.
But as I wanted to have Pageant running (to be a client of other ssh servers), I managed to modify the local sshd service, so that it 'ignored' in some way Pageant, to accept connections:
Modify /etc/ssh/sshd_config:
PubkeyAuthentication no
Now, it works

I had to use the 64-bit version of Cygwin to get this to work.

Related

Permission denied on Amazon LightSail

Login works with LightsailDefaultPrivateKey-eu-west-1.pem but not with my own key-pair.
I tried to generate the keys with 'ssh-keygen -t rsa -b 4096 -C "my#email.com" -f ~/.ssh/lsail-mikemittererat-eu-west-1.pem'
I also tried to generate a key on AWS/S2, dowloaded it, generated a public key out of the private key and uploaded it to LightSail - the same result. It doesn't work.
Error-Message:
ssh -i ~/.ssh/ssh_my-website ubuntu#
Permission denied (publickey).
This is what I get if I use the -v option:
ssh -v -i ~/.ssh/lsail-mikemittererat-eu-west-1.pem ubuntu#<public ip>
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to <public ip> [<public ip>] port 22.
debug1: Connection established.
debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <public ip>:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6u6vqWOSbOSNiPYAOqa5q/epSntR7GG5dvFzKuUAJOQ
debug1: Host '<public ip>' is known and matches the ECDSA host key.
debug1: Found key in /Users/mikemitterer/.ssh/known_hosts:38
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/mikemitterer/.ssh/lsail-mikemittererat-eu-west-1.pem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
permission of .pem is set to 600, .ssh ist set to 700
I was able to get this to work as follows:
Generated the SSH keypair as you described above (ssh-keygen -t rsa -b 4096 -C "my#email.com" -f ~/certs/test.pem)
changed permissions on the private key file (chmod 600 test.pem)
ssh'd into the instance using the lightsail integrated console and added the public key to the ~/.ssh/authorized_keys file
I was able to access the instance using ssh -i ~/certs/lightsail.pem ubuntu#
Let me know if this works, or if I'm missing something.
I had same issue for hours, and finally solved it. Here is what I did:
Download the pem file into a folder.
Then run this:
$chmod 600 KEYFILE.pem
And this:
$ssh -i "KEYFILE.pem" bitnami#your_static_ip
As I remember, I've tried the same thing as you, but it didn't work.
I followed all of the steps listed in Add new user accounts with SSH access using an AWS key and a 3rd-party generated key and still got the <USER>#<HOSTNAME>: Permission denied (publickey) error. It turned out that I needed to fix the directory permissions for my custom home directory location and had nothing to do with how I generated the key or uploaded it to the instance.
The required directory permissions detailed in the Troubleshoot "Permission denied (publickey)" knowledge-base article state that the following permissions should be used:
The parent directory of the user's home directory (e.g. /home): 755
The user's home directory (e.g. /home/ec2-user): 700
The user's .ssh/ directory (e.g. /home/ec2-user/.ssh): 0700
The user's authorized_keys file (e.g. /home/ec2-user/.ssh/authorized_keys): 600
Once my directory permissions were correct, my configured key started working.
If the other solutions provided did not work, you might need to check to make sure the username you want to ssh is the owner of .bash_logout, .bashrc, .profile, .ssh and the authorized_keys and known_hosts inside .ssh.
You can login with your main bitnami username to check the above using ls -lash and change them using chown if needed. For example,
sudo chown yoursshusername .bash_logout

Cygwin: ssh login issue if client have a keyfile

I have an issue with Cygwin on one windows server (2008 R2 STD)
it's a first time a saw that:
First, I saw a little bug after the installation of cygwin, when I open a Cygwin terminal the username have the hostname in the name (WANCYFILE3 is the hostname):
WANCYFILE3+BoMBkpAccount#WANCYFILE3 ~
$
and when i create a /etc/passwd with mkpasswd i have the same issue:
WANCYFILE3+BoMBkpAccount#WANCYFILE3 ~
$ mkpasswd
SYSTEM:*:18:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/home/SYSTEM:/bin/bash
LOCAL SERVICE:*:19:19:U-NT AUTHORITY\LOCAL SERVICE,S-1-5-19:/:/sbin/nologin
NETWORK SERVICE:*:20:20:U-NT AUTHORITY\NETWORK SERVICE,S-1-5-20:/:/sbin/nologin
Administrators:*:544:544:U-BUILTIN\Administrators,S-1-5-32-544:/:/sbin/nologin
NT SERVICE+TrustedInstaller:*:328384:328384:U-NT SERVICE\TrustedInstaller,S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:/:/sbin/nologin
WANCYFILE3+Administrator:*:197108:197121:U-WANCYFILE3\Administrator,S-1-5-21-1686359761-1676169977-233769372-500:/home/Administrator:/bin/bash
WANCYFILE3+BoMBkpAccount:*:197608:197121:U-WANCYFILE3\BoMBkpAccount,S-1-5-21-1686359761-1676169977-233769372-1000:/home/BoMBkpAccount:/bin/bash
WANCYFILE3+cyg_server:*:197613:197121:U-WANCYFILE3\cyg_server,S-1-5-21-1686359761-1676169977-233769372-1005:/home/cyg_server:/bin/bash
WANCYFILE3+Guest:*:197109:197121:U-WANCYFILE3\Guest,S-1-5-21-1686359761-1676169977-233769372-501:/home/Guest:/bin/bash
WANCYFILE3+sshd:*:197612:197121:U-WANCYFILE3\sshd,S-1-5-21-1686359761-1676169977-233769372-1004:/home/sshd:/bin/bash
for information the home directory is good:
WANCYFILE3+BoMBkpAccount#WANCYFILE3 ~
$ pwd
/home/BoMBkpAccount
now during the installation on ssh with the command "ssh-host-config"
i needed to replace the creation of the automatic user "WANCYFILE3+cyg_server" with "cyg_server"
*** Info: The following privileged accounts were found: 'WANCYFILE3+cyg_server' .
*** Info: This script plans to use 'WANCYFILE3+cyg_server'.
*** Info: 'WANCYFILE3+cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) yes
*** Query: Enter the new user name: cyg_server
*** Query: Reenter: cyg_server
otherwise i have this issue:
*** Info: This script plans to use 'WANCYFILE3+cyg_server'.
*** Info: 'WANCYFILE3+cyg_server' will only be used by registered services.
*** Query: Please enter the password for user 'WANCYFILE3+cyg_server':
*** Query: Reenter:
/usr/bin/cygrunsrv: Error installing a service: CreateService: Win32 error 1057:
The account name is invalid or does not exist, or the password is invalid for the account
*** ERROR: Installing sshd as a service failed!
now the sshd service work with the password:
WANCYFILE3+BoMBkpAccount#WANCYFILE3 ~/.ssh
$ ssh localhost
WANCYFILE3+BoMBkpAccount#localhost's password:
Last login: Tue Apr 21 10:45:46 2015 from ::1
WANCYFILE3+BoMBkpAccount#WANCYFILE3 ~
$
but not if the client have a keyfile:
WANCYFILE3+BoMBkpAccount#WANCYFILE3 ~
$ ssh-keygen.exe
Generating public/private rsa key pair.
....
WANCYFILE3+BoMBkpAccount#WANCYFILE3 ~
$ ssh localhost
Connection closed by ::1
i tryed to add the publickey in the authorized_keys but it's a same issue
for exemple from a another ssh client:
$ ssh-copy-id -i ./backupkey_BOM_Ancy.pub WANCYFILE3+BoMBkpAccount#WANCYFILE3.ancy.societe.com
WANCYFILE3+BoMBkpAccount#wancyfile3.ancy.societe.com's password:
Now try logging into the machine, with "ssh 'WANCYFILE3+BoMBkpAccount#WANCYFILE3.ancy.societe.com'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
$ ssh -i ./backupkey_BOM_Ancy WANCYFILE3+BoMBkpAccount#WANCYFILE3.ancy.societe.com
Connection closed by 10.131.16.34
whith verbose connexion:
$ ssh -v -i ./backupkey_BOM_Ancy WANCYFILE3+BoMBkpAccount#WANCYFILE3.ancy.societe.com
OpenSSH_5.5p1 Debian-6+squeeze3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to WANCYFILE3.ancy.societe.com [10.131.16.34] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file ./backupkey_BOM_Ancy type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file ./backupkey_BOM_Ancy-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8
debug1: match: OpenSSH_6.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'wancyfile3.ancy.societe.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:62
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: ./backupkey_BOM_Ancy
Connection closed by 10.131.16.34
$
After 3 installations of cygwin, I can't find this issue.
do you have any idea?
Thanks for your help (and sorry for my English)
debug1: Offering public key: ./backupkey_BOM_Ancy
Connection closed by 10.131.16.34
$
You need to figure out why the server is closing the connection on you. If this were a unix system, I'd say to check the system logs (usually one of the files in /var/log) for messages from sshd. I don't know what the cygwin equivalent of that is.
My guess is that you're authenticating, and the server is trying to start a login session for you. But the program that it's trying to start as your shell is missing, malfunctioning, or it's exiting as soon as it has started.

nohup causes "read_passphrase: can't open /dev/tty"

I have a simple remote ssh command in script, nohupssh.sh
sleep 30
ssh -v -l developer server11 "/usr/local/jdk1.7.0_45/bin/jmap -histo:live 1770;"
I run the script as follows:
nohup nohupssh.sh > out.log 2>&1 &
When I execute it as shown above, the jmap utility successfully executes on the remote server. However, if I execute it as shown above and exit the bash shell, I get the error shown below.
Note that I have a properly formatted authorized_keys in both local and remote servers. Also note that there is NO id_rsa in either server since these servers are shared.
I've tried many combinations:
ssh -v -A -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null server11 ....
but to no avail. I've closely examined the man page for ssh for clues, trying various options. I presume there must be a single or set of ssh options that will solve this problem. The real script (rather than the abridged above) has scp as well. Hence, I hope the options that are eluding me will work for both scp and ssh.
The full verbose log is
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /home/developer/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server11 [10.255.10.20] port 22.
debug1: fd 4 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /home/developer/.ssh/identity type -1
debug1: identity file /home/developer/.ssh/id_rsa type -1
debug1: identity file /home/developer/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Warning: Permanently added 'server11,10.255.10.20' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
****************************************************************************
WARNING: Unauthorized access to this system is forbidden and will be
prosecuted by law. By accessing this system, you agree that your
actions may be monitored.
****************************************************************************
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/developer/.ssh/identity
debug1: Trying private key: /home/developer/.ssh/id_rsa
debug1: Trying private key: /home/developer/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
I had this read_passphrase: can't open /dev/tty error when my private key was wrongly formatted - instead of many lines, it was passed as a one-liner, and you might have any other format issue like a forgotten "-" at the start or end, or something wrong at the end of the lines, like a missing newline format or an additional letter at the end of a line.
See Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty” for more details, in short:
The main error is caused by the
echo "$ssh_prv_key" > /root/.ssh/id_rsa
which passes a wrongly formatted ssh_prv_key, as just one line, although the private key needs many lines.
With the main idea from Add private key to ssh-agent in docker file, which again had the idea from Gitlab CI/Docker: ssh-add keeps asking for passphrase.
From the error log:
Authentications that can continue: publickey,password
Since you don't have a publickey set up ("there is NO id_rsa"), you need to enter a password to access the remote server, but you've disconnected stdin:
read_passphrase: can't open /dev/tty: No such device or address
SSH is not very amenable to hacks to automate password entry, so if you can't put an id_rsa on there, your best bet is to background and detach after entering the remote server's password. Try ^Z:
Run nohup nohupssh.sh > out.log 2>&1
Wait 30 seconds, then enter the remote server password
Hit control-Z
Run bg %1
You should now be able to exit the shell.

unable to get agent forwarding on vagrant working

Despite my best efforts, I cannot seem to get agent forwarding on Vagrant. I'm running OS X with the following vagrant/virtualbox combo:
[chrisshorrock:~]$ vboxwebsrv --version
Oracle VM VirtualBox web service Version 4.2.18
(C) 2007-2013 Oracle Corporation
All rights reserved.
4.2.18r88780
[chrisshorrock:~]$ vagrant --version
Vagrant 1.3.5
Firstly - in my vagrant file I have
config.ssh.forward_agent = true
I've confirmed that my key (on my os x box) is added to my ssh agent with:
ssh-add -L
My ~/.ssh/config file contains the following:
Host 127.0.0.1
ForwardAgent yes
I can connect to outside servers, and have confirmed that something like:
ssh -T git#github.com
Works properly (both locally and remotely indicating that ssh agent forwarding functionality seems correct on the OS X box), however, when I connect to my vagrant instance, I have no such luck:
[chrisshorrock:~]$ ssh -v vagrant#127.0.0.1 -p 2222
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/chrisshorrock/.ssh/config
debug1: /Users/chrisshorrock/.ssh/config line 35: Applying options for 127.0.0.1
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /Users/chrisshorrock/.ssh/id_rsa type 1
debug1: identity file /Users/chrisshorrock/.ssh/id_rsa-cert type -1
debug1: identity file /Users/chrisshorrock/.ssh/id_dsa type -1
debug1: identity file /Users/chrisshorrock/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 50:db:75:ba:11:2f:43:c9:ab:14:40:6d:7f:a1:ee:e3
debug1: Host '[127.0.0.1]:2222' is known and matches the RSA host key.
debug1: Found key in /Users/chrisshorrock/.ssh/known_hosts:29
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/chrisshorrock/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
Authenticated to 127.0.0.1 ([127.0.0.1]:2222).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
debug1: Sending env LC_CTYPE = en_CA.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-56-generic x86_64)
* Documentation: https://help.ubuntu.com/
Welcome to your Vagrant-built virtual machine.
Last login: Fri Nov 22 09:58:24 2013 from 10.0.2.2
[vagrant:~]$ ssh -T git#github.com
Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts.
Permission denied (publickey).
I'm at a loss of things to try.
Problem solved. The box was using oh-my-zsh, which had the plugins defined as:
plugins=(git cp command-not-found git-extras gnu-utils history pip python ruby screen ssh-agent svn)
The culprit here was the ssh-agent helper for oh-my-zsh.

ssh password-less login to localhost

I am trying to setup password-less login into my localhost for a distributed computing tutorial. (I've set it up successfully for multiple remote hosts.) I went through the normal steps of generating an rsa key and appending the public key to authorized_keys but I am still prompted for a password. I've also enabled RSAAuthentication and PubKeyAuthentication in /etc/ssh_config. Following other suggestions I've seen, I tried:
chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
But the problem persists.
Here is the output from ssh -v localhost:
(tutorial)bnels21-2:tutorial bnels21$ ssh -v localhost
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/bnels21/.ssh/id_rsa type 1
debug1: identity file /Users/bnels21/.ssh/id_rsa-cert type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa type -1
debug1: identity file /Users/bnels21/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 1c:31:0e:56:93:45:dc:f0:77:6c:bd:90:27:3b:c6:43
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/bnels21/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/bnels21/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: id_rsa3
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/bnels21/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
Any suggestions? I'm running OSX 10.8.
Since you seem to have multiple keys I would assign the specific key to a specific connection in ~/.ssh/config.
Example:
Host local
HostName 127.0.0.1
Port 22
User your_username
IdentityFile ~/.ssh/your_key-id_rsa
Then just try to ssh local.
I had same problem. I checked the system passwd and group files, and discovered that my user and group was not present. To build this files (my user was a domain user) I need to run two commands at cygwin shell:
mkpasswd -l -d > /etc/passwd
mkgroup -l -d > /etc/group
After that, ssh works fine!
Elvys Borges
It looks like you are using protocol version 2.0 when connecting to localhost, so try moving authorized_keys to authorized_keys2.
Source: this post explains the difference between the two keys files.
I was at my wits end... I was under the mistaken impression ssh-copy-id was a Linux-only utility. Finally I just swallowed my pride and typed the command is the macOS Terminal and it worked!
ssh-copy-id me#sshd-server
I don't know what magic ssh-copy-id does, but it just worked. I was able to log in without a password successfully with the simple command:
ssh me#sshd-server
I had zero luck with cat id_rsa.pub >> ~/.ssh/authorized_hosts. Every time I tried ssh'ing to the server it just kept asking me for the passphrase. This is with the correct 600 permission on authorized_hosts and 700 on ~/.ssh.