I am getting permission denied (public key) while doing a ssh to amazon machine. Here is the verbose output
OpenSSH_5.8p1 Debian-7ubuntu1,
OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 46.137.248.46 [46.137.248.46] port 22.
debug1: Connection established.
debug1: identity file Desktop/tws/new_key.pem type -1
debug1: identity file Desktop/tws/new_key.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 20:0f:a7:ea:b6:70:4f:ca:d0:d4:1c:31:2d:b2:08:71
debug1: Host '46.137.248.46' is known and matches the RSA host key.
debug1: Found key in /home/cs1090174/.ssh/known_hosts:43
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: cs1090174#aurora
debug1: Authentications that can continue: publickey
debug1: Trying private key: Desktop/tws/new_key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
What can be the possible error? Thanks in advance for replying.
Thanks, I got the fix. The username is not supposed to be Ubuntu but ec2-user .
Related
I accessed several time to a server. And I could connect perfectly. this evening I want to connect again it gives me an error.
-> % ssh ubuntu#pkp-alm.lib.sfu.ca -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pkp-alm.lib.sfu.ca [52.4.177.245] port 22.
debug1: Connection established.
debug1: identity file /home/guinsly/.ssh/id_rsa type 1
debug1: identity file /home/guinsly/.ssh/id_rsa-cert type -1
debug1: identity file /home/guinsly/.ssh/id_dsa type -1
debug1: identity file /home/guinsly/.ssh/id_dsa-cert type -1
debug1: identity file /home/guinsly/.ssh/id_ecdsa type -1
debug1: identity file /home/guinsly/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/guinsly/.ssh/id_ed25519 type -1
debug1: identity file /home/guinsly/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA c6:7c:32:1c:70:96:6e:ea:c0:84:96:79:3a:6c:06:bb
debug1: Host 'pkp-alm.lib.sfu.ca' is known and matches the ECDSA host key.
debug1: Found key in /home/guinsly/.ssh/known_hosts:21
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/guinsly/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinslym#gmail.com
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinsly#guinsly-ThinkPad-L430
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinslym#gmail.com
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/guinsly/.ssh/id_dsa
debug1: Trying private key: /home/guinsly/.ssh/id_ecdsa
debug1: Trying private key: /home/guinsly/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
My public key is named lagotto_rsa.pub and that's the one it's supposed to use by default but now it's seems like it can't find the public key.
ssh -i ~/.ssh/lagotto_rsa.pub ubuntu#pkp-alm.lib.sfu.ca -v
gives me also Permission denied (publickey).
-> % ssh -i ~/.ssh/lagotto_rsa.pub ubuntu#pkp-alm.lib.sfu.ca -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pkp-alm.lib.sfu.ca [52.4.177.245] port 22.
debug1: Connection established.
debug1: identity file /home/guinsly/.ssh/lagotto_rsa.pub type 1
debug1: identity file /home/guinsly/.ssh/lagotto_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA c6:7c:32:1c:70:96:6e:ea:c0:84:96:79:3a:6c:06:bb
debug1: Host 'pkp-alm.lib.sfu.ca' is known and matches the ECDSA host key.
debug1: Found key in /home/guinsly/.ssh/known_hosts:21
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/guinsly/.ssh/lagotto_rsa.pub
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinslym#gmail.com
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinsly#guinsly-ThinkPad-L430
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: guinsly#guinsly-ThinkPad-L430
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I also tried it with the private key. I would like to know what have changed on my local machine that I can't access the remote anymore
It's not your remote but your server at fault. This errors happens only when you have changed permissions on your backend. It's a real nasty error and I could only solve it because my site was hosted on digital ocean and they give you console access. So it was only possible because of that. There is nothing you can do from client side. I had asked a question about this on ask ubuntu check that link if you can. Otherwise let me know
If you can connect to your server any other way, check the permissions of the ~/.ssh/ folder and ~/ssh/authorized_keys file. They should be set to 700 and 600, respectively.
You can also check /var/log/auth.log file to see what happens when you try to login. If your system has systemd, you can get more info with sudo journalctl -u sshd, or just sudo journalctl.
I uploaded my public key and tried to ssh to one of my site nodes. But each time I am getting permission denied. Log information is attached.
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to planetlab2.utdallas.edu [129.110.125.52] port 22.
debug1: Connection established.
debug1: identity file /home/nazim/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/nazim/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT recenter code hereeived
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 25:a2:cc:c4:e7:e6:ea:ba:96:6d:a9:06:c9:58:41:c7
debug1: Host 'planetlab2.utdallas.edu' is known and matches the RSA host key.
debug1: Found key in /home/nazim/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/nazim/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
Please help me if you know what is going wrong.
Thanks,
Nazim
Try checking permissions on the destination machine. This is the biggest source of confusion. The requirements depend on /etc/ssh/sshd_conf, but by try:
/home/nazim must *not* be world executable (this actually bit me once!).
/home/nazim/.ssh must be chmod 700.
I generated the key-pair by EC2-Console, and then store it in ~/.ssh/iForests_ABetADay.pem.
After that, chmod 400 iForests_ABetADay.pem, and ssh -i iForests_ABetADay.pem ubuntu#46.51.244.48 -v.
I did login yesterday, but now the error message I got is:
(Google a lot, but still can not find out a way to solve it...)
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 46.51.244.48 [46.51.244.48] port 22.
debug1: Connection established.
debug1: identity file iForests_ABetADay.pem type -1
debug1: identity file iForests_ABetADay.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '46.51.244.48' is known and matches the RSA host key.
debug1: Found key in /Users/iforests/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: iForests_ABetADay.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
The output clearly shows that it's trying wrong key. I suggest that you check
~/.ssh/config
/etc/ssh/ssh_config
/etc/ssh_config
to see if something forces your client to use iForests_ABetADay.pem. According to log it must be /etc/ssh_config.
So I spun my instance up from the web, downloaded a keypair installed it and everything worked great for about a day. Then I rebooted my computer, and I'm not able to SSH into it anymore. I tried redownloading a keypair and reinstalling it but I keep getting the Permission denied (publickey) error.
This is the verbose output (I've tried using the -i /path/to/keypair option as well with no luck):
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to ec2-184-73-218-40.compute-1.amazonaws.com [184.73.218.40] port 22.
debug1: Connection established.
debug1: identity file /Users/tigger/.ec2/domainpolish type 1
debug1: identity file /Users/tigger/.ec2/domainpolish-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-184-73-218-40.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/tigger/.ssh/known_hosts:11
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/tigger/.ec2/domainpolish
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: domainpolish
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I've also tried rebooting the instance. Anyone have anything else I can try? Thanks so much!
Solved. I had deleted my AWS keypair from my computer. Don't do this. It will lock you out of your instance forever.
I am trying to config my github account. However, I keep getting this error and for the life me cannot figure why. I have added my ssh key to github and I am sure that the ssh key is in the directory ~/.ssh/id_rsa. I don't know what else to do..
skline-mac:first_app skline$ sudo ssh -v git#github.com
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /var/root/.ssh/identity type -1
debug1: identity file /var/root/.ssh/id_rsa type 1
debug1: identity file /var/root/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5github2
debug1: match: OpenSSH_5.1p1 Debian-5github2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /var/root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /var/root/.ssh/identity
debug1: Offering public key: /var/root/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering public key: /var/root/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
skline-mac:first_app skline$
drop the sudo from your command. It's trying to load root's keys, not yours.