I am quite out of my depths with a problem that I have faced with two different ssh-users on two different servers where I deploy to with Capistrano. I am sure I am not the only one to have come across this:
I set up an ssh-connection from the command line with passwordless authentication, using my public key, that is known to the remote server. This works: I can log into the remote system.
I execute »cap deploy:setup«. Surprisingly, I have to enter the password of the ssh-user, and from then I have to enter the password again each time I log into the server via ssh on the command line. The public key is not accepted any more, as shown by the output produced by ssh's -v option:
_
shell$ ssh -vp 5222 my_ssh_user#my-remote-host.de
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to my-remote-host.de [1.2.3.4] port 5222.
debug1: Connection established.
debug1: identity file /Users/martin/.ssh/id_rsa type 1
debug1: identity file /Users/martin/.ssh/id_rsa-cert type -1
debug1: identity file /Users/martin/.ssh/id_dsa type -1
debug1: identity file /Users/martin/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[my-remote-host.de]:5222' is known and matches the RSA host key.
debug1: Found key in /Users/martin/.ssh/known_hosts:9
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/martin/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/martin/.ssh/id_dsa
debug1: Next authentication method: password
my_ssh_user#my-remote-host.de's password: <here I enter my password>
debug1: Authentication succeeded (password).
Authenticated to my-remote-host.de ([1.2.3.4]:5222).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = de_DE.UTF-8
Linux ve2003 2.6.18-238.5.1.el5.028stab085.5 #1 SMP Thu Apr 14 15:42:34 MSD 2011 x86_64
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
Last login: Fri Sep 23 13:05:55 2011 from
I am using Mac OS Lion locally and Ubuntu on the remote side. My Capistrano is extended by the multistage-extension. I have set
set :ssh_options, {:forward_agent => true}
and it works for the passwordless pulling of the git repository on the remote side.
How can I prevent Capistrano to scrumble up my SSH settings and make it use public key auth again?
Greatly appreciate any help!
EDIT: The problem is Server-side: I just found out that I cannot use other systems to passwordless log into my remote system. How can I know what is wrong with the server?
Related
I'm trying to connect to my EC2 Instances on Amazon. When you connect an error - Permission denied (publickey). Installing cmhod 400 myPem.pem file does not help.
Connection log:
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading
configuration data /etc/ssh_config debug1: /etc/ssh_config line 20:
Applying options for * debug1: Connecting to 54.214.31.168
[54.214.31.168] port 22. debug1: Connection established. debug1:
identity file wenglePemNew.pem type -1 debug1: identity file
wenglePemNew.pem-cert type -1 debug1: Enabling compatibility mode for
protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1:
Remote protocol version 2.0, remote software version OpenSSH_5.9p1
Debian-5ubuntu1 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat
OpenSSH_5* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT
received debug1: kex: server->client aes128-ctr hmac-md5 none debug1:
kex: client->server aes128-ctr hmac-md5 none debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting
SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key:
RSA (code) The authenticity of host '54.214.31.168 (54.214.31.168)'
can't be established. RSA key fingerprint is (code). Are you sure you
want to continue connecting (yes/no)? yes Failed to add the host to
the list of known hosts (/Users/oktolab/.ssh/known_hosts). debug1:
ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST
sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications
that can continue: publickey debug1: Next authentication method:
publickey debug1: Trying private key: wenglePemNew.pem debug1: read
PEM private key done: type RSA debug1: Authentications that can
continue: publickey debug1: No more authentication methods to try.
Permission denied (publickey).
AMI creation and deployment of a new instance with a new pem file did not help.
What's need to do to connect to the server?
Failed to add the host to the list of known hosts (/Users/oktolab/.ssh/known_hosts)
What are the permission for /Users/oktolab/.ssh/known_hosts ?
Run below command to fix the permission:
chmod 0600 /Users/oktolab/.ssh/known_hosts
Also, could you provide the exact SSH command that you are running because:
read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
A lot of time above error appears if you use ec2-user instead of ubuntu as username and vice-versa. In your case, this seems to be ubuntu image so it should be ubuntu. These things will be clarified once you provide the exact ssh command you are running
I have Jenkins running on my local machine trying to figure out remote ssh problem I'm having on a server. I'm getting this permission denied error which indicates a problem with the key, yet from the same user account on the shell, I can definitely connect.
Started by user anonymous
Building in workspace /Users/jgoodwin/jenkins/workspace/app
[postprocessor] $ /bin/sh -xe /var/folders/b0/h_wtmzss6cx11p6153y9h2cr0000gn/T/hudson4163212101874527747.sh
+ echo /Users/jgoodwin
/Users/jgoodwin
+ whoami
jgoodwin
+ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser#server 'echo success'
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure
Finished: FAILURE
This is run right on the shell:
Jasons-MacBook-Air:~ jgoodwin$ echo $HOME
/Users/jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ whoami
jgoodwin
Jasons-MacBook-Air:~ jgoodwin$ ssh -i /Users/jgoodwin/.ssh/id_rsa remoteuser#server 'echo success'
success
I'm fairly stumped - I've done quite a bit of work with hudson in the past and I don't think I had any issues doing this type of work. The error indicates a problem with the keys but they are clearly fine.
Edit:
Verbose log as per request
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ed:d4:92:3f:33:bd:dd:b9:eb:d1:b2:19:4c:f1:70:e9
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Build step 'Execute shell' marked build as failure
Edit: successful attempt added 8/15
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to hostname [ip] port 22.
debug1: Connection established.
debug1: identity file /Users/jgoodwin/.ssh/id_rsa type 1
debug1: identity file /Users/jgoodwin/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 40:bf:b5:74:1c:5f:b6:93:00:4b:ca:1d:fc:0f:39:ec
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /Users/jgoodwin/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to hostname ([54.226.250.218]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
Last login: Thu Aug 15 13:09:32 2013 from 66.199.39.230
Multiple reasons could cause this behavior, like key caching with agent / keychain manager, etc.
I would suggest to use the -v argument to compare the 2 outputs:
ssh -v -i /Users/jgoodwin/.ssh/id_rsa remoteuser#server
This will let you compare what is going in in a more verbose way. If you still cannot solve it, please post your verbose outputs to compare.
Note: you can add up to 3 -v arguments for increased verbosity.
Updated:
#JasonG From what I see the details of the failure are:
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
debug1: read_passphrase: can't open /dev/tty: Device not configured
It looks like your key has a passphrase and the passphrase cannot be entered because we are not in an interactive shell. The command line from your standard shell may benefit from the Keycahin which would 'type the passphrase' for you.
If you could generate the same verbosity for your successful command so that we could compare...
Jenkins run shell scripts is slight different with cmd line on environment
there are some environment difference in your case, which we didn't notice. like initial script, path setting.
besides the method provided by #coffeebreaks, try below
check the system environment, like show command env
write above steps into bash scripts and run the scripts both in cmd line and jenkins jobs
use another user instead of your initial user who starts jenkins instance
Check whether the home directory is encrypted :
http://gopukrish.wordpress.com/2013/04/24/ssh-cant-connect-authentications-that-can-continue-publickeygssapi-keyexgssapi-with-micpassword/
In my situation, I was using a keychain (as #coffeebreaks suggested) which was being setup when I sourced in the jenkins user .bashrc file. Unfortunately, the jenkins backend doesn't seem to source this file like a standard shell login does.
The solution was to add the following code prior to the scp call in the Jenkins pipeline:
. ~/.bashrc
Looks like the public key is missing under /Users/jgoodwin/.ssh/id_rsa.pub instead id_rsa there.... can you pls double check and provide permission 600 to that file and re-run your jenkins job
debug1: Offering RSA public key: /Users/jgoodwin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
I know there are alot of questions regarding AWS & SSH sessions, and I've attempted to make use of them, but all have failed.
I have an instance running, and the ssh string given by the EC2 Management Console is
ssh -i -v jason.pem ubuntu#ec2-54-227-167-156.compute-1.amazonaws.com
which produces the output
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ec2-54-227-167-156.compute-1.amazonaws.com [54.227.167.156] port 22.
debug1: Connection established.
debug1: identity file jason.pem type -1
debug1: identity file jason.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian- 5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ea:b6:50:fe:49:49:90:76:03:91:21:6d:73:0e:04:d2
debug1: Host 'ec2-54-227-167-156.compute-1.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/jason/.ssh/known_hosts:27
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Trying private key: jason.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I've done the following:
Created new keypair, downloaded jason.pem and set to 0400 chmod permissions
Added ChallengeResponseAuthentication yes to /etc/ssh/ssh_config
What exactly is going on, and why is the jason.pem file not being accepted?
The public key on your instance doesn't align with your private keypair. If that instance's configuration is important and you want to keep it (I say this based upon the fact that you shutdown the instance rather than just creating a new one):
Create a new keypair
Create an AMI of the instance you want to access
Create a new instance from that AMI using the new keypair
Attempt to ssh into it again using the new downloaded keypair
400 permissions should be fine for the keypair.
I can't seem to use SSH to connect to AWS although I don't usually have any problems with github or heroku. The debug is below, I've tried #ubuntu and #ec2-user (it should be #ubuntu), I've also tried creating a config file in .ssh (on windows) and adding 'ChallengeResponseAuthentication yes' as that seemed to fix it on another thread, but no luck. I've modified the permissions of the.pem file to 400. I don't understand why it says it all sounds positive but then fails, if I could get a better idea of what the error is I might be able to find a solution. Any help very much appreciated!
$ ssh -v -i futurebot2.pem ubuntu#ec2-54-218-75-37.us-west-2.compute.amazonaws.com
OpenSSH_6.2p2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/Mark/.ssh/config
debug1: Connecting to ec2-54-218-75-37.us-west-2.compute.amazonaws.com [54.218.75.37] port 22.
debug1: Connection established.
debug1: identity file futurebot2.pem type -1
debug1: identity file futurebot2.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f2:cd:94:4d:a1:9a:b5:67:cb:f7:91:d7:ef:4d:a4:3d
debug1: Host 'ec2-54-218-75-37.us-west-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/Mark/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: futurebot2.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Two reasons why this might happen.
User does not exist, this might be due to connecting with the wrong user or an instance that is not your own (wrong ip address)
The user does not have your key in its authorized keys file. In AWS, the key you select at launch is added to your instance, but if you want to use other keys, you need to add them to your authorized_keys file manually.
When I try to ssh into localhost, it accepts the public key and immediately closes the connection. I've been going through pages of Google results for hours now with no progress. Here's what I get after ssh -v user#localhost:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/user/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /Users/user/.ssh/id_rsa type -1
debug1: identity file /Users/user/.ssh/id_rsa-cert type -1
debug1: identity file /Users/user/.ssh/id_dsa type 2
debug1: identity file /Users/user/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 67:2f:0b:c8:40:e8:87:0f:57:ee:c7:68:ae:8a:5a:02
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/user/.ssh/id_rsa
debug1: Offering DSA public key: /Users/user/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
Connection closed by ::1
I'm running OSX 10.8, using ssh through Terminal.
Okay, so what finally worked was explicitly allowing connections from user. Setting System Prefs > Sharing > Remote Login > Allow access for: to All Users doesn't work; instead I had to check Only these users: and manually add all users. Hope this helps anyone else having the same problem.
A long time ago I had the same problem with Telnet, and if I remember it well, the problem was with the user having no home directory in /etc/passwd.
I am assuming that you are trying to create a password-less connection, am I right?
When you google it, there is a good explanation of it here: http://diuf.unifr.ch/main/tech/node/57
Also, here is an explanation how to quickly make the password less connection http://greg-n-blog.blogspot.com/search/label/scp
This worked for me in Cygwin using Windows within a large domain:
Add your Windows user ID to /etc/passwd. You can get it by typing $ mkpasswd -d | grep [username]. In a large domain, you may have to wait several hours.
Make sure the user ID given in /etc/passwd matches that in $ id -u, and the group ID matches that for Administrators in /etc/group