Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Debian SSH keys getting denied for no reason..


  • Please log in to reply
2 replies to this topic

#1 K12RiV

K12RiV

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 PM

Posted 13 April 2016 - 01:00 AM

Hello i have set up RSA keys to connect to ssh on a Debian headless server at home and when i setup the keys they worked for a while now it just says access denied (public Key) so im forced to use password-authentication just cause my laptop cannot connect via keys.

 

my other computer connects just fine with the key it has but not my laptop.. i have attached here the verbose from ssh -vvv hoping it could assist you..

i am a moderately new person to linux and wanted to learn but after some searching i cannot find out whats wrong.

kyle@LinuxPC:~$ ssh -vvv administrator@192.168.0.166 -p 35617
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.166 [192.168.0.166] port 35617.
debug1: Connection established.
debug1: identity file /home/kyle/.ssh/id_rsa type 1
debug1: identity file /home/kyle/.ssh/id_rsa-cert type -1
debug1: identity file /home/kyle/.ssh/id_dsa type -1
debug1: identity file /home/kyle/.ssh/id_dsa-cert type -1
debug1: identity file /home/kyle/.ssh/id_ecdsa type -1
debug1: identity file /home/kyle/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/kyle/.ssh/id_ed25519 type -1
debug1: identity file /home/kyle/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [192.168.0.166]:3497
debug3: load_hostkeys: loading entries for host "[192.168.0.166]:35617" from file "/home/kyle/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/kyle/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-sha1-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug2: mac_setup: setup hmac-sha1-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 
debug3: put_host_port: [192.168.0.166]:35617
debug3: put_host_port: [192.168.0.166]:35617
debug3: load_hostkeys: loading entries for host "[192.168.0.166]:35617" from file "/home/kyle/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/kyle/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "[192.168.0.166]:35617" from file "/home/kyle/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/kyle/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host '[192.168.0.166]:35617' is known and matches the ECDSA host key.
debug1: Found key in /home/kyle/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/kyle/.ssh/id_rsa (0x558722f951a0),
debug2: key: /home/kyle/.ssh/id_dsa ((nil)),
debug2: key: /home/kyle/.ssh/id_ecdsa ((nil)),
debug2: key: /home/kyle/.ssh/id_ed25519 ((nil)),
debug3: input_userauth_banner
WARNING: Any unauthorized use of this module, will be punished to the full extent of applicable law.
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/kyle/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 
debug3: sign_and_send_pubkey: RSA 
debug1: could not open key file '/home/kyle/.ssh/id_rsa': Permission denied
debug1: Trying private key: /home/kyle/.ssh/id_dsa
debug3: no such identity: /home/kyle/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/kyle/.ssh/id_ecdsa
debug3: no such identity: /home/kyle/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/kyle/.ssh/id_ed25519
debug3: no such identity: /home/kyle/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

Any help would be appretiated.



BC AdBot (Login to Remove)

 


#2 mremski

mremski

  • Members
  • 495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:06:12 PM

Posted 13 April 2016 - 03:01 AM

Line 98 holds the key.  I'm assuming that the file referenced is on the machine you are trying to ssh into, so you need to double check the protections and owner of .ssh/id_rsa and .ssh itself.  Google a bit to find out how picky ssh can be over file prot settings (chmod command).

 

I always go back to this page when setting things up:

 

http://www.linuxproblem.org/art_9.html


Edited by mremski, 13 April 2016 - 06:40 AM.

FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#3 Linux_User

Linux_User

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 14 April 2016 - 02:48 PM

I'm going to guess you've never generated an rsa key on the laptop (under user 'kyle) and pushed it to the server ?

 

See:

https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server


Edited by Linux_User, 14 April 2016 - 02:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users