Why is my SSH public key authentication not working?
Some basic info:
My laptop used to create the keys is running Ubuntu 12.10
The Linode is running Ubuntu 12.04
I have tried the following:
Using passphrases and using no passphrase
Ensured I ran chown -R username:username .ssh (username was my actual username)
Ensured permissions are set accordingly per the linode documentation
Creating the keys with both my normal user and with root
Setting all chmod to 777 (I set it back to 700 and 600 respectively)
Restarting the ssh service on the Linode multiple times
Restarting the Linode itself
Regardless what I do, I need to still enter my user password for the Linode. Is there anything that I have missed? Any other ideas?
Thanks,
Ryan
7 Replies
Apr 20 18:57:16
I cannot find much relivant, just old posts that don't count any more as the "UseDNS" option does not exit in /etc/ssh/sshd_config
@u4ia:
Are you sure you set up the keys correctly?
Yes
@u4ia:Did you copy the idrsa.pub file to your user directory on the server and save it as ".ssh/authorizedkeys"?
Yes
@u4ia:Is the private key in your local .ssh folder?
Yes - path /home//.ssh/
ls -la /home/
ls -la /home/
ssh
tail -n20 /var/log/auth.log # And run that on the Linode after the above
- Les
The info is below… thanks for your help on this mate… I appreciate it.
@akerl:
ls -la /home/
/.ssh # run this on the Linode
drwxr-xr-x 2 <user><user>4096 Apr 20 18:54 .
drwxr-xr-x 4 <user><user>4096 Apr 20 18:12 ..
-rw-r--r-- 1 <user><user>393 Apr 20 18:54 authorized_keys</user></user></user></user></user></user>
@akerl:
ls -la /home/
/.ssh # run this on your local machine
drwx------ 2 <user><user>4096 Jun 20 2011 .
drwxr-xr-x 107 <user><user>28672 Apr 20 17:41 ..
-rwx------ 1 <user><user>1679 Apr 20 18:30 id_rsa
-rwx------ 1 <user><user>393 Apr 20 18:30 id_rsa.pub
-rwx------ 1 <user><user>5907 Apr 20 17:37 known_hosts</user></user></user></user></user></user></user></user></user></user>
ssh
OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <linode_ip>[<linode_ip>] port 22.
debug1: Connection established.
debug1: identity file /home/<username>/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/<username>/.ssh/id_rsa-cert type -1
debug1: identity file /home/<username>/.ssh/id_dsa type -1
debug1: identity file /home/<username>/.ssh/id_dsa-cert type -1
debug1: identity file /home/<username>/.ssh/id_ecdsa type -1
debug1: identity file /home/<username>/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA <host_key_stuff>debug1: Host '<linode_ip>' is known and matches the ECDSA host key.
debug1: Found key in /home/<username>/.ssh/known_hosts:16
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/<username>/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
Agent admitted failure to sign using the key.
debug1: Trying private key: /home/<username>/.ssh/id_dsa
debug1: Trying private key: /home/<username>/.ssh/id_ecdsa
debug1: Next authentication method: password</username></username></username></username></linode_ip></host_key_stuff></username></username></username></username></username></username></linode_ip></linode_ip>
– ENTERED PASSWORD
debug1: Authentication succeeded (password).
Authenticated to <linode_ip>([<linode_ip>]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_MESSAGES = en_US.UTF-8
debug1: Sending env LC_COLLATE = en_US.UTF-8
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_CTYPE = en_US.UTF-8</linode_ip></linode_ip>
tail -n20 /var/log/auth.log # And run that on the Linode after the above
Apr 20 21:08:45 <hostname>sshd[7991]: Server listening on :: port 22.
Apr 20 21:08:49 <hostname>sshd[7871]: Received disconnect from <my_ip_address>: 11: disconnected by user
Apr 20 21:08:49 <hostname>sshd[7739]: pam_unix(sshd:session): session closed for user <username>Apr 20 21:08:52 <hostname>sshd[7993]: reverse mapping checking getaddrinfo for <reverse_ip>[<my_ip_address>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 20 21:08:55 <hostname>sshd[7993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= <my_ip_address>user= <username>Apr 20 21:08:57 <hostname>sshd[7993]: Failed password for <username>from <my_ip_address>port 33801 ssh2
Apr 20 21:09:00 <hostname>sshd[7993]: Accepted password for <username>from <my_ip_address>port 33801 ssh2
Apr 20 21:09:00 <hostname>sshd[7993]: pam_unix(sshd:session): session opened for user <username>by (uid=0)
Apr 20 21:09:20 <hostname>sshd[8125]: Received disconnect from <my_ip_address>: 11: disconnected by user
Apr 20 21:09:20 <hostname>sshd[7993]: pam_unix(sshd:session): session closed for user <username>Apr 20 21:09:26 <hostname>sshd[8225]: reverse mapping checking getaddrinfo for <reverse_ip>[<my_ip_address>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 20 21:09:30 <hostname>sshd[8225]: Accepted password for <username>from <my_ip_address>port 33820 ssh2
Apr 20 21:09:30 <hostname>sshd[8225]: pam_unix(sshd:session): session opened for user <username>by (uid=0)
Apr 20 21:11:02 <hostname>sshd[8357]: Received disconnect from <my_ip_address>: 11: disconnected by user
Apr 20 21:11:02 <hostname>sshd[8225]: pam_unix(sshd:session): session closed for user <username>Apr 20 21:11:19 <hostname>sshd[8457]: reverse mapping checking getaddrinfo for <reverse_ip>[<my_ip_address>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 20 21:11:59 <hostname>sshd[8457]: Accepted password for <username>from <my_ip_address>port 33831 ssh2
Apr 20 21:11:59 <hostname>sshd[8457]: pam_unix(sshd:session): session opened for user <user>by (uid=0)
Apr 20 21:13:18 <hostname>sudo: <username>: TTY=pts/0 ; PWD=/home/ <username>; USER=root ; COMMAND=/usr/bin/tail -n20 /var/log/auth.log
Apr 20 21:13:18 <hostname>sudo: pam_unix(sudo:session): session opened for user root by <username>(uid=1000)</username></hostname></username></username></hostname></user></hostname></my_ip_address></username></hostname></my_ip_address></reverse_ip></hostname></username></hostname></my_ip_address></hostname></username></hostname></my_ip_address></username></hostname></my_ip_address></reverse_ip></hostname></username></hostname></my_ip_address></hostname></username></hostname></my_ip_address></username></hostname></my_ip_address></username></hostname></username></my_ip_address></hostname></my_ip_address></reverse_ip></hostname></username></hostname></my_ip_address></hostname></hostname>
Agent admitted failure to sign using the key.
It sounds like your SSH agent doesn't know about your key and for some reason isn't adding it. I'd recommend running 'ssh-add' on your local machine and trying again.