|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Permission denied (publickey). Help pls
I trying to move from password based auth to pub. key authentication using this articlehttp://www.wsrcc.com/wolfgang/sshd-config.html.
My desktop (Server) is running FreeBSD 7 and I'm trying to access it form my macbook. But every time I try to login, I see the following message. Permission denied (publickey). I tried searching, but was not able to find something which could solve this problem. Can someone pls tell me what is wrong with this article or point me to one which works. |
|
|||
Without reading it, have you checked for all the requirements?
private key in .ssh/id_rsa?/declared via command line switch -i /home/user/id_private? public key in the servers authorized_keys file? Logging in with correct username, e.g. ssh root@server? |
|
|||
Quote:
id_rsa id_rsa.pub known_hosts I tried ssh -p 2150 user@server -i ~/.ssh/id_rsa but get the same output Yes I copied id_rsa_pub to ~/.ssh/authorized_keys in the server Yes Note: I got 2 users on my FreeBSD box user1 and user2 and my mac contain user3. Then I created keys for user3 and copyed the pub key to ~/.ssh/authorized_keys of user1(on the server). And then when I'm logged in into mac as user3 and then try to ssh to server (freeBSD) as user1 (ssh -p 2150 user1@server) I get this error, but I get the similar error when I try to login as user2 (ssh -p 2150 user2@server) for which there is no ~/.ssh/ directory in server. This mean there is a possibility the ssh is not reading ~/.ssh/autorized_keys. Last edited by rex; 12th October 2008 at 06:21 PM. |
|
|||
Code:
user3$ ssh -vv -p 2150 user1@server OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to server port 2150. debug1: Connection established. debug1: identity file /Users/user3/.ssh/identity type -1 debug2: key_type_from_name: unknown key type '-----BEGIN' debug2: key_type_from_name: unknown key type 'Proc-Type:' debug2: key_type_from_name: unknown key type 'DEK-Info:' debug2: key_type_from_name: unknown key type '-----END' debug1: identity file /Users/user3/.ssh/id_rsa type 1 debug1: identity file /Users/user3/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 FreeBSD-20061110 debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 132/256 debug2: bits set: 527/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '[server]:2150' is known and matches the DSA host key. debug1: Found key in /Users/user3/.ssh/known_hosts:1 debug2: bits set: 521/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/user3/.ssh/identity (0x0) debug2: key: /Users/user3/.ssh/id_rsa (0x107ef0) debug2: key: /Users/user3/.ssh/id_dsa (0x0) Welcome to FreeBSD at REX debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /Users/user3/.ssh/identity debug1: Offering public key: /Users/user3/.ssh/id_rsa debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Trying private key: /Users/user3/.ssh/id_dsa debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). Last edited by rex; 12th October 2008 at 07:20 PM. |
|
|||
Use [code][/code] blocks next time.
|
|
|||
and how can I check my syslogs
|
|
||||
Is there any way you can get a console to the server? If not you may have to hook up some support from someone at the physical location or go there. Not a fun situation to be in; a lot of providers nowadays offer emergency network consoles for these sorts of cases.
If you're colocated and can add more physical equipment to your rack, I can say I've had good experiences using Cyclades gear for remote network serial consoles, so you may want to check them out. |
|
|||
@mdh, in his first message rex clearly states that his server is his desktop
you should see something like this Code:
debug1: Offering public key: /home/j65nko/.ssh/id_rsa debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 277 debug2: input_userauth_pk_ok: fp 7b:cd:bd:bc:86:50:b0:82:e4:ae:59:d3:02:e7:56:a4 debug1: Authentication succeeded (publickey). I would recommend to revert to the previous sshd.config, in other words back out the modifications proposed in http://www.wsrcc.com/wolfgang/sshd-config.html. Then check the permissions of your .ssh directory contents, as Anomie suggested. Then retry again.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
||||
Quote:
Let me appropriately answer this now; generally your syslogs are, unless you've modified /etc/syslog.conf, stored in /var/log/. You should check the logs "auth.log" and "messages" for information from sshd. |
|
|||
Thank you all for the replies and I apologize for the late response. After it didn't worked for the first time I reverted back to the password authentication. Now today I followed the same article to configure the public key authentication and it worked. the only difference this time is that I sicked with the original ssh port I.E. 22, where as last time I was trying my ssh server was configured for different port.
Now is it necessary to use port 22 when I'm using public key as this is the only thing I've changed and it worked. Now that it is working next step is to use the private key that I've generated in osx with putty on Windows. Can it be done or I'll have to create new pair of keys for windows. |
|
||||
Quote:
Quote:
|
Tags |
public key authentication, ssh, sshd_config |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
/tmp on ram write denied | gosha | OpenBSD General | 8 | 29th March 2009 04:46 PM |
FFS permission issue | marc | OpenBSD General | 2 | 2nd February 2009 07:31 PM |
Tightvnc startup script not loading fonts - permission denied | master-richie | FreeBSD Ports and Packages | 2 | 3rd August 2008 09:29 PM |
Permission denied | delboy | FreeBSD Ports and Packages | 11 | 24th May 2008 09:26 PM |
FTPD User Access Denied | wastedbreath | FreeBSD General | 7 | 21st May 2008 03:44 AM |