I tried to connect to planetlab node using ssh. It throws me error like Permission denied (publickey,keyboard-interactive). What does this mean? Here is the verbose of the exception.
> OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL
> 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for * debug2:
> ssh_connect: needpriv 0 debug1:
> Connecting to planetlab1.csee.usf.edu
> [131.247.2.241] port 22. debug1:
> Connection established. debug1:
> permanently_set_uid: 0/0 debug3: Not a
> RSA1 key file /home/keven/.ssh/id_rsa.
> debug2: key_type_from_name: unknown
> key type '-----BEGIN' debug3:
> key_read: missing keytype debug2:
> key_type_from_name: unknown key type
> 'Proc-Type:' debug3: key_read: missing
> keytype debug2: key_type_from_name:
> unknown key type 'DEK-Info:' debug3:
> key_read: missing keytype debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug3:
> key_read: missing whitespace debug2:
> key_type_from_name: unknown key type
> '-----END' debug3: key_read: missing
> keytype debug1: identity file
> /home/keven/.ssh/id_rsa type 1 debug1:
> Checking blacklist file
> /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file
> /etc/ssh/blacklist.RSA-2048 debug1:
> Remote protocol version 2.0, remote
> software version OpenSSH_4.7 debug1:
> match: OpenSSH_4.7 pat OpenSSH_4*
> debug1: Enabling compatibility mode
> for protocol 2.0 debug1: Local version
> string SSH-2.0-OpenSSH_5.1p1
> Debian-5ubuntu1 debug2: fd 3 setting
> O_NONBLOCK debug1: SSH2_MSG_KEXINIT
> sent debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit:
> ssh-rsa,ssh-dss debug2:
> kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> none,[email protected],zlib debug2:
> kex_parse_kexinit:
> none,[email protected],zlib debug2:
> kex_parse_kexinit: debug2:
> kex_parse_kexinit: debug2:
> kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit:
> ssh-rsa,ssh-dss debug2:
> kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> none,[email protected] debug2:
> kex_parse_kexinit:
> none,[email protected] debug2:
> kex_parse_kexinit: debug2:
> kex_parse_kexinit: debug2:
> kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_setup: found hmac-md5
> debug1: kex: server->client aes128-cbc
> hmac-md5 none debug2: mac_setup: found
> hmac-md5 debug1: kex: client->server
> aes128-cbc hmac-md5 none debug1:
> SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
> sent debug1: expecting
> SSH2_MSG_KEX_DH_GEX_GROUP debug2:
> dh_gen_key: priv key bits set: 128/256
> debug2: bits set: 508/1024 debug1:
> SSH2_MSG_KEX_DH_GEX_INIT sent debug1:
> expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile:
> filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: match
> line 1 debug3: check_host_in_hostfile:
> filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: match
> line 2 debug1: Host
> 'planetlab1.csee.usf.edu' is known and
> matches the RSA host key. debug1:
> Found key in /root/.ssh/known_hosts:1
> debug2: bits set: 535/1024 debug1:
> ssh_rsa_verify: signature correct
> debug2: kex_derive_keys debug2:
> set_newkeys: mode 1 debug1:
> SSH2_MSG_NEWKEYS sent debug1:
> expecting SSH2_MSG_NEWKEYS debug2:
> set_newkeys: mode 0 debug1:
> SSH2_MSG_NEWKEYS received debug1:
> SSH2_MSG_SERVICE_REQUEST sent debug2:
> service_accept: ssh-userauth debug1:
> SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /home/keven/.ssh/id_rsa
> (0xb80c9878) debug1: Authentications
> that can continue:
> publickey,keyboard-interactive debug3:
> start over, passed a different list
> publickey,keyboard-interactive debug3:
> preferred
> gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred:
> keyboard-interactive,password debug3:
> authmethod_is_enabled publickey
> debug1: Next authentication method:
> publickey debug1: Offering public key:
> /home/keven/.ssh/id_rsa debug3:
> send_pubkey_test debug2: we sent a
> publickey packet, wait for reply
> debug1: Authentications that can
> continue:
> publickey,keyboard-interactive debug2:
> we did not send a packet, disable
> method debug3: authmethod_lookup
> keyboard-interactive debug3: remaining
> preferred: password debug3:
> authmethod_is_enabled
> keyboard-interactive debug1: Next
> authentication method:
> keyboard-interactive debug2:
> userauth_kbdint debug2: we sent a
> keyboard-interactive packet, wait for
> reply debug1: Authentications that can
> continue:
> publickey,keyboard-interactive debug3:
> userauth_kbdint: disable: no
> info_req_seen debug2: we did not send
> a packet, disable method debug1: No
> more authentication methods to try.
> Permission denied
> (publickey,keyboard-interactive).
If you want to use a password to access the SSH server, a solution for fixing the Permission denied error is to enable password login in the sshd_config file. In the file, find the PasswordAuthentication line and make sure it ends with yes . Find the ChallengeResponseAuthentication option and disable it by adding no .
Short description. "Permission denied (publickey)" and "Authentication failed, permission denied" errors occur if: You're trying to connect using the wrong user name for your AMI. The file permissions within the operating system are incorrect on the instance.
Keyboard-interactive (KBI) authentication is a form of authentication for SSH that mimics the process of keyboard interaction, sending authentication information in the SSH server's request. SSH KBI adapter uses user name and password information for authentication.
To solve the "Permission denied (publickey)" error when trying to SSH into an EC2 instance: Open your terminal in the directory where your private key is located and change its permissions to only be readable by the current user.
You may want to double check the authorized_keys file permissions:
$ chmod 600 ~/.ssh/authorized_keys
Newer SSH server versions are very picky on this respect.
You need to change the sshd_config
file in the remote server (probably in /etc/ssh/sshd_config
).
Change
PasswordAuthentication no
to
PasswordAuthentication yes
And then restart the sshd
daemon.
The server first tries to authenticate you by public key. That doesn't work (I guess you haven't set one up), so it then falls back to 'keyboard-interactive'. It should then ask you for a password, which presumably you're not getting right. Did you see a password prompt?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With