Menu
I'm trying to SSH into a Debian from Ubuntu. I already have a RSA key; it's the same key that I use got my Git.
I copied the key from Ubuntu to Debian using:
ssh-copy-id -i ~/.ssh/id_rsa.pub root@ip-address
Then I modified sshd_config on Debian to include the following:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
And I restarted my SSH service. Now I try to SSH into from Ubuntu using
ssh -v root@ip-addr
but I get the following:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.0.1.64 [10.0.1.64] port 22.
debug1: Connection established.
debug1: identity file /home/koushatalebian/.ssh/id_rsa.pub type 1
debug1: identity file /home/koushatalebian/.ssh/id_rsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA e2:af:83:f8:df:e2:15:db:77:30:e1:6b:e7:dc:77:99
debug1: Host '10.0.1.64' is known and matches the ECDSA host key.
debug1: Found key in /home/koushatalebian/.ssh/known_hosts:10
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/koushatalebian/.ssh/id_rsa.pub
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
I'm basically want to force SSH to only occur through publickey authentication.
I've read every other post related to this topic, and none of them worked for me. That is why I've created this as a separate post.
EDIT
Changing StrictModes from yes to no in sshd_config fixed the problem. Is this safe to do?
EDIT 2 This is the log for the SSH on the server:
May 5 18:23:55 lemaker sshd[2591]: Connection from 10.0.1.37 port 42748
May 5 18:23:55 lemaker sshd[2591]: debug1: PAM: setting PAM_RHOST to "10.0.1.37"
May 5 18:23:55 lemaker sshd[2591]: Failed publickey for root from 10.0.1.37 port 42748 ssh2
May 5 18:23:55 lemaker sshd[2591]: Connection closed by 10.0.1.37 [preauth]
565
If you want to use a password to access the SSH server, a solution for fixing the Permission denied error is to enable password login in the sshd_config file. In the file, find the PasswordAuthentication line and make sure it ends with yes . Find the ChallengeResponseAuthentication option and disable it by adding no .
"Permission denied (publickey)" and "Authentication failed, permission denied" errors occur if: You're trying to connect using the wrong user name for your AMI. The file permissions within the operating system are incorrect on the instance. The incorrect SSH public key (.
ssh directory permissions should be 700 (drwx------). The public key (. pub file) should be 644 (-rw-r--r--). The private key (id_rsa) on the client host, and the authorized_keys file on the server, should be 600 (-rw-------).
You do not want to offer your .pub as your credentials. You want to use your private key on your end, so you should probably be doing
ssh -v -i ~/.ssh/id_rsa root@ip-addr
which is the deault key to use, so you can just leave off the -i flag altogether
Also, make sure you have PermitRootLogin yes if you're going to login as root through ssh
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
