Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 696
  • Last Modified:

ssh - Linux

I am using ubuntu system here. I tried to ssh from ubuntu to any centos, i am having this message. Please assist.

root@ubuntu:~/.ssh# ssh -l user10.10.10.12
The authenticity of host '10.10.10.12 (10.10.10.12)' can't be established.
RSA key fingerprint is b2:27:e9:6d:7c:ef:a9:5b:a4:28:3d:bd:d8:5c:ff:93.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.10.12' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-with-mic,password).
0
ittechlab
Asked:
ittechlab
  • 15
  • 6
  • 6
  • +1
1 Solution
 
ittechlabLinux SupportAuthor Commented:
ssh -v -l user 10.10.10.12

debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic,password).
0
 
farzanjCommented:
So do you have RSA public key in ~user/.ssh/authorized_keys file?
What are the permissions of this file?
ls -l ~user/.ssh/authorized_keys

What are the permissions of .ssh folder
ls -ld ~user/.ssh
0
 
ittechlabLinux SupportAuthor Commented:
do you want me to check this on 10.10.10.12?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
farzanjCommented:
Getting on both machines would be better.

You can also see more verbose messages by doing

ssh -vvv
0
 
ittechlabLinux SupportAuthor Commented:
source machine

root@ubuntu:~/.ssh# ls -l ~/.ssh/authorized_keys
ls: cannot access /root/.ssh/authorized_keys: No such file or directory
root@ubuntu:~/.ssh# ls -ld ~/.ssh
drwx------ 2 root root 4096 Aug 27 11:31 /root/.ssh


destination machine

[user@localhost ~]$ ls -l ~user/.ssh/autorized_keys
ls: /home/user/.ssh/autorized_keys: No such file or directory

[user@localhost ~]$ ls -ld ~user/.ssh
drwx------ 2 user user 4096 Aug 27 03:40 /home/user/.ssh
0
 
farzanjCommented:
Ok.
In the source machine you need to do query like

ls -l ~/.ssh
ls -ld ~/.ssh


On destination machine, looks like you misspelled authorized_keys
0
 
ittechlabLinux SupportAuthor Commented:
root@ubuntu:~/.ssh# ls -l ~/.ssh/
total 8
-rw-r--r-- 1 root root  13 Aug 27 11:31 config
-rw-r--r-- 1 root root 884 Aug 27 11:57 known_hosts
root@ubuntu:~/.ssh#
root@ubuntu:~/.ssh#
root@ubuntu:~/.ssh# ls -ld ~/.ssh/
drwx------ 2 root root 4096 Aug 27 11:31 /root/.ssh/


on the destination

[root@localhost ~]# ls -l ~user/.ssh/authorized_keys
ls: /home/user/.ssh/authorized_keys: No such file or directory
0
 
farzanjCommented:
Ok.  So you have not enabled ssh public private key mechanism.  I thought this was what you needed -- to logon without a password.  Do you have trouble logging on even with password?  Did you try changing password on the target machine?
0
 
ittechlabLinux SupportAuthor Commented:
when i tried  from different machine i was able to ssh.

i did narrow down the problem. when i am trying to ssh from ubuntu, i am unable to ssh.
0
 
ittechlabLinux SupportAuthor Commented:
root@ubuntu:~# ssh -l -v user 10.10.10.12
ssh: connect to host user port 22: Connection refused
0
 
ittechlabLinux SupportAuthor Commented:
I don't see any restriction to port 22 on 10.10.10.12 server

[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


[root@localhost ~]# netstat -pant | grep ssh
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      4063/sshd
tcp        0      0 10.10.10.12:22              10.10.10.42:55594           ESTABLISHED 5255/sshd
tcp        0     48 10.10.10.12:22              10.10.10.16:32816           ESTABLISHED 5477/sshd
tcp        0      0 :::22                       :::*                        LISTEN      4063/sshd
0
 
farzanjCommented:
So, it is host specific not user specific, correct?  It means that you cannot ssh with ANY user not just "user".

Show me on the target machine (10.10.10.12)

cat /etc//hosts.allow
cat /etc/hosts.deny
0
 
ittechlabLinux SupportAuthor Commented:
[root@localhost ~]# cat /etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#

[root@localhost ~]# cat /etc/hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
0
 
farzanjCommented:
Can you login as any other user??
0
 
NakartiCommented:
Your user either has no password on the target server or you have disabled password-based authentication in sshd_config, (and properly registered keys on it from the working source, else it would have the same sequence of failure.)

Be sure to give the ID a password on the target system.

In /etc/ssh/sshd_config (Debian path, your flavor may differ) these settings should be set to their default:

>#PasswordAuthentication yes

your -v output suggests it is set to 'no' because it is not attempting keyboard-interactive password authentication.
Also you should have a password set because of this default
>PermitEmptyPasswords no

Since I don't have your sshd_config I can only guess that its one of these. If you haven't already, restart the ssh service (doesn't break open connections,) and see if it persists. Maybe you had a bad setting and its stale now because you fixed the config.
0
 
ittechlabLinux SupportAuthor Commented:
root@ubuntu:~# cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication no
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
0
 
ittechlabLinux SupportAuthor Commented:
Let me know if anything wrong on this sshd_conf. This is the source machine.
0
 
ittechlabLinux SupportAuthor Commented:
I am getting this error

root@ubuntu:~# ssh -l -v user 10.10.10.12
ssh: connect to host user port 22: Connection refused
0
 
crazedsanityCommented:
Can you connect to the destination machine (10.10.10.12) from anywhere else anymore?  This seems to suggest an error in the SSH config when the SSH daemon was restarted.

I'd suggest getting to a physical console on the server so you can see any errors that occur when attempting to start SSH again.
0
 
ittechlabLinux SupportAuthor Commented:
i am able to connect to 10.10.10.12 from anywhere else.

i am not sure whats wrong with the ssh config file.

i did post the all the configuration above in the thread.  please let me know
0
 
crazedsanityCommented:
The machine at 10.10.10.12 is expecting a shared key.  You'd have to generate a key on the source machine, then get it to 10.10.10.12 through some other machine...

1.) generate the key
ssh-keygen -t dsa

Open in new window

2.) send the key to a machine that *can* connect to 10.10.10.12
scp ~/.ssh/id_dsa.pub user@othermachine.net:~/_deleteme

Open in new window

3.) copy the key...
scp ~/_deleteme 10.10.10.12:~/ && rm -f _deleteme

Open in new window

4.) login to the machine and add the key to the authorized keys file..
cat ~/_deleteme >> ~/.ssh/authorized_keys && rm -f ~/_deleteme

Open in new window


Now login to the machine ("ubuntu") that was original having issues, and attempt connecting to it.  Remember: the key generated in #1 MUST be done as the user you'll be logged-in as when doing the connection; the key MUST be added into the "authorized_keys" file of the user that will be logged-in on 10.10.10.12 (i.e. root@ubuntu generates the key, and it gets put into "/root/.ssh/authorized_keys" on 10.10.10.12, assuming that root@ubuntu will be connecting to root@10.10.10.12)
0
 
ittechlabLinux SupportAuthor Commented:
what do i need to do if i just want to login with the user name and password,
0
 
crazedsanityCommented:
In the configuration file on the destination machine (10.10.10.12), change the sshd_config file so it has:
PasswordAuthentication yes

Open in new window

I'd bet that the configuration has that set as no (disallowing password authentication is a very good safety precaution).
0
 
NakartiCommented:
I am getting this error

root@ubuntu:~# ssh -l -v user 10.10.10.12
ssh: connect to host user port 22: Connection refused
Yes, well you're trying to connect to the host 'user' with the command '10.10.10.12' there.
Also the sshd from the target is what I was asking for, though it looks like you've got current defaults.

Try
ssh -l user -v 10.10.10.12

Open in new window

or
 ssh -v user@10.10.10.12

Open in new window

0
 
crazedsanityCommented:
Wow... I hadn't noticed that syntax error.  Just FYI, it's easier to use the user@IP syntax (e.g. "ssh username@hostname"), to avoid syntax errors (as shown in Nakarti's second example and in mine).
0
 
ittechlabLinux SupportAuthor Commented:
I found the issue. issue was PasswordAuthentication no
0
 
ittechlabLinux SupportAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for ittechlab's comment #a38372893

for the following reason:

I found the answer my self
0
 
crazedsanityCommented:
Can you enlighten us as to what the problem was, so that others might benefit?  It seems like some of the advice you were given should have been helpful in tracking down the problem.
0
 
crazedsanityCommented:
I see your solution now.  Your solution is identical to mine, in #38341948 (third up from your answer).
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 15
  • 6
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now