Jasmin shahrzad
asked on
ssh connection
i install ssh in ubuntu. i start services and it's runnig. idisabled firewall. i add keygen in authorized_keys.
ssh <ip_host> says Permission denied (publickey).
ssh <ip_host> says Permission denied (publickey).
What OS are you trying to ssh from?
ASKER
ubuntu 14.
ASKER
i install ubuntu 17 and ssh then i try to ssh from ubuntu 14.
This has happened to me before but on a Mac and I think I had to run ssh from the directory I stored the key in.
@David Mundt - it does not matter at all from which directory you run ssh
@Jasmin shahrzad
>> i add keygen in authorized_keys
What did you add exactly where on the Ubuntu 17 system? What is file security on the authorized_keys file?
Basically you just use keygen on the Ubuntu 14 system and transfer the public key to the authorized_keys file on the Ubuntu 17 system, in the user's home directory under the .ssh folder.
Then try connecting using ssh ubuntu17user@ubuntu17syste m from the Ubuntu 14 system
@Jasmin shahrzad
>> i add keygen in authorized_keys
What did you add exactly where on the Ubuntu 17 system? What is file security on the authorized_keys file?
Basically you just use keygen on the Ubuntu 14 system and transfer the public key to the authorized_keys file on the Ubuntu 17 system, in the user's home directory under the .ssh folder.
Then try connecting using ssh ubuntu17user@ubuntu17syste
ASKER
not help. i still get error.
what are the permissions on the key file?
ASKER
Yes i keyscan in ubuntu 14 and then i have push in known_host and i add keygen from user to authorized file i ubuntu 14. i did the same
in ubuntu 17.
then from ubuntu 14 say ssh user@ip
it says: The authenticity of host 'ip(ip)' can't be established.
/var/log/auth.log in ubuntu 17 says : session is closed by root
/var/log/auth.log in ubuntu 14 says:
CRON[19585]: pam_unix(cron:session): session closed for user root
in ubuntu 17.
then from ubuntu 14 say ssh user@ip
it says: The authenticity of host 'ip(ip)' can't be established.
/var/log/auth.log in ubuntu 17 says : session is closed by root
/var/log/auth.log in ubuntu 14 says:
CRON[19585]: pam_unix(cron:session): session closed for user root
did you install the public key on the target host?
and the private key in the local system (.ssh/id.... ( depending on use idrsa, iddsa etc.)
Also both keys need to be owned by the user that you login as, and the security should be 600 (Owner read/write only).
and the private key in the local system (.ssh/id.... ( depending on use idrsa, iddsa etc.)
Also both keys need to be owned by the user that you login as, and the security should be 600 (Owner read/write only).
ASKER
no i don't . is ther any document for step by step ?
ASKER
i create public key and private key is under /home/user/.ssh and it have a 600 permission.
i still get the permission denied (publickey).
i still get the permission denied (publickey).
As I'm jumping qutie late in into this question, some very basic assumptions / questions:
Please correct me whenever I'm wrong.
You can als give me the real names/vales for an easier discussion f you don't mind, but it's not essential
Some Assumptions:
A1.) you have one machine (machine14) with ubuntu 14 and one machine (machine17) with ubuntu 17.
A2.) on machine14 you installed openssh server
A3.) you are one user (e.g. "user1") on machine14
A4.) you want to connect from user1@machine14 to another user on machine17 (e.g. "user2")
A5.) the private key pair that you created is saved in for user1@machine17 $HOME/.ssh/id_rsa and $HOME/.ssh/id_rsa.pub
A6.) you copied the public key file int $HOME/.ssh/authorized_keys of user2@machine14
A7.) you created the private keypair on ubuntu17 ( $HOME/.ssh/id_rsa and $HOME/.ssh/id_rsa.pub) with the command ssh-keygen, confirmed all defaults with enter (except the password)
Now some questions:
Q1) did you ever try to connect from machine14 as user2 to machine14 as user2 with password
Q2.) did you ever try to create a private keypair as user2 on machine14 and connect to yourself with this key pair
Q3.) Did you check the permissions of the private key file on machine17 (and also all the permissions up to '/')
Example:
You should see that only root or you has write permissions on all entries
and that only you can read $HOME/.ssh/id_rsa
Q4: Did you check file permissions for $HOME/.ssh/authorized_keys and all higher level directories on machine14
You should see that only root or you has write permissions on all entries
Q5: is this the command, that you tried on machine17 to connect to machine14
ssh user1@machine14
you might try
Please correct me whenever I'm wrong.
You can als give me the real names/vales for an easier discussion f you don't mind, but it's not essential
Some Assumptions:
A1.) you have one machine (machine14) with ubuntu 14 and one machine (machine17) with ubuntu 17.
A2.) on machine14 you installed openssh server
A3.) you are one user (e.g. "user1") on machine14
A4.) you want to connect from user1@machine14 to another user on machine17 (e.g. "user2")
A5.) the private key pair that you created is saved in for user1@machine17 $HOME/.ssh/id_rsa and $HOME/.ssh/id_rsa.pub
A6.) you copied the public key file int $HOME/.ssh/authorized_keys
A7.) you created the private keypair on ubuntu17 ( $HOME/.ssh/id_rsa and $HOME/.ssh/id_rsa.pub) with the command ssh-keygen, confirmed all defaults with enter (except the password)
Now some questions:
Q1) did you ever try to connect from machine14 as user2 to machine14 as user2 with password
Q2.) did you ever try to create a private keypair as user2 on machine14 and connect to yourself with this key pair
Q3.) Did you check the permissions of the private key file on machine17 (and also all the permissions up to '/')
Example:
ls -ld $HOME/.ssh/id_rsa $HOME/.ssh $HOME /home /
You should see that only root or you has write permissions on all entries
and that only you can read $HOME/.ssh/id_rsa
Q4: Did you check file permissions for $HOME/.ssh/authorized_keys
ls -ld /home/klausf/.ssh/authorized_keys $HOME/.ssh $HOME /home /
You should see that only root or you has write permissions on all entries
Q5: is this the command, that you tried on machine17 to connect to machine14
ssh user1@machine14
you might try
ssh -v user1@machine14
or evenssh -vv user1@machine14
to get a little more output
@gelonida:
Please be more carefull about access advice.... (Q4)
for /home root should be the user and others should have only read or even just exec rights on that directory. (read would allow listing directories to find more directories that could be accessed, exec right will only allow passage)...
so:
chown root:root /home && chmod 711 /home # or drwx--x--x root root ... /home.
is the right state... the group may vary here depending on security settings.
The users directory should show user as the owner of the directory probably with either 700 or 710 (with some group setting) possibly even 750 / 770 to allow access to group members.
the .ssh directory should be owned by the user and 700 protection. (drwx------).
The same holds for most file in there... Only the public key (not used from here) may have 644 (-rw-r--r--)
and the same hold for known_hosts.
The group & world rights MUST BE 0 (---) for almost all files within the .ssh directory.
Please be more carefull about access advice.... (Q4)
for /home root should be the user and others should have only read or even just exec rights on that directory. (read would allow listing directories to find more directories that could be accessed, exec right will only allow passage)...
so:
chown root:root /home && chmod 711 /home # or drwx--x--x root root ... /home.
is the right state... the group may vary here depending on security settings.
The users directory should show user as the owner of the directory probably with either 700 or 710 (with some group setting) possibly even 750 / 770 to allow access to group members.
the .ssh directory should be owned by the user and 700 protection. (drwx------).
The same holds for most file in there... Only the public key (not used from here) may have 644 (-rw-r--r--)
and the same hold for known_hosts.
The group & world rights MUST BE 0 (---) for almost all files within the .ssh directory.
ASKER
observ:
user1@ubun14 from ubunt 14 is ok
user1@ubunt17 from ubuntu17 not ok (permission denied (publickey)
ssh -vv user1@ubuntu17
OpenSSH_7.5p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "user1.ubuntu17" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to user1.ubuntu17 [IP] port 22.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_rsa-ce rt type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_dsa-ce rt type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ecdsa- cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ed2551 9 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ed2551 9-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5p1 Ubuntu-10
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5p1 Ubuntu-10
debug1: match: OpenSSH_7.5p1 Ubuntu-10 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to user1.ubuntu17:22 as 'user1'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve255 19-sha256@ libssh.org ,ecdh-sha2 -nistp256, ecdh-sha2- nistp384,e cdh-sha2-n istp521,di ffie-hellm an-group-e xchange-sh a256,diffi e-hellman- group16-sh a512,diffi e-hellman- group18-sh a512,diffi e-hellman- group-exch ange-sha1, diffie-hel lman-group 14-sha256, diffie-hel lman-group 14-sha1,ex t-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v 01@openssh .com,ecdsa -sha2-nist p384-cert- v01@openss h.com,ecds a-sha2-nis tp521-cert -v01@opens sh.com,ecd sa-sha2-ni stp256,ecd sa-sha2-ni stp384,ecd sa-sha2-ni stp521,ssh -ed25519-c ert-v01@op enssh.com, ssh-rsa-ce rt-v01@ope nssh.com,s sh-ed25519 ,rsa-sha2- 512,rsa-sh a2-256,ssh -rsa
debug2: ciphers ctos: chacha20-poly1305@openssh. com,aes128 -ctr,aes19 2-ctr,aes2 56-ctr,aes 128-gcm@op enssh.com, aes256-gcm @openssh.c om,aes128- cbc,aes192 -cbc,aes25 6-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh. com,aes128 -ctr,aes19 2-ctr,aes2 56-ctr,aes 128-gcm@op enssh.com, aes256-gcm @openssh.c om,aes128- cbc,aes192 -cbc,aes25 6-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,um ac-128-etm @openssh.c om,hmac-sh a2-256-etm @openssh.c om,hmac-sh a2-512-etm @openssh.c om,hmac-sh a1-etm@ope nssh.com,u mac-64@ope nssh.com,u mac-128@op enssh.com, hmac-sha2- 256,hmac-s ha2-512,hm ac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,um ac-128-etm @openssh.c om,hmac-sh a2-256-etm @openssh.c om,hmac-sh a2-512-etm @openssh.c om,hmac-sh a1-etm@ope nssh.com,u mac-64@ope nssh.com,u mac-128@op enssh.com, hmac-sha2- 256,hmac-s ha2-512,hm ac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve255 19-sha256@ libssh.org ,ecdh-sha2 -nistp256, ecdh-sha2- nistp384,e cdh-sha2-n istp521,di ffie-hellm an-group-e xchange-sh a256,diffi e-hellman- group16-sh a512,diffi e-hellman- group18-sh a512,diffi e-hellman- group14-sh a256,diffi e-hellman- group14-sh a1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-s ha2-256,ec dsa-sha2-n istp256,ss h-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh. com,aes128 -ctr,aes19 2-ctr,aes2 56-ctr,aes 128-gcm@op enssh.com, aes256-gcm @openssh.c om
debug2: ciphers stoc: chacha20-poly1305@openssh. com,aes128 -ctr,aes19 2-ctr,aes2 56-ctr,aes 128-gcm@op enssh.com, aes256-gcm @openssh.c om
debug2: MACs ctos: umac-64-etm@openssh.com,um ac-128-etm @openssh.c om,hmac-sh a2-256-etm @openssh.c om,hmac-sh a2-512-etm @openssh.c om,hmac-sh a1-etm@ope nssh.com,u mac-64@ope nssh.com,u mac-128@op enssh.com, hmac-sha2- 256,hmac-s ha2-512,hm ac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,um ac-128-etm @openssh.c om,hmac-sh a2-256-etm @openssh.c om,hmac-sh a2-512-etm @openssh.c om,hmac-sh a1-etm@ope nssh.com,u mac-64@ope nssh.com,u mac-128@op enssh.com, hmac-sha2- 256,hmac-s ha2-512,hm ac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh. com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh. com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:eR3zHSczFfbqkvWpDZ2 qPKLtrlv7r gnAOo6d0lr bjJ0
debug1: Host 'user1.ubuntu17' is known and matches the ECDSA host key.
debug1: Found key in /home/user1/.ssh/known_hos ts:5
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/user1/.ssh/id_rsa (0x56236c7004c0)
debug2: key: /home/user1/.ssh/id_dsa ((nil))
debug2: key: /home/user1/.ssh/id_ecdsa ((nil))
debug2: key: /home/user1/.ssh/id_ed2551 9 ((nil))
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed255 19,ssh-rsa ,rsa-sha2- 256,rsa-sh a2-512,ssh -dss,ecdsa -sha2-nist p256,ecdsa -sha2-nist p384,ecdsa -sha2-nist p521>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user1/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user1/.ssh/id_dsa
debug1: Trying private key: /home/user1/.ssh/id_ecdsa
debug1: Trying private key: /home/user1/.ssh/id_ed2551 9
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
user1@ubun14 from ubunt 14 is ok
user1@ubunt17 from ubuntu17 not ok (permission denied (publickey)
ssh -vv user1@ubuntu17
OpenSSH_7.5p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "user1.ubuntu17" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to user1.ubuntu17 [IP] port 22.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_rsa-ce
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_dsa-ce
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ecdsa-
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ed2551
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ed2551
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5p1 Ubuntu-10
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5p1 Ubuntu-10
debug1: match: OpenSSH_7.5p1 Ubuntu-10 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to user1.ubuntu17:22 as 'user1'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve255
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v
debug2: ciphers ctos: chacha20-poly1305@openssh.
debug2: ciphers stoc: chacha20-poly1305@openssh.
debug2: MACs ctos: umac-64-etm@openssh.com,um
debug2: MACs stoc: umac-64-etm@openssh.com,um
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve255
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-s
debug2: ciphers ctos: chacha20-poly1305@openssh.
debug2: ciphers stoc: chacha20-poly1305@openssh.
debug2: MACs ctos: umac-64-etm@openssh.com,um
debug2: MACs stoc: umac-64-etm@openssh.com,um
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.
debug1: kex: client->server cipher: chacha20-poly1305@openssh.
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:eR3zHSczFfbqkvWpDZ2
debug1: Host 'user1.ubuntu17' is known and matches the ECDSA host key.
debug1: Found key in /home/user1/.ssh/known_hos
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/user1/.ssh/id_rsa (0x56236c7004c0)
debug2: key: /home/user1/.ssh/id_dsa ((nil))
debug2: key: /home/user1/.ssh/id_ecdsa ((nil))
debug2: key: /home/user1/.ssh/id_ed2551
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed255
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user1/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user1/.ssh/id_dsa
debug1: Trying private key: /home/user1/.ssh/id_ecdsa
debug1: Trying private key: /home/user1/.ssh/id_ed2551
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
Where did you put your private key? It's looking specifically in /home/user1/.ssh/ and can't find the
.
.
.
-debug1: identity file /home/user1/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
.
.
.
ASKER
All the files is on /home/user1/.ssh/
-rw-rw-r-- 1 user1 user1 authorized_key
-rw--------- 1 user1 user1 ida_rsa
-rw-r--r-- 1 user1 user1 ida_rsa.pub
-rw-r--r-- 1 user1 user1 known_host
and debug ask for all of them.
-rw-rw-r-- 1 user1 user1 authorized_key
-rw--------- 1 user1 user1 ida_rsa
-rw-r--r-- 1 user1 user1 ida_rsa.pub
-rw-r--r-- 1 user1 user1 known_host
and debug ask for all of them.
1. authorized_key must be named authorized_keys - use: mv authorized_key authorized_keys
2. security on authorized_keys must be 600 instead of 664 - use: chmod 600 authorized_keys
2. security on authorized_keys must be 600 instead of 664 - use: chmod 600 authorized_keys
@noci:
I think you misinterpreted my access question. You are completely right with your comments. However my goal was a completely different one. I just mentionedthe absolute minimum to keep ssh happy.
@Jasmin shahrzad:
can you please send the output of following command:
I assume you executed the command:
As you see in your trace:
ssh tries to find the private key, that you created with ssh-keygen:
the interesting lines in your trace:
debug1: identity file /home/user1/.ssh/id_rsa type 1
# this (the trailing 1) means the file was found
debug1: identity file /home/user1/.ssh/id_rsa-ce rt type -1
# this (the trailing -1) means the file was NOT found
debug1: Authenticating to user1.ubuntu17:22 as 'user1'
# here you see as which user you want to connect to which machine. (I'm just a little confused about the hostname user1.ubuntu17)
debug1: Host 'user1.ubuntu17' is known and matches the ECDSA host key.
debug1: Found key in /home/user1/.ssh/known_hos ts:5
# means, that you connected (or tried to connect) already to this host
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user1/.ssh/id_rsa
# your client tried to authenticate with your key file
The fact, that the following lines are
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user1/.ssh/id_dsa
debug1: Trying private key: /home/user1/.ssh/id_ecdsa
debug1: Trying private key: /home/user1/.ssh/id_ed2551 9
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
tells you, that the key was not accepted and that ther is no other
Are you sure, that the contents of your client's ~/.ssh/id_rsa.pub has been added correctly to the target server's
~/.ssh/authorized_keys?
You can try following on ubuntu17
mv $HOME/.ssh/authorized_keys $HOME/.ssh/authorized_keys .backup
cp $HOME/.ssh/id_rsa.pub $HOME/.ssh/authorized_keys
and retry to a connect
I think you misinterpreted my access question. You are completely right with your comments. However my goal was a completely different one. I just mentionedthe absolute minimum to keep ssh happy.
@Jasmin shahrzad:
can you please send the output of following command:
ls -ld $HOME/.ssh/id_rsa $$HOME/.ssh/authorized_keys HOME/.ssh $HOME /home /
pls execute this command once on each host.I assume you executed the command:
on ubuntu17 as user1, right?As you see in your trace:
ssh tries to find the private key, that you created with ssh-keygen:
the interesting lines in your trace:
debug1: identity file /home/user1/.ssh/id_rsa type 1
# this (the trailing 1) means the file was found
debug1: identity file /home/user1/.ssh/id_rsa-ce
# this (the trailing -1) means the file was NOT found
debug1: Authenticating to user1.ubuntu17:22 as 'user1'
# here you see as which user you want to connect to which machine. (I'm just a little confused about the hostname user1.ubuntu17)
debug1: Host 'user1.ubuntu17' is known and matches the ECDSA host key.
debug1: Found key in /home/user1/.ssh/known_hos
# means, that you connected (or tried to connect) already to this host
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user1/.ssh/id_rsa
# your client tried to authenticate with your key file
The fact, that the following lines are
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/user1/.ssh/id_dsa
debug1: Trying private key: /home/user1/.ssh/id_ecdsa
debug1: Trying private key: /home/user1/.ssh/id_ed2551
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
tells you, that the key was not accepted and that ther is no other
Are you sure, that the contents of your client's ~/.ssh/id_rsa.pub has been added correctly to the target server's
~/.ssh/authorized_keys?
You can try following on ubuntu17
mv $HOME/.ssh/authorized_keys
cp $HOME/.ssh/id_rsa.pub $HOME/.ssh/authorized_keys
and retry to a connect
Oops: I saw the comment of Gerwin Jansen, EE MVE just after having posted.
Yes indeed. the file has the wrong name and is therefore not looked at.
Yes indeed. the file has the wrong name and is therefore not looked at.
ASKER
@gelonida,
is not a case. i just type the wrong name. the file name is authorized_keys.
result of command 1: is
drwxr-xr-x 23 root root 4096 Jan 10 09:33 /
drwxr-xr-x 3 root root 4096 Jan 9 14:54 /home
drwxr-xr-x 18 user1 user1 4096 Jan 12 08:17 /home/user1
drwx------ 2 user1 user1 4096 Jan 12 08:17 /home/user1/.ssh
-rw-rw-r-- 1 user1 user1 776 Jan 10 14:52 /home/user1/.ssh/authorize d_keys
-rw-rw-rw- 1 user1 user1 1766 Jan 11 16:07 /home/user1/.ssh/id_rsa
is not a case. i just type the wrong name. the file name is authorized_keys.
result of command 1: is
drwxr-xr-x 23 root root 4096 Jan 10 09:33 /
drwxr-xr-x 3 root root 4096 Jan 9 14:54 /home
drwxr-xr-x 18 user1 user1 4096 Jan 12 08:17 /home/user1
drwx------ 2 user1 user1 4096 Jan 12 08:17 /home/user1/.ssh
-rw-rw-r-- 1 user1 user1 776 Jan 10 14:52 /home/user1/.ssh/authorize
-rw-rw-rw- 1 user1 user1 1766 Jan 11 16:07 /home/user1/.ssh/id_rsa
ASKER
@gelonida,
i cp id_rsa.pub authorizes_keys.
and correct the permission of id_rsa. chmod 600 .
now i can ssh fra ubuntu17 to selv.
ssh user1@ubuntu17
is login correct . but i can't ssh from ubuntu 14
ubuntu14> ssh user1@ubuntu17
Permission denied (publickey).
i cp id_rsa.pub authorizes_keys.
and correct the permission of id_rsa. chmod 600 .
now i can ssh fra ubuntu17 to selv.
ssh user1@ubuntu17
is login correct . but i can't ssh from ubuntu 14
ubuntu14> ssh user1@ubuntu17
Permission denied (publickey).
ok can you please type the ls command on host14 AND on host17
can you also type following command on both hosts and indicate clearly which one is whih host?
can you also type following command on both hosts and indicate clearly which one is whih host?
md5sum $HOME/.ssh/id_rsa $HOME/.ssh/id_rsa.pu $HOME/.ssh/authorized_keys
ASKER
now i can ssh from ubuntu 17 and login to ubuntu 14
ubuntu17 > ssh user2@ubuntu14
then connect
... ...
but reverse from ubuntu 14 to 17 can't
ubuntu14 > ssh user1@ubuntu17
Permission denied (publickey).
on ubuntu 14 user1@ubuntu17 is in authorized_keys (the same key is copied from id_rsa.pub)
but i don't have id_rsa or id_rsa.pub from any of ubuntu14 and i can connect to any of them with ssh!
ubuntu17 > ssh user2@ubuntu14
then connect
... ...
but reverse from ubuntu 14 to 17 can't
ubuntu14 > ssh user1@ubuntu17
Permission denied (publickey).
on ubuntu 14 user1@ubuntu17 is in authorized_keys (the same key is copied from id_rsa.pub)
but i don't have id_rsa or id_rsa.pub from any of ubuntu14 and i can connect to any of them with ssh!
ASKER
from ubuntu 17:
5e2d7a2ce9e2de1c819afec9a3 d27ad8 /home/user1/.ssh/id_rsa
md5sum: /home/user1/.ssh/id_rsa.pu : No such file or directory
adb6bf6e095afe6b9539cc739c c6f891 /home/user1/.ssh/authorize d_keys
"i have a file id_rsa.pub but not id_rsa.pu
from ubuntu 14:
md5sum: /home/user2/.ssh/id_rsa: No such file or directory
md5sum: /home/user2/.ssh/id_rsa.pu : No such file or directory
0703a9362bfc561af5e21ef56b 47cccf /home/user2/.ssh/authorize d_keys
5e2d7a2ce9e2de1c819afec9a3
md5sum: /home/user1/.ssh/id_rsa.pu
adb6bf6e095afe6b9539cc739c
"i have a file id_rsa.pub but not id_rsa.pu
from ubuntu 14:
md5sum: /home/user2/.ssh/id_rsa: No such file or directory
md5sum: /home/user2/.ssh/id_rsa.pu
0703a9362bfc561af5e21ef56b
ASKER
sorry it was me.
on ubuntu14
md5sum: /home/user2/.ssh/id_rsa: No such file or directory
md5sum: /home/user2/.ssh/id_rsa.pu b: No such file or directory
0703a9362bfc561af5e21ef56b 47cccf /home/user2/.ssh/authorize d_keys
and 17
5e2d7a2ce9e2de1c819afec9a3 d27ad8 /home/user1/.ssh/id_rsa
90a9182b09079f734c41deefa9 ab936 /home/user1/id_rsa.pub
0703a9362bfc561af5e21ef56b 47cccf /home/user2/.ssh/authorize d_keys
on ubuntu14
md5sum: /home/user2/.ssh/id_rsa: No such file or directory
md5sum: /home/user2/.ssh/id_rsa.pu
0703a9362bfc561af5e21ef56b
and 17
5e2d7a2ce9e2de1c819afec9a3
90a9182b09079f734c41deefa9
0703a9362bfc561af5e21ef56b
but reverse from ubuntu 14 to 17 can't
This is normal as you showed the file ~/.ssh/id_rsa does not exist on 14
id_rsa is the private key file, that is required in the client machine.
on the target machine you have to have a line with the correspunding id_rsa.pub in the file authorized_keys
If you copy the file id_rsa from the 17 machine to the 14 machine you should be able to ssh.
As I don't know your context as all.
If both machines (14 and 17) are your machines and you trust both of them, then you can place the same ~/.ssh/id_rsa on both machines.
In many other cases it is better you create your own ~/.ssh/id_rsa on each machine and add a line with the coresponding id_rsa.pub to the ~/.ssh/authorized_keys file of the machine you want to connect to.
ASKER
Do you mean copy id_rsa from 17 to known_host in 14? or what?
No, id_rsa is the private key. You should use the public key, id_rsa.pub. Also, although you could copy those keys to the other system. You should generate new keys with ssh-keygen.
ASKER
ok i just confuse. i generate ssh-keygen i 17 and copy it to known_host in 14?
Yes. Both systems should have their own sets of keys.
2nd to that. Each system you own should have it's own private key, consequently all other systems that you need to access need the public key registered as one of the allowed keys.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I found out yesterday there is some tools with ssh to handle part of the hard job for you ....
ssh-keygen to create the right key pair...
then
ssh-copy-id -i keyid user@remote.system
for the default key use keyid = id_dsa or id_rsa (depending on which you chose to generate)
if ssh-keygen was used with -f keyid then keyid is the right keyword.
Obviously for passwordless logons you need no password on the secret key.
will handle the nitty gritty details. (that could have helped me in that past a few times).....
Hope this can still help.
ssh-keygen to create the right key pair...
then
ssh-copy-id -i keyid user@remote.system
for the default key use keyid = id_dsa or id_rsa (depending on which you chose to generate)
if ssh-keygen was used with -f keyid then keyid is the right keyword.
Obviously for passwordless logons you need no password on the secret key.
will handle the nitty gritty details. (that could have helped me in that past a few times).....
Hope this can still help.
ASKER
Tnx. it's running now