SSH - Access Denied via Putty

If you haven't configured syslog logging for sshd (you should), then error messages will be in individual job logs that get created for every ssh connection.  This article explains how to configure syslog and how to find sshd job logs.

https://www-01.ibm.com/support/docview.wss?uid=nas8N1014301

Post the log messages for a failed connection.  You may want to temporarily increase the logging level configured in sshd config to produce a more detailed log.

I set up logging as you indicated - but even after resetarting SSH - the logs are clear.   I set the logging level as DEBUG in the /QOpenSys/QIBM/UserData/SC1/OpenSSH/etc/sshd_config file

Please post your sshd_config file - after masking anything confidential..

Uploaded SSHD_CONFIG.txt
sshd_config.txt

You should configure Putty to log.  That would get better info about the reason.
       From the PuTTY Configuration, in the left pane, click on  Logging under Session.
       On the right, ensure Log all session output or Log SSH packet data is selected.
       Note the path to the log file which needs to be sent along with sshd logs.

If you used ssh from linux or Mac just add -vvv (3 v) and you'll see verbose output.

I attached the putty.log output but there isn't much in it...

Still don't see anything in my log file...
putty.log

Did you ensure that you are logging all session output?

Enable syslog logging in your sshd_conf.  Uncomment this:

#SyslogFacility AUTH

Then restart sshd.

Tip: Debugging ssh tends to be tough, as simple things cause problems.

Ensure your key file permission is set to user access only, so all other access off. Linux equivalent is...

chmod 600 .../your-key-directory/your-key.rsa

Select allOpen in new window

If you still have problems here's a quick way to find the root cause quickly.

1) In one window connected to your server...

/usr/sbin/sshd -p 55555 -D -ddd -e

Select allOpen in new window

2) In another window connect to your new sshd instance...

ssh -vvv -2 -4 -p 55555 -i .../your-key-directory/your-key.rsa $user@host

Select allOpen in new window

3) Compare the output of both windows + likely you'll immediately see the problem.

I removed the comment from the SyslogFacility AUTH and then restarted SSHD

After attempting to connect in Putty again, I still do not see anything in my sshlog.ext file that I set up in the logging config.  And I ensured that my Putty logging was set to log all session activity and it shows just what I see on screen (which is basically just an Access Denied message)

Might be a good test to attempt connecting to your server using an actual ssh client (Linux or OSX machine).

This will tell you if you have a server side or client side problem.

You can always cut + paste output from both windows (per above) + post the output as attachments. Be sure to do this as text, not an image file.

Unfortunately, I don't have access to either a Linux or OSX machine to test with

Then back to the 2x window test I described above, which will likely provide sufficient enough detail to debug the problem.

Hum... Also post the actual host or IP where you're trying to login. No way to test a full login + at least a port scan can be run to ensure sshd is listening correctly.

The window test above is best.