Re: permission denied (publickey)



Hi,

thanks for answering me :)

My /etc/ssh/sshd_config looks currently like this:
---
Port 5583
Protocol 2
AllowUsers admin user
AddressFamily inet
PasswordAuthentication no
ChallengeResponseAuthentication no
Subsystem sftp /usr/lib/misc/sftp-server
AllowGroups wheel users
LoginGraceTime 20
PermitEmptyPasswords no
PermitRootLogin no
X11Forwarding no
PrintLastLog yes
HostbasedAuthentication no
--

After your email I've set "PubkeyAuthentication yes" to, but it don't change the problem or the error messages :(

uhm, that sshd_config is a backup from my old server-system and there ssh had work very well.

Greets,
Eni

Dony Pierre wrote:
Can you verify if you have set PubkeyAuthentication yes in your /etc/ssh/sshd-config on your ssh server.

Regards.
Pierre.


-----Original Message-----
From: Eni [mailto:eni@xxxxxxxxxxxxxxxxx] Sent: samedi 27 mai 2006 0:49
To: secureshell@xxxxxxxxxxxxxxxxx
Subject: permission denied (publickey)

Hi,

please, excuse my terrible english, but can anyone help?
I re-installed my server with Gentoo Linux and after that i get this:

---
$ ssh user@server
permission denied (publickey).
---

/var/log/auth.log says:
---
sshd[8159]: User 'username' from 'domain' not allowed because not listed in AllowUsers
---

But the user is listed in /etc/ssh/sshd_config at "AllowUsers" for sure!


---debug---

$ ssh -vv -2 -l user@remotebox -p 5583
OpenSSH_4.3p2, OpenSSL 0.9.7i 14 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 'IP' ['IP'] port 5583.
debug1: Connection established.
debug1: identity file /home/'localuser'/.ssh/id_rsa type -1
debug1: identity file /home/'localuser'/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit: none,zlib@xxxxxxxxxxx
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 144/256
debug2: bits set: 482/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'IP' is known and matches the RSA host key.
debug1: Found key in /home/localuser/.ssh/known_hosts:3
debug2: bits set: 502/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/localuser/.ssh/id_rsa ((nil))
debug2: key: /home/localuser/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/localuser/.ssh/id_rsa
debug1: Trying private key: /home/localuser/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

---debug end---

I generated the Keys with:
---
"ssh-keygen -b 2048 -t rsa -f ${HOME}/.ssh/user_server"
---

Then copied it to the remote server to
/home/user/.ssh/authorized_keys
and set chmod 600 to authorized_keys.

I can't find the problem, please help.

Thanks in advance,
Eni (Denise Paschen)

--
<<< Gentoo Linux | Fluxbox >>>
_ _
( )_( ) Sorry, I'm Late.
(° °) But I Got Lost On The Road Of Life.
>°< http://www.gothic-family.net/eni



-----------------------------------------
Visit our website! http://www.nbb.be

"DISCLAIMER: The content of this e-mail message should not be
construed as binding on the part of the National Bank of Belgium
(NBB) unless otherwise and previously stated. The opinions
expressed in this message are solely those of the author and do not
necessarily reflect NBB viewpoints, particularly when the content
of this message, or part thereof, is private by nature or does not
fall within the professional scope of its author."




--
<<< Gentoo Linux | Fluxbox >>>
_ _
( )_( ) Sorry, I'm Late.
(° °) But I Got Lost On The Road Of Life.
>°< http://www.gothic-family.net/eni



Relevant Pages

  • Problem with some user autentification error on sshd
    ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug2: kex_parse_kexinit: none,zlib ... debug3: check_host_in_hostfile: match line 3 ... debug1: Next authentication method: keyboard-interactive ...
    (SSH)
  • Re: Problem: passwordless SSH-login with Kerberos doesnt work
    ... I can do Kerberos password authentication now and that's already a huge step forward, but single signon is what I want. ... debug1: sshd version OpenSSH_5.1p1 Debian-5 ... debug2: fd 3 setting O_NONBLOCK ... debug3: ...
    (comp.protocols.kerberos)
  • Problem using ssh protocol 2 dsa
    ... I am fairly new to the ssh protocol, so I hope this not a stupid ... debug1: Reading configuration data /etc/ssh/ssh_config ... debug3: key_read: no key found ... debug2: kex_parse_kexinit: ...
    (SSH)
  • Re: ssh xterm -> HPUX fails
    ... debug1: read PEM private key done: type RSA ... debug3: preauth child monitor started ... debug2: monitor_read: 0 used once, ... debug2: channel 0: sent ext data 106 ...
    (comp.security.ssh)
  • openssh-3.9p1 and MIT Kerberos
    ... Compiled MIT Kerberos 1.4. ... debug1: Connection established. ... debug2: fd 4 setting O_NONBLOCK ... # This is the ssh client system-wide configuration file. ...
    (comp.security.ssh)