1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

No Supported Authentication methods available when using SSH client

Discussion in 'General Discussion' started by monkey64, Dec 14, 2011.

  1. monkey64

    monkey64 Member

    Joined:
    Nov 6, 2011
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    I have just disabled Password Authentication and created a root SSH key.
    Using WinSCP, I can SSH in perfectly using the root account.

    I thought I would make an account called "user" followed the same steps.
    When I try to connect to this account, I get the error "No Supported Authentication methods available".
    The root account still works though...

    The only change I have made to the config is changing the port in /etc/ssh/sshd_config.
    Any ideas?
     
  2. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    Is the additional user listed in /etc/ssh/sshd_config file via the option "AllowUsers username1 username2" directive?

    If you would like to post your /etc/ssh/sshd_config file contents, we could let you know if we see anything wrong with it:

    Code:
    cat /etc/ssh/sshd_config
     
  3. monkey64

    monkey64 Member

    Joined:
    Nov 6, 2011
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Tristan

    I checked the sshd_config file an did not find the option "AllowUsers username1 username2" directive?
    I can see that the necessary keys have been created in /root/.ssh/
    Here is the file:

    Code:
    #	$OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options change a
    # default value.
    
    Port XXXX #Changed MH
    #Protocol 2,1
    Protocol 2
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 768
    
    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 2m
    #PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    
    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile	.ssh/authorized_keys
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    PasswordAuthentication	no
    
    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    ChallengeResponseAuthentication	no
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    
    # GSSAPI options
    #GSSAPIAuthentication no
    GSSAPIAuthentication yes
    #GSSAPICleanupCredentials yes
    GSSAPICleanupCredentials yes
    
    # Set this to 'yes' to enable PAM authentication, account processing, 
    # and session processing. If this is enabled, PAM authentication will 
    # be allowed through the ChallengeResponseAuthentication mechanism. 
    # Depending on your PAM configuration, this may bypass the setting of 
    # PasswordAuthentication, PermitEmptyPasswords, and 
    # "PermitRootLogin without-password". If you just want the PAM account and 
    # session checks to run without PAM authentication, then enable this but set 
    # ChallengeResponseAuthentication=no
    #UsePAM no
    UsePAM	yes
    
    # Accept locale-related environment variables
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
    AcceptEnv LC_IDENTIFICATION LC_ALL
    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #ShowPatchLevel no
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    #ChrootDirectory none
    
    # no default banner path
    #Banner /some/path
    
    # override default of no subsystems
    Subsystem	sftp	/usr/libexec/openssh/sftp-server
    
     
  4. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    Can you please run the following command when trying to log in as that user?

    Code:
    ssh username@servername -v
    The -v option provides verbose logging for the SSH command.
     
  5. monkey64

    monkey64 Member

    Joined:
    Nov 6, 2011
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    After creating the second account "user", I can no longer log into either account so I can't run the code:

    Code:
    ssh username@servername -v
    
    I get the following error logging in:

    "Disconnected: No supported authentication methods avaliable (server sent: publickey, gssapi-with-mic)"

    Even restarting SSh doesn't help.
    The only way I can any SSH access is to delete all the SSH keys remake them.
    It seems that the action of creating the second key is causing the system to fail.
     
  6. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    I don't understand how you would receive an SSH denied message yet be unable to run the command I indicated, which is the command to SSH itself. How precisely are you SSHing into the system if you are not using a command to do so?
     
  7. monkey64

    monkey64 Member

    Joined:
    Nov 6, 2011
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Tristan

    The problem has been that after I create the second user, SSH dies and I lose access altogether. However, today I was able to run your command:

    Code:
    ssh username@servername -v
    
    Here is the output:

    Code:
    /root$ ssh user@myserver -v
    OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    Pseudo-terminal will not be allocated because stdin is not a terminal.
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to myserver [xxx.xxx.xxx.xxx] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: loaded 3 keys
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
    debug1: match: OpenSSH_4.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: read_passphrase: can't open /dev/tty: No such device or address
    Host key verification failed.
    
     
    #7 monkey64, Jan 10, 2012
    Last edited: Jan 10, 2012
  8. cPanelTristan

    cPanelTristan Active Member
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,621
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    Part of the issue might be this portion:

    Code:
    debug1: permanently_set_uid: 0/0
    It seems it is setting the uid to 0 which is root. It is also looking for the key on /root/.ssh location.
     

Share This Page