I've been troubleshooting this since yesterday afternoon.
I have a centos server running whm and I had ssh access working with a key. SSH Password Authorization Tweak is Disabled.
My SSH key had a passphrase and I was working on a backup solution for which I wanted to try using a key with no passphrase. WHM doesn't allow null password keys it seems so I created one locally on my mac with ssh-keygen, uploaded the public key and this didn't work.
I ended up removing the working ssh key from the server, not a big problem I thought as I can just make a new one.
Now I can't get any keys working for ssh access. Here are the steps I've been taking for the last few hours:
1) Manage root’s SSH Keys > Generate a new key
2) I have copied and pasted the text from the private key into a key on my computer
2 a) I have also used scp (by enabling ssh password authorization temporarily) to retrieve the private key
3) Manage Authorization > Enable
4) Attempt login > ssh -i <id_dsa/id_rsa> [email protected]<server>
type key password
5) chmod 600 <id_dsa/id_rsa>
OK. Next.
On mac
1) ssh-keygen -t id_dsa
1 a) I have also tried ssh-keygen -t id_rsa, the difference is not significant i know.
1 b) I've done this with a password and without a password, neither work
2) copy id_dsa.pub/id_rsa.pub to remote server through Manage root’s SSH Keys > Import Key
2 a) I've also used scp (by enabling ssh password authorization temporarily) to copy the key to the server
3) Manage Authorization > Enable
4) Attempt login > ssh -i <id_dsa/id_rsa> [email protected]<server>
type key password
5) chmod 600 <id_dsa/id_rsa>
OK. Permissions.
on server in /root/.ssh
and from /root
on mac in ~/
and in ~/.ssh
my private key permissions
Firewall:
I've made sure port 22 is open on my server and am using port 22 for SSH.
read out from ssh -vvv -i <id_dsa/id_rsa> [email protected]<server>
(I've hidden addresses and IPs)
I've also run:
tail -f /var/log/secure
on the server and all that's logged when I attempt and fail to login with the SSH key is this:
I've also tried to ssh in from another machine using the same methods...
Any help would be GREATLY appreciated!!
Thanks!
I have a centos server running whm and I had ssh access working with a key. SSH Password Authorization Tweak is Disabled.
My SSH key had a passphrase and I was working on a backup solution for which I wanted to try using a key with no passphrase. WHM doesn't allow null password keys it seems so I created one locally on my mac with ssh-keygen, uploaded the public key and this didn't work.
I ended up removing the working ssh key from the server, not a big problem I thought as I can just make a new one.
Now I can't get any keys working for ssh access. Here are the steps I've been taking for the last few hours:
1) Manage root’s SSH Keys > Generate a new key
2) I have copied and pasted the text from the private key into a key on my computer
2 a) I have also used scp (by enabling ssh password authorization temporarily) to retrieve the private key
3) Manage Authorization > Enable
4) Attempt login > ssh -i <id_dsa/id_rsa> [email protected]<server>
type key password
Code:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Code:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).On mac
1) ssh-keygen -t id_dsa
1 a) I have also tried ssh-keygen -t id_rsa, the difference is not significant i know.
1 b) I've done this with a password and without a password, neither work
2) copy id_dsa.pub/id_rsa.pub to remote server through Manage root’s SSH Keys > Import Key
2 a) I've also used scp (by enabling ssh password authorization temporarily) to copy the key to the server
3) Manage Authorization > Enable
4) Attempt login > ssh -i <id_dsa/id_rsa> [email protected]<server>
type key password
Code:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Code:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).on server in /root/.ssh
Code:
-rw-------. 1 root root 422 Oct 3 10:57 authorized_keys
-rw-------. 1 root root 422 Oct 3 10:57 authorized_keys2
-rw-r--r--. 1 root root 422 Oct 3 10:57 id_rsa.pub
Code:
drwx------. 2 root root 4096 Oct 3 10:57 .ssh/
Code:
drwx------ 3 darrencperry staff 102 3 Oct 00:54 .ssh
Code:
-rw-r--r-- 1 darrencperry staff 418 3 Oct 00:54 known_hosts
Code:
-rw------- 1 darrencperry staff 1675 3 Oct 10:56 id_rsaI've made sure port 22 is open on my server and am using port 22 for SSH.
read out from ssh -vvv -i <id_dsa/id_rsa> [email protected]<server>
(I've hidden addresses and IPs)
Code:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to myserver.co.uk [my.ip.address] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "id_rsa" as a RSA1 public key
debug1: identity file id_rsa type 1
debug1: identity file id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "myserver.co.uk" from file "/Users/darrencperry/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/darrencperry/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 493/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA hi:dd:en:so:me:of:th:is:42:b2:0b:10:10:25:4f:3f
debug3: load_hostkeys: loading entries for host "myserver.co.uk" from file "/Users/darrencperry/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/darrencperry/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "my.ip.address" from file "/Users/darrencperry/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/darrencperry/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'myserver.co.uk' is known and matches the RSA host key.
debug1: Found key in /Users/darrencperry/.ssh/known_hosts:1
debug2: bits set: 507/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: id_rsa (0x7fe2f241d220)
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).I've also run:
tail -f /var/log/secure
on the server and all that's logged when I attempt and fail to login with the SSH key is this:
Code:
Oct 3 11:31:52 host-my-server-ip sshd[13261]: Connection closed by <my.ip>Any help would be GREATLY appreciated!!
Thanks!
