[SOLVED] annot connect to SSH: Permission denied (publickey,password)

w0ng · 2011-03-14 08:21:21

- Followed the wiki: https://wiki.archlinux.org/index.php/SSH
- Able to "ssh localhost" and "ssh 192.168.x.x" (on same machine sshd is installed on)
- Cannot "ssh external.ip.address" nor "ssh xxx.dyndns-home.com" -> Permission denied (publickey,password)
- Cannot "ssh 192.168.x.x" into machine from another computer on same network (WinXP, PuTTY) -> "Disconnected. No supported authentication methods available"
- Port 22 is forwarded correctly via the router

/etc/ssh/sshd_config

Protocol 2
LoginGraceTime 2m
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
Subsystem sftp  /usr/lib/ssh/sftp-server

/etc/hosts.allow

sshd: ALL

/etc/hosts.deny

ALL: ALL

ls -la ~/.ssh

drwx------  2 me users 4.0K Mar 14 18:45 ./
drwx------ 37 me users 4.0K Mar 14 19:11 ../
-rw-------  1 me users  266 Mar 14 18:44 authorized_keys
-rw-------  1 me users  444 Mar 14 18:43 id_ecdsa
-rw-r--r--  1 me users  594 Mar 14 18:45 known_hosts

ssh -v me@external.ip.address

OpenSSH_5.8p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/me/.ssh/id_rsa type -1
debug1: identity file /home/me/.ssh/id_rsa-cert type -1
debug1: identity file /home/me/.ssh/id_dsa type -1
debug1: identity file /home/me/.ssh/id_dsa-cert type -1
debug1: identity file /home/me/.ssh/id_ecdsa type -1
debug1: identity file /home/me/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.46
debug1: no match: dropbear_0.46
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 02:fd:a6:62:e7:0b:8c:96:68:1a:25:27:30:82:9c:7b
debug1: Host 'x.x.x.x' is known and matches the RSA host key.
debug1: Found key in /home/me/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/me/.ssh/id_rsa
debug1: Trying private key: /home/me/.ssh/id_dsa
debug1: Trying private key: /home/me/.ssh/id_ecdsa
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/me/.ssh/id_ecdsa': 
debug1: read PEM private key done: type ECDSA
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
me@x.x.x.x's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
me@x.x.x.x's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
me@60.240.59.78's password: 
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).

cat /ar/log/auth.log

Mar 14 18:39:27 localhost sudo:       me : TTY=pts/10 ; PWD=/home/me ; USER=root ; COMMAND=/usr/bin/vim /etc/ssh/sshd_config
Mar 14 18:39:27 localhost sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)
Mar 14 18:40:42 localhost sudo:       me : TTY=pts/10 ; PWD=/home/me ; USER=root ; COMMAND=/usr/bin/vim /etc/hosts.allow
Mar 14 18:40:42 localhost sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)
Mar 14 18:41:06 localhost sudo:       me : TTY=pts/10 ; PWD=/home/me ; USER=root ; COMMAND=/usr/bin/vim /etc/hosts
Mar 14 18:41:06 localhost sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)
Mar 14 18:41:12 localhost sudo:       me : TTY=pts/10 ; PWD=/home/me ; USER=root ; COMMAND=/usr/bin/vim /etc/hosts.deny
Mar 14 18:41:12 localhost sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)
Mar 14 18:41:28 localhost sudo:       me : TTY=pts/10 ; PWD=/home/me ; USER=root ; COMMAND=/etc/rc.d/sshd stop
Mar 14 18:41:28 localhost sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)
Mar 14 18:41:28 localhost sshd[2730]: Received signal 15; terminating.
Mar 14 18:41:30 localhost sudo:       me : TTY=pts/10 ; PWD=/home/me ; USER=root ; COMMAND=/etc/rc.d/sshd stop
Mar 14 18:41:30 localhost sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)
Mar 14 18:43:01 localhost sudo:       me : TTY=pts/10 ; PWD=/home/me ; USER=root ; COMMAND=/etc/rc.d/sshd start
Mar 14 18:43:01 localhost sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)
Mar 14 18:43:01 localhost sshd[3252]: Server listening on 0.0.0.0 port 22.
Mar 14 18:43:01 localhost sshd[3252]: Server listening on :: port 22.
Mar 14 18:45:16 localhost sshd[3286]: Accepted publickey for me from ::1 port 44144 ssh2
Mar 14 18:45:16 localhost sshd[3286]: pam_unix_session(sshd:session): session opened for user me by (uid=0)
Mar 14 18:45:18 localhost sshd[3291]: Received disconnect from ::1: 11: disconnected by user
Mar 14 18:45:18 localhost sshd[3286]: pam_unix_session(sshd:session): session closed for user me
Mar 14 18:45:29 localhost sshd[3298]: Accepted publickey for me from 192.168.1.2 port 32867 ssh2
Mar 14 18:45:29 localhost sshd[3298]: pam_unix_session(sshd:session): session opened for user me by (uid=0)
Mar 14 18:45:41 localhost sshd[3300]: Received disconnect from 192.168.1.2: 11: disconnected by user
Mar 14 18:45:41 localhost sshd[3298]: pam_unix_session(sshd:session): session closed for user me
Mar 14 19:07:31 localhost sudo:       me : TTY=pts/10 ; PWD=/home/me ; USER=root ; COMMAND=/usr/bin/vim /etc/ssh/sshd_config
Mar 14 19:07:31 localhost sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)
Mar 14 19:09:53 localhost sudo: pam_unix(sudo:session): session closed for user me
Mar 14 19:15:09 localhost sudo:       me : TTY=pts/10 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat /var/log/auth.log
Mar 14 19:15:09 localhost sudo: pam_unix(sudo:session): session opened for user root by (uid=1000)

Thanks in advance for any help!

EDIT: Problem disappeared on fresh install after hosts.allow and hosts.deny were deprecated

Last edited by w0ng (2012-03-23 06:46:39)

lives2evil · 2011-03-14 08:41:10

I notice your configuration have these line:

PasswordAuthentication no
ChallengeResponseAuthentication no

So you might want to take a look at this
https://wiki.archlinux.org/index.php/Using_SSH_Keys

Or you can try removing these lines.

w0ng · 2011-03-14 08:55:34

lives2evil wrote:

I notice your configuration have these line:
PasswordAuthentication no
ChallengeResponseAuthentication no
So you might want to take a look at this
https://wiki.archlinux.org/index.php/Using_SSH_Keys
Or you can try removing these lines.

- Tried removing those two lines.
- Restarted sshd.
- Deleted contents of ~/.ssh/

ssh -v me@external.ip.address

OpenSSH_5.8p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/me/.ssh/id_rsa type -1
debug1: identity file /home/me/.ssh/id_rsa-cert type -1
debug1: identity file /home/me/.ssh/id_dsa type -1
debug1: identity file /home/me/.ssh/id_dsa-cert type -1
debug1: identity file /home/me/.ssh/id_ecdsa type -1
debug1: identity file /home/me/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.46
debug1: no match: dropbear_0.46
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 02:fd:a6:62:e7:0b:8c:96:68:1a:25:27:30:82:9c:7b
The authenticity of host '60.240.59.78 (60.240.59.78)' can't be established.
RSA key fingerprint is 02:fd:a6:62:e7:0b:8c:96:68:1a:25:27:30:82:9c:7b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'x.x.x.x' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/me/.ssh/id_rsa
debug1: Trying private key: /home/me/.ssh/id_dsa
debug1: Trying private key: /home/me/.ssh/id_ecdsa
debug1: Next authentication method: password
me@x.x.x.x's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
me@x.x.x.x's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
me@x.x.x.x's password: 
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).

lives2evil · 2011-03-14 09:50:15

I'm not sure what wrong. I myself have never installed SSH before
Try running "cat /var/log/messages.log | grep ssh".

fukawi2 · 2011-03-14 10:03:48

Try running the server in debug mode:

/usr/sbin/sshd -Dd -p2222

w0ng · 2011-03-15 07:23:58

port 33130 was forwarded for utorrent in windows (dual boot) on same machine.
thus, certain it's properly forwarded and working fine
still don't know whats happening. please help

sudo /usr/sbin/sshd -Dd -p 31330

debug1: sshd version OpenSSH_5.8p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Dd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='31330'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 31330 on 0.0.0.0.
Server listening on 0.0.0.0 port 31330.
debug1: Bind to port 31330 on ::.
Server listening on :: port 31330.

netstat -tlnp

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:31330           0.0.0.0:*               LISTEN      -                   
tcp        0      0 :::6600                 :::*                    LISTEN      1419/mpd            
tcp        0      0 :::31330                :::*                    LISTEN      -                   
tcp        0      0 :::6667                 :::*                    LISTEN      -

ssh -v my.external.ip.address -p 31330

OpenSSH_5.8p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to x.x.x.x [x.x.x.x] port 31330.
debug1: connect to address x.x.x.x port 31330: Connection refused
ssh: connect to host x.x.x.x port 31330: Connection refused

fukawi2 · 2011-03-15 22:00:54

w0ng wrote:

sudo /usr/sbin/sshd -Dd -p 31330

debug1: sshd version OpenSSH_5.8p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Dd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='31330'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 31330 on 0.0.0.0.
Server listening on 0.0.0.0 port 31330.
debug1: Bind to port 31330 on ::.
Server listening on :: port 31330.

You need to try connecting on port 31330 and see what this says then (eg, it might complain about permissions or something.) If it doesn't give you anything useful, try again with a higher verbosity (add additional -v flags)

Arch Linux

#1 2011-03-14 08:21:21

[SOLVED] annot connect to SSH: Permission denied (publickey,password)

#2 2011-03-14 08:41:10

Re: [SOLVED] annot connect to SSH: Permission denied (publickey,password)

#3 2011-03-14 08:55:34

Re: [SOLVED] annot connect to SSH: Permission denied (publickey,password)

#4 2011-03-14 09:50:15

Re: [SOLVED] annot connect to SSH: Permission denied (publickey,password)

#5 2011-03-14 10:03:48

Re: [SOLVED] annot connect to SSH: Permission denied (publickey,password)

#6 2011-03-15 07:23:58

Re: [SOLVED] annot connect to SSH: Permission denied (publickey,password)

#7 2011-03-15 22:00:54

Re: [SOLVED] annot connect to SSH: Permission denied (publickey,password)

Board footer