[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to examine ssh problem



On Wed, Aug 3, 2011 at 12:34 AM, Juan Sierra Pons <juan@elsotanillo.net> wrote:
> 2011/8/2 lina <lina.lastname@gmail.com>:
>> On Tue, Aug 2, 2011 at 11:24 PM, Joao Ferreira Gmail
>> <joao.miguel.c.ferreira@gmail.com> wrote:
>>> On Tue, 2011-08-02 at 23:02 +0800, lina wrote:
>>>> Hi,
>>>>
>>>> when I tried to ssh some_server, it showed me,
>>>>
>>>> Permission denied (publickey,gssapi-with-mic,password).
>>>>
>>>> 1] I tried ssh from desktop, laptop and other server, the same problem.
>>>> 2] I generate a new key  by ssh-keygen in some_server, it still has
>>>> this problem.
>>>>
>>>> I can ssh by username@full_some_server_address, but can't access in a
>>>> simple way,
>>>
>>> try:
>>>
>>> "ssh -vvv user@host"
>>
>> ...
>> debug1: Found key in /home/lina/.ssh/known_hosts:3
>> debug2: bits set: 529/1024
>> debug1: ssh_rsa_verify: signature correct
>> debug2: kex_derive_keys
>> debug2: set_newkeys: mode 1
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug2: set_newkeys: mode 0
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: Roaming not allowed by server
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug2: service_accept: ssh-userauth
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug2: key: /home/lina/.ssh/id_rsa (0x7f9e47a530a0)
>> debug2: key: /home/lina/.ssh/id_dsa (0x7f9e47a58660)
>> debug1: Authentications that can continue: publickey,gssapi-with-mic,password
>> debug3: start over, passed a different list publickey,gssapi-with-mic,password
>> debug3: preferred publickey,keyboard-interactive
>> debug3: authmethod_lookup publickey
>> debug3: remaining preferred: keyboard-interactive
>> debug3: authmethod_is_enabled publickey
>> debug1: Next authentication method: publickey
>> debug1: Offering public key: /home/lina/.ssh/id_rsa
>> debug3: send_pubkey_test
>> debug2: we sent a publickey packet, wait for reply
>> debug1: Authentications that can continue: publickey,gssapi-with-mic,password
>> debug1: Offering public key: /home/lina/.ssh/id_dsa
>> debug3: send_pubkey_test
>> debug2: we sent a publickey packet, wait for reply
>> debug1: Authentications that can continue: publickey,gssapi-with-mic,password
>> debug2: we did not send a packet, disable method
>> debug1: No more authentication methods to try.
>> Permission denied (publickey,gssapi-with-mic,password)
>>
>> I don't know how to check further, thanks for any more advice,
>>
>>>
>>> Joao
>>>
>>>
>>>>
>>>> Thanks for any advice,
>>>>
>>>> --
>>>> Best Regards,
>>>>
>>>> lina
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>> --
>> Best Regards,
>>
>> lina
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>> Archive: CAG9cJmkvRPE91-b1NoFGunDVf-aefqHSncSJ8ZCd4qy6PqaOhg@mail.gmail.com">http://lists.debian.org/CAG9cJmkvRPE91-b1NoFGunDVf-aefqHSncSJ8ZCd4qy6PqaOhg@mail.gmail.com
>>
>>
> Hi,
>
> Can you delete your public key in the remote server and copy it again using:
>
> ssh-copy-id user@machine
>
> This way ssh-copy-id will check the permissions on the remote server.

Now try logging into the machine, with "ssh 'lina@machine", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.


I checked, it added keys in the authorized_keys in the remote machine.

I also checked config, actually I could ssh before, no problem, based
on present config file and all.

just one day suddenly could not work without any knowledge of
modification recently.

Thanks,

lina
>
> >From the man page
>
>       ssh-copy-id  is a script that uses ssh to log into a remote
> machine (presumably using a login password, so password
>       authentication should be enabled, unless you've done some
> clever use of multiple identities)
>
>       It also changes the permissions of the remote user's home,
> ~/.ssh,  and  ~/.ssh/authorized_keys  to  remove  group
>       writability  (which would otherwise prevent you from logging
> in, if the remote sshd has StrictModes set in its con‐
>       figuration).
>
> Good luck
>
>
> --
> Mi nueva dirección es: - My new email address is: - Mon nouveau email est:
> juan@elsotanillo.net
> ----------------------------------------------------------------------------
> Usuario Linux Registrado: #257202
> http://www.elsotanillo.net
> ----------------------------------------------------------------------------
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/CABSy9s2Muz9Nqts_8yorkw8z7CkGmurDCxNANckWzjgqcg7w@mail.gmail.com
>
>



-- 
Best Regards,

lina


Reply to: