Issues with SSH pubkey authentication at remote server
Hi,
I have successfully uploaded my SSH public key to the authorized_keys
file in ~/.ssh on the remote server using ssh-copy-id. I connected using
password authentication to check whether it really is the correct key
there and it is. Permissions are ok.
Public key authentication is the first (in order and priority) of
several auth methods that the server offers. But as to the output below
something is not working with the submission of the secret part of the
key (well, the proof of being in possession of it) by the ssh-agent.
Before establishing connection for the first time I did
eval $(ssh-agent)
PID xxxx
ssh-add ~/.ssh/id_rsa
But it seems that the ssh-agent does not really authenticates to the
remote server and as a fallback password auth is selected. (I anonymized
the output below.) So, pubkey authentication is not working :-(
Can anyone tell me what's going wrong, especially this
debug1: Offering RSA public key: ~/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
...
debug2: we did not send a packet, disable method
Any hints welcome.
Stephan
-----------------------------------------------------------------------
me@mymachine:~/.ssh$ ssh -vv me@theremoteserver
OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to theremoteserver [IPaddress_remoteserver] port 22.
debug1: Connection established.
[debug messages concerning type 1 keys, snipped]
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.0p1 Debian-4+deb7u6
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u6 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
[debug messages concerning ciphers, snipped]
debug1: Server host key: RSA [server_host_key]
debug1: Host 'theremoteserver' is known and matches the RSA host key.
debug1: Found key in ~/.ssh/known_hosts:4
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: ~/.ssh/id_rsa (0x1cpt789b66z1),
debug2: key: ~/.ssh/id_dsa ((nil)),
debug2: key: ~/.ssh/id_ecdsa ((nil)),
debug2: key: ~/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: ~/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: ~/.ssh/id_dsa
debug1: Trying private key: ~/.ssh/id_ecdsa
debug1: Trying private key: ~/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
------------------------------------------------------------------------
NOTE: I pray for the OpenSSL version OpenSSH ships with being patched
soon in Jessie!
Reply to: