[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh doesn't work.

Thank you for your reply, Andy.

ufw was enabled on the server machine.
Because I don't have enough knoledge about iptables, I did
$ sudo ufw allow proto tcp from 192.168.0.3 to any port 9999
on the server machine.
Then I successfully connected from the client machine by ssh.

And next I want to do ssh with authentication key instead of password.
I've been struggling for hours.
I rewrited /etc/ssh/sshd_config.
On the client machine,

PasswordAuthentication no
AuthorizedKeysFile    %h/.ssh/authorized_keys
UsePAM no

On the server machine,

PasswordAuthentication no
AuthorizedKeysFile    %h/.ssh/authorized_keys
UsePAM no

Then I tried, but
Password:
still appeared.

$ ssh -v -p 9999 testac@192.168.0.5
OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t  3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.0.5 [192.168.0.5] port 9999.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA --:--:--:--:--:--:--:--:--:--:--:--:--:--:--:--
debug1: Host '[192.168.0.5]:9999' is known and matches the ECDSA host key.
debug1: Found key in /home/emmm/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: emmm@jessie
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/emmm/.ssh/id_rsa
debug1: Trying private key: /home/emmm/.ssh/id_dsa
debug1: Trying private key: /home/emmm/.ssh/id_ecdsa
debug1: Trying private key: /home/emmm/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 192.168.0.5 ([192.168.0.5]:9999).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = ja_JP.UTF-8
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Dec  8 08:28:43 2016 from 192.168.0.3
testac@jessie2:~$

I rewrited /etc/ssh/sshd_config on the server again 'cause my key is 2048 bit.

ServerKeyBits 2048

Then tried again.

$ ssh -v -p 9999 testac@192.168.0.5
OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t  3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.0.5 [192.168.0.5] port 9999.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/emmm/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA --:--:--:--:--:--:--:--:--:--:--:--:--:--:--:--
debug1: Host '[192.168.0.5]:9999' is known and matches the ECDSA host key.
debug1: Found key in /home/emmm/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: emmm@jessie
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/emmm/.ssh/id_rsa
debug1: Trying private key: /home/emmm/.ssh/id_dsa
debug1: Trying private key: /home/emmm/.ssh/id_ecdsa
debug1: Trying private key: /home/emmm/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).

Restoring /etc/ssh/sshd_config by

ServerKeyBits 1024

was not helpful.
How can I do ssh with authentication key instead of password?

Cheers,
EenyMeenyMinyMoa


2016-12-06 15:22 GMT+09:00 Andy Smith <andy@strugglers.net>:
Hi,

On Tue, Dec 06, 2016 at 01:33:07PM +0900, EenyMeenyMinyMoa wrote:
> But when I execute either of these commands
> $ ssh -p 9999 testac@192.168.0.5
> $ ssh -p 9999 -l testac -i ~/.ssh/id_rsa_test 192.168.0.5
> , the terminal doesn't resopnd for minutes and finally gives this message.
> ssh: connect to host 192.168.0.5 port 9999: Connection timed out

The settings you've shown seem correct but the above output implies
a lack of connectivity. Have you checked there is no firewall
preventing port 9999 TCP communication?

To list rules:

# iptables -nL

If that comes up empty, some basic connectivity checks (ping
192.168.0.5 from client) may be useful.

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

"I'd be happy to buy all variations of sex to ensure I got what I wanted."
 — Gary Coates (talking about cabling)

Reply to: