Ask Your Question
0

Can't login to a remote machine with key

asked 2015-10-12 05:53:30 -0500

rudrab gravatar image

Hi, I used to login to a remote machine( I have to root of this machine) using key. Both my local machine and remote machine is in f23. From last few days, I can't login to this machine using key. It is asking for password. Here is the ssh -vvv:

ssh -vvv aveta
OpenSSH_7.1p1, OpenSSL 1.0.2d-fips 9 Jul 2015
debug1: Reading configuration data /home/rudra/.ssh/config
debug1: /home/rudra/.ssh/config line 4: Applying options for aveta
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to phy-aveta.physics.uu.se [130.238.194.143] port 22.
debug1: Connection established.
debug1: identity file /home/rudra/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rudra/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to phy-aveta.physics.uu.se:22 as 'rudra'
debug3: hostkeys_foreach: reading file "/home/rudra/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/rudra/.ssh/known_hosts:16
debug3: load_hostkeys: loaded 1 keys from phy-aveta.physics.uu.se
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm ...
(more)
edit retag flag offensive close merge delete

Comments

1

Looks like a simple matter of your server refusing to accept /home/rudra/.ssh/id_rsa, to me. Did you double check your ~/.ssh/authorized_keys file on the remote server to ensure it is correct? If you completely destroyed ~/.ssh on the remote server and used ssh-copy-id to rebuild it, it should have only one entry which should be easily verified. If it looks correct, check to make sure your .ssh directory and its contents are correctly labeled for SELinux (unconfined_u:object_r:ssh_home_t:s0) and that the permissions to the authorized_keys file are correct (600).

bitwiseoperator gravatar imagebitwiseoperator ( 2015-10-12 09:55:46 -0500 )edit

The 0600 mode can be safely applied to ~.ssh/* - that's all private.

randomuser gravatar imagerandomuser ( 2015-10-12 22:11:18 -0500 )edit
1

Yeah, and for the sake of security, sshd will actually refuse to make use of those keys if their file modes aren't appropriate, so definitely double check.

bitwiseoperator gravatar imagebitwiseoperator ( 2015-10-13 08:32:05 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-11-04 12:18:28 -0500

howe_steven gravatar image

/etc/ssh/sshd_config has the DSA key disabled by default. No did the install create such a key. Solution, use one of the other key formats. I used ssh-keygen -t ecdsa and ssh-copy-id -i .ssh/id_ecdsa.pub user@remote_host to distribute the new keys. Works fine now.

edit flag offensive delete link more

Comments

I'd recommend the standard RSA unless you have any objection to it, but way to solve your problem!.

bitwiseoperator gravatar imagebitwiseoperator ( 2015-11-05 23:12:58 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-10-12 05:53:30 -0500

Seen: 608 times

Last updated: Oct 12 '15