This question already has answers here:
Fedora 33 git pull or clone no longer working and/or ssh key no longer recognized
(2 answers)
Closed 2 years ago.
I am trying to setup ssh for my bitbucket following this official tutorial, however at the last step of troubleshooting the connection I get following
git#bitbucket.org: Permission denied (publickey).
here is the output of ssh -Tv git#bitbucket.org
OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS 8 Dec 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to bitbucket.org [2406:da00:ff00::22c5:2ef4] port 22.
debug1: Connection established.
debug1: identity file /home/myuser/.ssh/id_rsa type 0
debug1: identity file /home/myuser/.ssh/id_rsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_dsa type -1
debug1: identity file /home/myuser/.ssh/id_dsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/myuser/.ssh/id_ed25519 type -1
debug1: identity file /home/myuser/.ssh/id_ed25519-cert type -1
debug1: identity file /home/myuser/.ssh/id_ed25519_sk type -1
debug1: identity file /home/myuser/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/myuser/.ssh/id_xmss type -1
debug1: identity file /home/myuser/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version conker_c123b90d72-dirty conker-3003
debug1: no match: conker_c123b90d72-dirty conker-3003
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256#libssh.org need=64 dh_need=64
debug1: kex: curve25519-sha256#libssh.org need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:<random symbols>
The authenticity of host 'bitbucket.org (2406:da00:ff00::22c5:2ef4)' can't be established.
RSA key fingerprint is SHA256:<random symbols>.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'bitbucket.org,2406:da00:ff00::22c5:2ef4' (RSA) to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/jiraichi/.ssh/id_rsa RSA SHA256:<random symbols> agent
debug1: Will attempt key: /home/myuser/.ssh/id_dsa
debug1: Will attempt key: /home/myuser/.ssh/id_ecdsa
debug1: Will attempt key: /home/myuser/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/myuser/.ssh/id_ed25519
debug1: Will attempt key: /home/myuser/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/myuser/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/jiraichi/.ssh/id_rsa RSA SHA256:<random symbols> agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/myuser/.ssh/id_dsa
debug1: Trying private key: /home/myuser/.ssh/id_ecdsa
debug1: Trying private key: /home/myuser/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/myuser/.ssh/id_ed25519
debug1: Trying private key: /home/myuser/.ssh/id_ed25519_sk
debug1: Trying private key: /home/myuser/.ssh/id_xmss
debug1: No more authentication methods to try.
git#bitbucket.org: Permission denied (publickey).
really stuck here, any help appreciated
Apparently inserting this line PubkeyAcceptedKeyTypes +ssh-rsa into my /etc/ssh/ssh_config solved the problem, I am running Fedora 33
however I am still not sure whether this solution introduces any security risks.
edit: found a better (more clean I would say) solution here, apparently it is a known bug of Fedora 33 and currently workaround should be used.
update: as pointed in the comments correct solution is using ssh-keygen -t ed25519 and copy that public key into your bitbucket account.
Your input contains an error. Remove the 'v' next to '-T'. It should be like this:
ssh -T git#bitbucket.org
Related
I am setting up my SSH keys with github. Did it numerous times earlier so i am pretty much sure that i am doing it right. But its not working. whenever i clone it just gets stuck there for around 5-10 mins and then returns this
Cloning into 'sentry-python'...
Connection to github.com closed by remote host.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Ran this command to check what's going on ssh -vT git#github.com. One of the many lines in output has this
Authenticated to github.com ([13.234.176.102]:22) using "publickey".
Followed official documentation for setting up keys. I believe its something else.
UPDATE:
HTTPs works fine
Output from: ssh -vT git#github.com
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to github.com [13.234.176.102] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version babeld-92f10f70
debug1: compat_banner: no match: babeld-92f10f70
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: <SERVER HOST KEY HERE>
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
debug1: Will attempt key: /home/user/.ssh/id_ecdsa
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/user/.ssh/id_ed25519
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/user/.ssh/id_xmss
debug1: Will attempt key: /home/user/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp256-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,sk-ssh-ed25519#openssh.com,sk-ecdsa-sha2-nistp256#openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
debug1: Server accepts key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
Authenticated to github.com ([13.234.176.102]:22) using "publickey".
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug1: client_input_hostkeys: searching /home/user/.ssh/known_hosts for github.com / (none)
debug1: client_input_hostkeys: searching /home/user/.ssh/known_hosts2 for github.com / (none)
debug1: client_input_hostkeys: hostkeys file /home/user/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: Sending environment.
debug1: channel 0: setting env LANG = "en_IN"
Okay. So earlier logs where till LANG = "en_IN". Now after altering some permission of my keys here's the updated log.
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to github.com [13.234.210.38] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version babeld-92f10f70
debug1: compat_banner: no match: babeld-92f10f70
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: <SERVER HOST KEY>
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/user/.ssh/id_rsa <KEY HERE> agent
debug1: Will attempt key: /home/user/.ssh/id_ecdsa
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/user/.ssh/id_ed25519
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/user/.ssh/id_xmss
debug1: Will attempt key: /home/user/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp256-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,sk-ssh-ed25519#openssh.com,sk-ecdsa-sha2-nistp256#openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
debug1: Server accepts key: /home/user/.ssh/id_rsa RSA <KEY HERE> agent
Authenticated to github.com ([13.234.210.38]:22) using "publickey".
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug1: client_input_hostkeys: searching /home/user/.ssh/known_hosts for github.com / (none)
debug1: client_input_hostkeys: searching /home/user/.ssh/known_hosts2 for github.com / (none)
debug1: client_input_hostkeys: hostkeys file /home/user/.ssh/known_hosts2 does not exist
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: Sending environment.
debug1: channel 0: setting env LANG = "en_IN"
PTY allocation request failed on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi targhs! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Connection to github.com closed.
Transferred: sent 3888, received 2812 bytes, in 0.6 seconds
Bytes per second: sent 6234.8, received 4509.3
debug1: Exit status 1
TL;DR link to what might as well be a duplicate here.
Explanation (long-ish)
You have something new in your edit: agent refused operation. That's the problem here. You are using an ssh agent, and it's the agent that must pass the private key (of the public/private key-pair) to ssh so that your ssh can decrypt the challenge that GitHub have sent to your ssh.
The way ssh authentication works (boiled down a bit) is this:
Your ssh client (ssh command) opens a channel to the host (in this case GitHub).
Your client tells them you'd like to log in as some user name (in this case git: GitHub always requires this as a constant).
Their ssh server then says: I might let you in, provided you prove to me that you have permission. Send me a public key.
Your client then pokes around to look for a public key to send. It finds one and sends it.
Their server checks to see if that ssh key is a valid key. It is; it's registered to you. But maybe you're not targhs. Maybe you've snagged the public key from the real targhs, and this connection is from an imposter! So they want to make sure you're really targhs. They use the public key to encrypt a random value, and send you—or rather, your client ssh—the value, challenging you to decrypt it.
Your client now requires the private key.
It's pretty common to have both public and private keys stored in a file on your computer (e.g., on your laptop). When this is the case, your ssh client can just open and read the private key file, giving it access to that private key. For security purposes, though, you can do one or both of these two things:
Not supply the private key at all. Keep it only in an agent.
Keep the private key in an encrypted file, so that a decryption key—separate from the public and private key—is required to read the private key.
If you've done either or both of these, your ssh client now needs help.
To get that help, your ssh client can:
interact directly with you, the user, via the keyboard: this may or may not be permitted; or
consult an ssh agent.
The ssh agent enables ssh clients to interact with you, the user, and provide the (secret) private key, even if it's not on the computer on which you're running ssh, or if it's just encrypted, or whatever. To do that, the ssh client asks the ssh agent for the key.
Your ssh agent says: Nuh-uh, not gonna give you the key!
Why does your ssh agent say that? That's the mystery here; that's what you have to figure out. There are multiple possible reasons. Fortunately, they're all pretty well covered in a separate StackOverflow question and answers: see How to solve "sign_and_send_pubkey: signing failed: agent refused operation"?
I am currently doing the Build and Secure Networks in Google Cloud: Challenge Lab from Google Cloud Skills Boost. I finished challenge number 1-5, but got stuck in challenge number 6:
In the Compute Engine instances page, click the SSH button for the bastion host. Once connected, SSH to juice-shop.
After SSH to bastion, I typed ssh (IP address of juice-shop), but it results in Permission denied (publickey). error. I tried typing -v after the SSH command, and this is what shows up after executing:
OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.11.2 [192.168.11.2] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u7
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.11.2:22 as 'student-04-e657ce74df3d'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:T6OeQTHDWFMJTDZ8K02/glob0my9gLLdqH4IOJFIzwc
debug1: Host '192.168.11.2' is known and matches the ECDSA host key.
debug1: Found key in /home/student-04-e657ce74df3d/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_fetch_identitylist: invalid format
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/student-04-e657ce74df3d/.ssh/id_rsa
debug1: Trying private key: /home/student-04-e657ce74df3d/.ssh/id_dsa
debug1: Trying private key: /home/student-04-e657ce74df3d/.ssh/id_ecdsa
debug1: Trying private key: /home/student-04-e657ce74df3d/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
After checking the .ssh folder, the only file in there is known_hosts, and the content is |1|Ufd+u5OJlKnZGrn7IXI2Bu/4XUs=|U1BWwkP97chmDwk/6E71T7UvKHM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJuxpHVNlFCmVFiHVuq+wKn/WlMs9thpNHT2M8rExeTYeEbjq//qlHLkZFMyEXFKaLAaMVHCG1O5ohR+KRuugXU=
Has the same problem occurred to anyone else, or does anybody have any solution to this problem? Any help would be appreciated, thank you.
Run this command in bastion SSH.
gcloud compute ssh juice-shop --internal-ip
after this keep empty in passphrase and press enter two times and press y in y/n.
and check your progress.
OpenSSH_8.6p1, OpenSSL 1.1.1k 25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 134.209.151.146 [134.209.151.146] port 22.
debug1: Connection established.
debug1: identity file /home/clive/.ssh/id_rsa type -1
debug1: identity file /home/clive/.ssh/id_rsa-cert type -1
debug1: identity file /home/clive/.ssh/id_dsa type -1
debug1: identity file /home/clive/.ssh/id_dsa-cert type -1
debug1: identity file /home/clive/.ssh/id_ecdsa type -1
debug1: identity file /home/clive/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/clive/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/clive/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/clive/.ssh/id_ed25519 type 3
debug1: identity file /home/clive/.ssh/id_ed25519-cert type -1
debug1: identity file /home/clive/.ssh/id_ed25519_sk type -1
debug1: identity file /home/clive/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/clive/.ssh/id_xmss type -1
debug1: identity file /home/clive/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 134.209.151.146:22 as 'clive'
debug1: load_hostkeys: fopen /home/clive/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:X9T8dMRejOJgTDfHZo5kRvoVTD1moCRzX0F2jJmgGRk
debug1: load_hostkeys: fopen /home/clive/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '134.209.151.146' is known and matches the ED25519 host key.
debug1: Found key in /home/clive/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/clive/.ssh/id_rsa
debug1: Will attempt key: /home/clive/.ssh/id_dsa
debug1: Will attempt key: /home/clive/.ssh/id_ecdsa
debug1: Will attempt key: /home/clive/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/clive/.ssh/id_ed25519 ED25519 SHA256:808r4DrP8TnWnnXssQLn1rV0/fgWlyq3eF2s4Po2KZw
debug1: Will attempt key: /home/clive/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/clive/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/clive/.ssh/id_rsa
debug1: Trying private key: /home/clive/.ssh/id_dsa
debug1: Trying private key: /home/clive/.ssh/id_ecdsa
debug1: Trying private key: /home/clive/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/clive/.ssh/id_ed25519 ED25519 SHA256:808r4DrP8TnWnnXssQLn1rV0/fgWlyq3eF2s4Po2KZw
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/clive/.ssh/id_ed25519_sk
debug1: Trying private key: /home/clive/.ssh/id_xmss
debug1: No more authentication methods to try.
clive#134.209.151.146: Permission denied (publickey).
Can anyone help me figure it out? I'm trying to disable password and reconnect after updating authorized_keys file, but this is the error I get whenever I set PasswordAuthintication flag to no. I have already tried doing ssh-copy-id -i ~/.ssh/test2.pub username#hostip where test2 is the newly generated pub id. I'm kindof lost as where to begin. It seems my local machine is not able to find a folder called known_hosts2 but idk how to proceed further.
Are you connecting with a propery key (e.g. sh-copy-id -i ~/.ssh/test2 username#hostip)
If your key in /home/clive/.ssh/authorized-keys?
Is the file sufficiently well-protected?
E.g.:
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
Also check your server-side debug log (usually in /var/log) for hints on what's causing failures in login.
I just order a VPS in Vultr, and want set to ssh without passwords. after configured the ssh key things, I think it should be work, but failed.
yes, I have multiple ssh configures like github, gitlab or some other things and this is the configure file
Host gitlab
HostName cd.i.foo.com
IdentityFile ~/.ssh/id_rsa
Host github
HostName github.com
IdentityFile ~/.ssh/id_rsa_gayhub
Host vultr
HostName 198.13.59.103
Port 22
User root
IdentityFile ~/.ssh/id_rsa_vultr
but when I try with specified path ssh root#198.13.59.103 -i ~/.ssh/id_rsa_vultr, it can work!!!
below is some more log with ssh -v -v root#198.13.59.103
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/xdguo/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 198.13.59.103 port 22.
debug1: Connection established.
debug1: identity file /Users/xdguo/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 198.13.59.103:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:s8qKj8CKXc6tp7zmVV32hiqHvdrxk46JVJQlQfpOQ0Q
debug1: Host '198.13.59.103' is known and matches the ECDSA host key.
debug1: Found key in /Users/xdguo/.ssh/known_hosts:40
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LBGwqZmXcUwd6kqIuDAxIj+jbPBeLbU1uwrxN1mQRKQ /Users/xdguo/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/xdguo/.ssh/id_dsa
debug1: Trying private key: /Users/xdguo/.ssh/id_ecdsa
debug1: Trying private key: /Users/xdguo/.ssh/id_ed25519
debug1: Next authentication method: password
root#198.13.59.103's password:
I think I spend lots of time here, it really maked me confused, thanks in advance for any help
ssh -v -v root#198.13.59.103 would not work, as it would default to id_rsa.
You need to test:
ssh -Tvv vultr
Only that "URL" (vultr) would be the equivalent of ssh root#198.13.59.103 -i ~/.ssh/id_rsa_vultr: it would find everything it needs in your ~/.ssh/config, under the Host vultr entry.
Doesn't look like it accepts an RSA-signed key.
Look at these lines:
debug1: Trying private key: /Users/xdguo/.ssh/id_dsa
debug1: Trying private key: /Users/xdguo/.ssh/id_ecdsa
debug1: Trying private key: /Users/xdguo/.ssh/id_ed25519
It's looking for a private key signed with DSA instead.
Try again and create a private-public pair signed with DSA instead. (No need to remove your other private key; you can have as many as you want of as many different types as you want on your machine.)
I am attempting to ssh into a a EC2 machine and ssh has stopped working. I'm not sure how I broke it but it is now unable to connect. I already tried creating a new key but it is not helping.
$ ssh -vT ****#****.****-2.compute.amazonaws.com
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to ec2-****.****-2.compute.amazonaws.com [****] port 22.
debug1: Connection established.
debug1: identity file /home/Brad/.ssh/id_rsa type 1
debug1: identity file /home/Brad/.ssh/id_rsa-cert type -1
debug1: identity file /home/Brad/.ssh/id_dsa type -1
debug1: identity file /home/Brad/.ssh/id_dsa-cert type -1
debug1: identity file /home/Brad/.ssh/id_ecdsa type -1
debug1: identity file /home/Brad/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/Brad/.ssh/id_ed25519 type -1
debug1: identity file /home/Brad/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ****
debug1: Host '****.****-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/Brad/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/Brad/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/Brad/.ssh/id_dsa
debug1: Trying private key: /home/Brad/.ssh/id_ecdsa
debug1: Trying private key: /home/Brad/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
I have replaced all of the personal info with *.
Thank you
Nowhere in your command you are referring the ssh private key. Try running command as below:
ssh -i <path_to_the_private_key> ubuntu#<EC2_Hostname>
In above command, note that I have used the username as ubuntu. Depending on which AMI you are using, you should change the username which corresponds to that AMI.