I try to run an SSH Server with openSSH and configure a passwordless user for ssh tunneling
root#kali:~/myssh# ssh -V
OpenSSH_8.3p1 Debian-1, OpenSSL 1.1.1g 21 Apr 2020
I already testing SSH Server on raspberry and CENTOS VPS and I got an error like below
tunnel#192.168.1.99: Permission denied (publickey).
my ssh server has a user ' tunnel ' without a password and I generate RSA keys ( without the passphrase ) with ssh-keygen for this user and also an HostKey File
ssh-keygen -t rsa -f ~/myssh/tunnel/id_rsa -P ""
ssh-keygen -t ed25519 -f ~/myssh/ssh_host_ed25519_key
and Here is my custon_config.conf ( ~/myssh/custon_config.conf )
Protocol 2
ListenAddress 192.168.1.99
HostKey /root/myssh/ssh_host_ed25519_key
Port 2222
Ciphers chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
MACs umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
PermitRootLogin no
AuthorizedKeysFile /root/myssh/tunnel/id_rsa
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
I run my ssh server using this command
/usr/sbin/sshd -f /root/myssh/tunnel_ssh.conf && while true;do sleep 30; done;
and try to connect it on my pc like this
ssh tunnel#192.168.1.99 -p 2222 -i /mykeys/id_rsa
the id_rsa file is the tunnel user RSA key that generated on Server
Now I don't know what's wrong with my keys and permissions also I try the .pub key and it didn't work.
I'll appreciate that if somebody helps me to fix this
UPDATE
I try to regenerate the keys for tunnel user and try to connect with -vvv
I try to run an SSH Server with openSSH and configure a passwordless user for ssh tunneling
root#kali:~/myssh# ssh -V
OpenSSH_8.3p1 Debian-1, OpenSSL 1.1.1g 21 Apr 2020
I already testing SSH Server on raspberry and CENTOS VPS and I got an error like below
tunnel#192.168.1.99: Permission denied (publickey).
my ssh server has a user ' tunnel ' without a password and I generate RSA keys ( without the passphrase ) with ssh-keygen for this user and also an HostKey File
ssh-keygen -t rsa -f ~/myssh/tunnel/id_rsa -P ""
ssh-keygen -t ed25519 -f ~/myssh/ssh_host_ed25519_key
and Here is my custon_config.conf ( ~/myssh/custon_config.conf )
Protocol 2
ListenAddress 192.168.1.99
HostKey /root/myssh/ssh_host_ed25519_key
Port 2222
Ciphers chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
MACs umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
PermitRootLogin no
AuthorizedKeysFile /root/myssh/tunnel/id_rsa
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
I run my ssh server using this command
/usr/sbin/sshd -f /root/myssh/tunnel_ssh.conf && while true;do sleep 30; done;
and try to connect it on my pc like this
ssh tunnel#192.168.1.99 -p 2222 -i /mykeys/id_rsa
the id_rsa file is the tunnel user RSA key that generated on Server
Now I don't know what's wrong with my keys and permissions also I try the .pub key and it didn't work.
I'll appreciate that if somebody helps me to fix this
UPDATE
I try to regenerate the keys for tunnel user and try to connect with -vvv ( this run on Termux )
OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020
debug1: Reading configuration data /data/data/com.termux/files/usr/etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.1.99 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/data/data/com.termux/files/home/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/data/data/com.termux/files/home/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug2: ssh_connect_direct
debug1: Connecting to 192.168.1.99 [192.168.1.99] port 2222.
debug1: Connection established.
debug1: identity file /data/data/com.termux/files/home/myssh/id_rsa.pub type 0
debug1: identity file /data/data/com.termux/files/home/myssh/id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.3p1 Debian-1
debug1: match: OpenSSH_8.3p1 Debian-1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.99:2222 as 'tunnel'
debug3: put_host_port: [192.168.1.99]:2222
debug3: hostkeys_foreach: reading file "/data/data/com.termux/files/home/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /data/data/com.termux/files/home/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [192.168.1.99]:2222
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01#openssh.com,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01#openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com,sk-ssh-ed25519#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-ed25519 SHA256:EyzYn+F+Awaoke1PPJfMECvyopckZG/s9S9hjsDn8hw
debug3: put_host_port: [192.168.1.99]:2222
debug3: put_host_port: [192.168.1.99]:2222
debug3: hostkeys_foreach: reading file "/data/data/com.termux/files/home/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /data/data/com.termux/files/home/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [192.168.1.99]:2222
debug3: hostkeys_foreach: reading file "/data/data/com.termux/files/home/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /data/data/com.termux/files/home/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [192.168.1.99]:2222
debug1: Host '[192.168.1.99]:2222' is known and matches the ED25519 host key.
debug1: Found key in /data/data/com.termux/files/home/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /data/data/com.termux/files/home/myssh/id_rsa.pub RSA SHA256:cbuXmcG8RZ6OVZJ757b1e9gbR8rLijiw/4FzJGSKvZw explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /data/data/com.termux/files/home/myssh/id_rsa.pub RSA SHA256:cbuXmcG8RZ6OVZJ757b1e9gbR8rLijiw/4FzJGSKvZw explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
tunnel#192.168.1.99: Permission denied (publickey).
Related
I'm using ubuntu AWS instance it worked fine previously but today I tried to login using ssh but it keeps denying me
I also tried correcting permission of pem file chmod 400 and 600 and I checked user again ubuntu or not by connecting root it said
Please login as the user "ubuntu" rather than the user "root".
also tried ssh with sudo still not able to connect.
Here the verbose output while i'm connecting ssh -vvv -i {pemfile} ubuntu#{ip}
ssh -vvv -i "myfile.pem" ubuntu#ec2-xx-xxx-xxx-xxx.ap-xxxx-1.compute.amazonaws.com
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "ec2-xx-xxx-xxx-xxx.ap-xxxx-1.compute.amazonaws.com" port 22
debug2: ssh_connect_direct
debug1: Connecting to ec2-xx-xxx-xxx-xxx.ap-xxxx-1.compute.amazonaws.com [13.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file myfile.pem type -1
debug1: identity file myfile.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to ec2-xx-xxx-xxx-xxx.ap-xxxx-1.compute.amazonaws.com:22 as 'ubuntu'
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user/.ssh/known_hosts:40
debug3: load_hostkeys: loaded 1 keys from ec2-xx-xxx-xxx-xxx.ap-xxxx-1.compute.amazonaws.com
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256#openssh.com,ssh-ed25519,sk-ssh-ed25519#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512#openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:kaOCGj+Dgbbm8LqMeci7YjRjl5zBYHDhgq173rGs9ZA
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user/.ssh/known_hosts:40
debug3: load_hostkeys: loaded 1 keys from ec2-xx-xxx-xxx-xxx.ap-xxxx-1.compute.amazonaws.com
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user/.ssh/known_hosts:41
debug3: load_hostkeys: loaded 1 keys from 13.xxx.xxx.xxx
debug1: Host 'ec2-xx-xxx-xxx-xxx.ap-xxxx-1.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:40
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: myfile.pem RSA SHA256:hQqliBUwEKzZ+ZCA/K9hIoODTG+Ao9IsDNp/ncSl7CM agent
debug1: Will attempt key: myfile.pem explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com,webauthn-sk-ecdsa-sha2-nistp256#openssh.com>
debug1: kex_input_ext_info: publickey-hostbound#openssh.com (unrecognised)
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: myfile.pem RSA SHA256:hQqliBUwEKzZ+ZCA/K9hIoODTG+Ao9IsDNp/ncSl7CM agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: myfile.pem
debug3: sign_and_send_pubkey: RSA SHA256:hQqliBUwEKzZ+ZCA/K9hIoODTG+Ao9IsDNp/ncSl7CM
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:hQqliBUwEKzZ+ZCA/K9hIoODTG+Ao9IsDNp/ncSl7CM
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
ubuntu#ec2-xx-xxx-xxx-xxx.ap-xxxx-1.compute.amazonaws.com: Permission denied (publickey).
Honestly it looks like your key is not accepted by the server as the client does not indicate any errors, simply that no other authentication methods are available.
I don't have too much experience with AWS but I would suggest checking the /var/log/auth.log file on the server.
That will probably shed some light on why the key is not allowed on the machine.
Also worth checking is the ˜/.ssh/authorized_keys file on the server so you can compare the keys.
Perhaps the permissions on this file are too open.
With the logging you provided there is not much left but to guess.
I solved with myself with different method
here what i done.
Instances -> Open Your Instance -> Action -> Monitor and Troubleshoot -> EC2 Serial Console -> now enable if not enabled -> connect
or
EC2 Instance Connect Method
it will open new tab with ssh you can login using ubuntu or other user and with the password you used
after logined inside
$ sudo nano /etc/ssh/sshd_config
or
$ sudo vi /etc/ssh/sshd_config
Replace this lines
UsePAM yes
IgnoreUserKnownHosts no
PasswordAuthentication no
With these modification
UsePAM no
IgnoreUserKnownHosts no
PasswordAuthentication yes
save the file and restart ssh service
$ sudo systemctl restart ssh
after that you can login directly with
$ ssh ubuntu#<ip>
and enter password that's all.
There is other methods like changing the authorized_keys or change the pubic keys with yours
Aim : Do SCP across 2 VMs with PORT and IP Forwarding in sshd_config file of VM1.
There are 2 servers serverX, serverY.
I would like to transfer a file from my windows machine to remote machine(serverY). But I can't reach serverY directly, hence I am routed via serverX.
Here's how the configuration of serverX portX's /etc/ssh/sshd_config looks
Match user arunch3x
AllowStreamLocalForwarding yes
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
PasswordAuthentication yes
AllowTCPForwarding yes
ForceCommand ssh arunch3x#serverY -p portY
When I do ssh to serverX portX, I am automatically routed to serverY portY. SSH is fine.
But When I do SCP to serverX portX, its not getting completed, it goes into hang-mode.
Expectation: When I do SCP to serverX portX, it must automatically route to serverY portY as per the configurations and file must land in to serverY portY
Please refer to this SCP command that I am running from Windows machine.
scp -P portX tests.json arunch3x#serverX:/tmp/tests.json
As per the above command file tests.json must land in serverY portY directory /tmp as /tmp/tests/json
Error :
After executing above command it goes into hang mode.
scp -P 30600 tests.json arunch3x#10.74.188.44:/tmp/tests.json
scp -P 30600 tests.json arunch3x#serverY:/tmp/tests.json
Pseudo-terminal will not be allocated because stdin is not a terminal.
OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/arunch3x/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname serverY is address
debug2: ssh_connect_direct
debug1: Connecting to serverY [serverY] port portY.
debug1: Connection established.
debug1: identity file /home/arunch3x/.ssh/id_rsa type 0
debug1: identity file /home/arunch3x/.ssh/id_rsa-cert type -1
debug1: identity file /home/arunch3x/.ssh/id_dsa type -1
debug1: identity file /home/arunch3x/.ssh/id_dsa-cert type -1
debug1: identity file /home/arunch3x/.ssh/id_ecdsa type -1
debug1: identity file /home/arunch3x/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/arunch3x/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/arunch3x/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/arunch3x/.ssh/id_ed25519 type -1
debug1: identity file /home/arunch3x/.ssh/id_ed25519-cert type -1
debug1: identity file /home/arunch3x/.ssh/id_ed25519_sk type -1
debug1: identity file /home/arunch3x/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/arunch3x/.ssh/id_xmss type -1
debug1: identity file /home/arunch3x/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to serverY:portY as 'arunch3x'
debug3: put_host_port: [serverY]:portY
debug3: hostkeys_foreach: reading file "/home/arunch3x/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/arunch3x/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [serverY]:portY
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,sk-ssh-ed25519-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,sk-ecdsa-sha2-nistp256#openssh.com,ssh-ed25519,sk-ssh-ed25519#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:W6y6gFSbfWwMcRWvyhJVCdwYeEy0NlEMpFtcn2lvitA
debug3: put_host_port: [serverY]:portY
debug3: put_host_port: [serverY]:portY
debug3: hostkeys_foreach: reading file "/home/arunch3x/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/arunch3x/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [serverY]:portY
debug3: hostkeys_foreach: reading file "/home/arunch3x/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/arunch3x/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [serverY]:portY
debug1: Host '[serverY]:portY' is known and matches the ECDSA host key.
debug1: Found key in /home/arunch3x/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/arunch3x/.ssh/id_rsa RSA SHA256:0TeS5DDHX3zEccKYK6uMjpwcNPm+gW5l29fzH5rb4cA
debug1: Will attempt key: /home/arunch3x/.ssh/id_dsa
debug1: Will attempt key: /home/arunch3x/.ssh/id_ecdsa
debug1: Will attempt key: /home/arunch3x/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/arunch3x/.ssh/id_ed25519
debug1: Will attempt key: /home/arunch3x/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/arunch3x/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519#openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256#openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/arunch3x/.ssh/id_rsa RSA SHA256:0TeS5DDHX3zEccKYK6uMjpwcNPm+gW5l29fzH5rb4cA
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /home/arunch3x/.ssh/id_rsa RSA SHA256:0TeS5DDHX3zEccKYK6uMjpwcNPm+gW5l29fzH5rb4cA
debug3: sign_and_send_pubkey: RSA SHA256:0TeS5DDHX3zEccKYK6uMjpwcNPm+gW5l29fzH5rb4cA
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:0TeS5DDHX3zEccKYK6uMjpwcNPm+gW5l29fzH5rb4cA
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to serverY ([serverY]:portY).
debug3: ssh_init_stdio_forwarding: serverY:portY
debug1: channel_connect_stdio_fwd serverY:portY
debug1: channel 0: new [stdio-forward]
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: getpeername failed: Bad file descriptor
debug3: send packet: type 90
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting no-more-sessions#openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
debug3: receive packet: type 4
debug1: Remote: /home/arunch3x/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /home/arunch3x/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 2097152 rmax 32768
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-104-generic x86_64)
PS C:\Users\arunch3x\OneDrive - Intel Corporation\Documents\tests> debug3: send packet: type 1
debug1: channel 0: free: direct-tcpip: listening port 0 for serverY port portY, connect from 127.0.0.1 port 65535 to UNKNOWN port 65536, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 direct-tcpip: listening port 0 for serverY port portY, connect from 127.0.0.1 port 65535 to UNKNOWN port 65536 (t4 r0 i0/0 o0/0 e[closed]/0 fd 4/5/-1 sock -1 cc -1)
debug1: fd 0 clearing O_NONBLOCK
debug3: fd 1 is not O_NONBLOCK
debug3: fd 2 is not O_NONBLOCK
Killed by signal 1.
Command line just hangs on showing above error.
Can someone please share some inputs.
I am using a digitalocean droplet with ubuntu 18.04 and am accessing it through ssh from my personal machine, but when i try to ssh into localhost to run hadoop namenode I cannot ssh into the local machine as it says publickey is denied!
I used the following command to create the passwordless ssh key and am logged in as root
also I have made changes in sshd key to allow rootlogin and public key authentication
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
Here is some debug info:
root#pointifex:/home/hadoop/hadoop-3.1.3# ssh -vvv localhost
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "localhost" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to localhost:22 as 'root'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from localhost
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:VoY/DYvLu9rS7UNgB9LFjr7bPARH1Ehu0yXhy8Jcn4E
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from localhost
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /root/.ssh/id_rsa ((nil))
debug1: Skipping ssh-dss key /root/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug2: key: /root/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
root#localhost: Permission denied (publickey).
root#pointifex:/home/hadoop/hadoop-3.1.3#
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
You set up a DSA type key.
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
...
debug1: Skipping ssh-dss key /root/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
The server doesn't accept DSA-type keys, so your client didn't try it.
OpenSSH 7.0 and later deprecated support for ssh-dss keys because such keys aren't considered to be secure. The simplest operation for you is to use a different key type, such as RSA.
I'm trying to setup SSH certificate authorization, by configurin my certificate authority to authenticate users to my server.
I generate a new set of keys, which will I use to sign user
ssh-keygen -f users_ca
Then, I modify SSH daemon configuration to look for this, I open
/etc/ssh/sshd_config
and at the bottom I add the line:
TrustedUserCAKeys /etc/ssh/users_ca.pub
So these changes would take place, I restart SSH daemon
sudo service ssh restart
Then I transfer user's id_rsa.pub on server and sign with
ssh-keygen -s users_ca -I user_username -n username -V +52w id_rsa.pub
That gives me id_rsa-cert.pub file which I transfer to user and by that being done, user should connect to server without any problem.
But, when the user tries to connect using
ssh user#server.com
it gets the following message
no such identity: /home/user/.ssh/id_ed25519: No such file or directory
user#server.com's password:
When I type in the server's password it connects without any problem, but it shouldn't ask for it. Funny thing is, when I do the same steps on the user in virtual machine which is on my server, it connects without asking for the key.
Log after ssh -vvv user#server.com
ssh -vvv user#server.com
OpenSSH_7.3p1 Ubuntu-1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "server.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to server.com port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type 5
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type 3
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1 Ubuntu-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to server.com:22 as 'user'
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys from 10.1.0.207
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com
debug2: compression stoc: none,zlib#openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:upxfSIxzXf8OudhZMCmCNPLOWkw0evLljf9BD/xt/88
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys from server.com
debug1: Host 'server.com' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:8
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/user/.ssh/id_rsa (0x56357deeee40), agent
debug2: key: /home/user/.ssh/id_rsa-cert (0x56357def0120)
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug2: key: /home/user/.ssh/id_ecdsa (0x56357def0620)
debug2: key: /home/user/.ssh/id_ed25519 ((nil)), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA-CERT public key: /home/user/.ssh/id_rsa-cert
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa: No such file or directory
debug1: Offering ECDSA public key: /home/user/.ssh/id_ecdsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_ed25519
no such identity: /home/user/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
user#server.com's password:
Please put id_rsa and id_rsa-cert.pub into same directory, then cd [the directory path] and use ssh username#ip -i id_rsa to login
I'm trying to setup SSH keys for Buildbot's buildbot user, so it can clone my private repo without needing a username and password.
This is how I'm testing:
sudo -u buildbot bash
export HOME=/var/lib/buildbot
cd $HOME
mkdir git
cd git
git clone git#bitbucket.org:myproject/myrepo.git
the last step fails with:
Cloning into 'myrepo'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Why am I getting this error? I've confirmed my SSH key is correct with:
/var/lib/buildbot/.ssh folder exists with the correct permissions
/var/lib/buildbot/.ssh/id_rsa file exists with the correct permissions
/var/lib/buildbot/.ssh/id_rsa.pub file exists with the correct permissions
the content of /var/lib/buildbot/.ssh/id_rsa.pub file has been registered in my Bitbucket account as my SSH key
If I run:
ssh-agent bash -c 'ssh-add /var/lib/buildbot/.ssh/id_rsa; git clone git#bitbucket.org:myproject/myrepo.git'
then it clones my repo perfectly. Why isn't the normal command able to access my SSH key?
Edit: The output of ssh -vvv git#bitbucket.org is:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "bitbucket.org" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to bitbucket.org [104.192.143.2] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/buildbot/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/buildbot/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/buildbot/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/buildbot/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/buildbot/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/buildbot/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/buildbot/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/buildbot/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version conker_1.0.288-e9ef8ea app-123
debug1: no match: conker_1.0.288-e9ef8ea app-123
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to bitbucket.org:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/buildbot/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/buildbot/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,arcfour256,arcfour128
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,arcfour256,arcfour128
debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug3: hostkeys_foreach: reading file "/home/buildbot/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/buildbot/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug3: hostkeys_foreach: reading file "/home/buildbot/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/buildbot/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 104.192.143.2
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /home/buildbot/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/buildbot/.ssh/id_rsa ((nil))
debug2: key: /home/buildbot/.ssh/id_dsa ((nil))
debug2: key: /home/buildbot/.ssh/id_ecdsa ((nil))
debug2: key: /home/buildbot/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/buildbot/.ssh/id_rsa
debug3: no such identity: /home/buildbot/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/buildbot/.ssh/id_dsa
debug3: no such identity: /home/buildbot/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/buildbot/.ssh/id_ecdsa
debug3: no such identity: /home/buildbot/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/buildbot/.ssh/id_ed25519
debug3: no such identity: /home/buildbot/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
Edit: Updating buildbot's home directory in /etc/passwd to point to /var/lib/buildbot causes more problems. Now I can't even access buildbot's home directory as buildbot:
$ sudo -u buildbot bash
$ echo $HOME
/home/ubuntu
$ export HOME=/var/lib/buildbot
$ cd $HOME
bash: cd: /var/lib/buildbot: Permission denied
Buildbot now supports specifying private SSH keys (these changes will be released as part of buildbot 1.3.0). See https://github.com/buildbot/buildbot/pull/4178 and https://github.com/buildbot/buildbot/pull/4160
Disclaimer: I'm the author of these PRs :-)
OpenSSH is not using environment variable $HOME, as you can see from the log, but uses directly the getpwnam() functions to get the real home directory of running user (/home/buildbot/).
You either have to fix it in /etc/passwd or use the ssh-agent or IdentityFile option/config value to the ssh to make ssh use this key.