For some reason I can't log in to the server with SSH. I wrote to the server administrator and he told me that connection is blocked by sshguard. In addition, he sent me a list of my login attempts ( sudo grep publickey\ for\ <myusername> /var/log/auth command output). It looked like this:
.
.
.
May 12 21:38:16 boss sshd[3003]: Failed publickey for <myusername> from
<myip> port 24057 ssh2: RSA
SHA256:hqddgd...VHhFM
May 12 21:38:16 boss sshd[3003]: Failed publickey for <myusername> from
<myip> port 24057 ssh2: RSA
SHA256:1NwYXJ66...+U5MqJ0
May 12 21:38:21 boss sshd[3003]: Accepted publickey for <myusername> from
<myip> port 24057 ssh2: RSA
SHA256:A6uQ/jb...I9UjXzc
May 12 21:39:29 boss sshd[3151]: Failed publickey for <myusername> from
<myip> port 23837 ssh2: RSA
SHA256:hqddgd...VHhFM
May 12 21:39:30 boss sshd[3151]: Failed publickey for <myusername> from
<myip> port 23837 ssh2: RSA
SHA256:1NwYXJ66...+U5MqJ0
.
.
.
Whenever I tried to log in I sent keys that had checksums in order: hqddgd...VHhFM, 1NwYXJ66...+U5MqJ0, A6uQ/jb...I9UjXzc. The third time my connection was always accepted. I don't know if this is a coincidence, but I have exactly three keys in the ~/.ssh/ directory. In addition, the ~/.ssh/config file looks like this:
Host <server to which I want to log in>
HostName <nice domain>
User <myusername>
IdentityFile ~/.ssh/<myusername>
Host <another server>
HostName <nice domain>
User <another username>
IdentityFile ~/.ssh/<another username>
Why is this happening? Why SSH sends different keys with this same configuration?
You must add this line to your configuration file:
IdentitiesOnly=yes
Related
I've been trying for far too long to get an SSH command working from Drone, which runs in a Docker container called bb. I've added RUN echo " IdentityFile /root/.ssh/id_rsa" >> /etc/ssh/ssh_config in my Dockerfile per some recommendations in other threads.
I've used docker run -it bb /bin/bash to check that SSH keys are there, and I can successfully SSH into a remote host using that interactive terminal.
However, when I try to do the same command using the .drone.yml build script like this:
image: bb
script:
- whoami
- ssh -vvv -t -t 192.0.2.1 "whoami"
...I get "Permission denied" errors after being bumped down to password-based identification. (The whoami runs inside the container, outputs root, and continues to the ssh command.)
I've boiled down the verbose output to this relevant piece:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp f2:...
debug3: sign_and_send_pubkey: RSA f2:...
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
...where it clearly says "we did not send a packet, disable method". I've checked the key's fingerprint with ssh-keygen -lf /root/.ssh/id_rsa and it matches the one in the output.
I then watched the auth logs (/var/log/auth.log) on the remote host and I can see my successful tests, but when Drone runs its container the logs report that `RSA_public_decrypt failed'. Here are the logs.
Successful (interactive container) login:
Accepted publickey for root from 192.0.2.1 port 59472 ssh2: RSA f2:...
pam_unix(sshd:session): session opened for user root by (uid=0)
Received disconnect from 192.0.2.1: 11: disconnected by user
pam_unix(sshd:session): session closed for user root
Failed (Drone container) login:
error: RSA_public_decrypt failed: error:04067084:lib(4):func(103):reason(132)
Failed password for root from 192.0.2.1 port 54172 ssh2
Failed password for root from 192.0.2.1 port 54172 ssh2
Connection closed by 192.0.2.1 [preauth]
So it looks like my key is not sent by the Drone container. I've run whoami in the build script, and it reports that it's running as root, which is what I expect.
How can I get this to work?
GOT IT. While digging around in the settings for that repository, I noticed a "Public Key" field:
I tried adding that to the authorized_keys file, and running my .drone.yml, and what do you know - it worked. Went back and checked the docs - it's nowhere to be found. Undocumented super secret field FTW.
I am trying to connect to remote solaris machine from a linux server using ssh but not able to connect to the solaris machine. I am using below ssd command to connect to the solaris machine
ssh <host_name>
After giving this command, I am not getting any prompt for username and password. Is it the limitation for linux to solaris connection ??
The output is:
root#host> ssh -v user#solaris_host
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to solaris_host [solaris_host] port 22.
debug1: connect to address solaris_host port 22: Connection timed out
ssh: connect to host solaris_host port 22: Connection timed out
Go over following steps
Check the network connectivity with your target, e.g. ping.
Check if the port 22 is open on your remote host e.g. nmap -A 192.168.0.5/32 -p 22
Check if ssh daemon is running on your target svcs ssh
Come back, when the problem still exists.
I have a virtual linux build running on qemu (It runs drop bear as ssh client.) and I am trying to copy some modules I wrote to it using scp using the following command:
scp -vvv -p 2222 wd/day10/int_mod.ko root#localhost:/lib/modules/3.13.5/int_mod.ko
And I get Connection refused error more specifically (I forwarded 2222 to 22 of virtual machine.):
Executing: program /usr/bin/ssh host localhost, user root, command scp -v -p -d -t /lib/modules/3.13.5/int_mod.ko
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused
lost connection
What I don't understand is I can easily connect to ssh using
ssh -p 2222 root#localhost
I can connect without any problem.
ssh and scp use different options for specifying the port. From the ssh man page:
[-p port]
From the scp man page:
[-P port]
scp uses capital P. Notice how your debug output says port 22 connection refused when you are trying to connect to port 2222.
Problem is that , ssh package is not installed completely!
you must install ssh and openssh-client so on... with Synaptic Package Manager!
in Synaptic Package Manager , first type ssh in search filter and mark ssh. then click on Apply Button to install ssh services for server and client.
by this way your problem will fixed 100 Percentage!!!
see bellow Please:
I'm attempting to set up x11 forwarding to monitor video on an embedded robotics platform yet I cannot seem to get the board to generate graphical output. I'm running Arch Linux on a Beagleboard xM wired directly over ethernet (though, I plan to use WiFi in the future). When I try to set the DISPLAY variable it will accept it but when I attempt to run an x11 application is says:
(Object:287): Gtk-WARNING **: cannot open display: [displaynamehere]
obviously [displaynamehere] was whatever I tried to set as the display, yet no display location seemed to work. What's weird is that whenever I connect through ssh -X it does not give me any errors and it does not save my DISPLAY variable.
(EDIT) I also checked the debug log and got this output:
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 315
debug2: parse_server_config: config /etc/ssh/sshd_config len 315
debug3: /etc/ssh/sshd_config:53 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:75 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:96 setting UsePAM yes
debug3: /etc/ssh/sshd_config:101 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:104 setting PrintMotd no
debug3: /etc/ssh/sshd_config:108 setting UsePrivilegeSeparation sandbox
debug3: /etc/ssh/sshd_config:124 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_dsa_key" as a RSA1 public key
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/bin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
Any suggestions would be greatly appreciated, I've been trying at this with google for almost a week now to no avail.
Thanks a lot!
On the server
Edit /etc/ssh/sshd_config:
AllowAgentForwarding yes
AllowTcpForwarding yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
Restart the sshd daemon:
sudo service sshd restart
# or
sudo /etc/init.d/ssh restart
# or whatever way of restarting your box services works on your distro...
Install the packages (Ubuntu/Debian):
apt-get -y update
apt-get -y install xauth
Install the packages (RHEL/CentOS):
yum -y update
yum -y install xauth
Now exit the server:
exit
On the client
Set the DISPLAY environment variable locally:
export DISPLAY=:0.0
and start a trusted SSH connection to the server:
ssh -Y $ssh_user#$ssh_server
Verify success with a graphical app. Install an app supporting X11 forwarding, if needed. As an example:
yum -y install xclock
and action:
for i in {1..3} ; do bash -c "xclock &" ; done ;
Whenever I had this problem it was almost always about following two options, I think you should set them as below before making any further changes on your configuration like setting DISPLAY, etc.
X11Forwarding yes
X11UseLocalhost no
ssh should set the DISPLAY automatically.
usual suspects: missing "X11Forwarding yes" in /etc/ssh/sshd_config
To debug you can run verbose mode on the client and server and you may notice something :
try on the "server" side (debug mode, no daemon)
$ /usr/sbin/sshd -d -p 222
on the "client":
$ ssh -v -Y phil#192.168.0.14 -p 222
Once in a while I meet an odd thing, like 'missing xauth' ...
Executing start of services on the subordinate nodes of a cluster by means of the following command:
hadoop#one:/export/hadoop-1.0.1/bin$. ./start-all.sh
not the first time I receive result
starting namenode, logging to /export/hadoop-1.0.1/libexec/../logs/hadoop--namenode-one.out
192.168.1.10: starting datanode, logging to /export/hadoop-1.0.1/libexec/../logs/hadoop-hadoop-datanode-myhost2.out
192.168.1.11: ssh: connect to host 192.168.1.11 port 22: Connection timed out
192.168.1.5: starting secondarynamenode, logging to /export/hadoop-1.0.1/libexec/../logs/hadoop-hadoop-secondarynamenode-one.out
starting jobtracker, logging to /export/hadoop-1.0.1/libexec/../logs/hadoop--jobtracker-one.out
192.168.1.10: starting tasktracker, logging to /export/hadoop-1.0.1/libexec/../logs/hadoop-hadoop-myhost2.out
192.168.1.11: ssh: connect to host 192.168.1.11 port 22: Connection timed out
How do I fix the error below:
ssh: connect to host port 22: Connection timed out
hadoop#one: /export/hadoop-1.0.1/bin$ ssh -vvv 192.168.1.10
Sun_SSH_1.5, SSH protocols 1.5/2.0, OpenSSL 0x1000004f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.10 [192.168.1.10] port 22
debug1: connect to address 192.168.1.10 port 22: Connection timed out
ssh: connect to host 192.168.1.10 port 22: Connection timed out
What to do to correct an error?
Do you have sshd daemon running on your machine? Your OS might come with ssh, but in order to start sshd daemon, you need to install ssh completely. By complete I mean :
ssh : The command we use to connect to remote machines - the client.
sshd : The daemon that runs on the server and allows clients to
connect to this server.
Also, make sure there is no issue with port 22. If you still face some issue try ssh with -v switch to get the complete trace.
ssh -v myhost2
You can go here for a detailed explanation of ssh.