I made git server on digital ocean and work fine but I want to change authorization from password to SSH key.
Now it's working nice for SSH/SFTP with this server and also with my pi. But git don't want to cooperate.
I have:
/home/git/.ssh on permission 700
/home/git/.ssh/authorized_keys on 644
Shell for git: /usr/bin/git-shell
And on local machine set .ssh/config to load private key from encrypted pendrive
isaac#Isaac-Debian:~$ ssh -vT server
OpenSSH_7.4p1 Debian-10+deb9u3, OpenSSL 1.0.2l 25 May 2017
debug1: Reading configuration data /home/isaac/.ssh/config
debug1: /home/isaac/.ssh/config line 1: Applying options for git-server1.iofist.de
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to serwer ******** port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/isaac/secret/server1git type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/isaac/secret/server1git-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u2
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to server:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:LyaAW9P8EIqkyuf/lEuEIKWTTeu2/3XbOyxx8TmPXa8
debug1: Host 'server1.iofist.de' is known and matches the ECDSA host key.
debug1: Found key in /home/isaac/.ssh/known_hosts:3
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/isaac/secret/server1git
Enter passphrase for key '/home/isaac/secret/server1git':
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
debug1: Trying private key: /home/isaac/secret/server1git
Enter passphrase for key '/home/isaac/secret/server1git':
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
At first it still wants you to have public key, so you must create it too. Second make sure you run ssh as a root. It will resolve the conflicts with Permission denied (publickey).
Related
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to ec2-18-216-48-255.us-east-2.compute.amazonaws.com [10.0.15.9] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file Rifter-Test-Server.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file Rifter-Test-Server.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ec2-18-216-48-255.us-east-2.compute.amazonaws.com:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:KCe1X9MVFUImH5H9q8EkV2VLJ3bSehsJbSLnlWiMM+o
debug1: Host 'ec2-18-216-48-255.us-east-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/gitlab-runner/.ssh/known_hosts:29
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:994)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:994)
debug1: Next authentication method: publickey
debug1: Trying private key: Rifter-Test-Server.pem
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
while my gitlab yaml config's are as follows
deploy:
stage: deploy
before_script:
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo -e “$SSH_PRIVATE_KEY” > ~/.ssh/id_rsa
ssh-keyscan $EC2_IPADDRESS >> ~/.ssh/known_hosts
chmod 700 ~/.ssh/*
tags:
node
script:
- ssh -Tv -i "~/.ssh/id_rsa" ec2-user#ec2-18-216-48-255.us-east-2.compute.amazonaws.com "ll; whoami"
Tried several options for login from gitlab CI/CD to aws-ec2-linux but unable till yet if anyone can see the SSH logs and help me resolving this issue.
I am currently doing the Build and Secure Networks in Google Cloud: Challenge Lab from Google Cloud Skills Boost. I finished challenge number 1-5, but got stuck in challenge number 6:
In the Compute Engine instances page, click the SSH button for the bastion host. Once connected, SSH to juice-shop.
After SSH to bastion, I typed ssh (IP address of juice-shop), but it results in Permission denied (publickey). error. I tried typing -v after the SSH command, and this is what shows up after executing:
OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.11.2 [192.168.11.2] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/student-04-e657ce74df3d/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u7
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.11.2:22 as 'student-04-e657ce74df3d'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:T6OeQTHDWFMJTDZ8K02/glob0my9gLLdqH4IOJFIzwc
debug1: Host '192.168.11.2' is known and matches the ECDSA host key.
debug1: Found key in /home/student-04-e657ce74df3d/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_fetch_identitylist: invalid format
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/student-04-e657ce74df3d/.ssh/id_rsa
debug1: Trying private key: /home/student-04-e657ce74df3d/.ssh/id_dsa
debug1: Trying private key: /home/student-04-e657ce74df3d/.ssh/id_ecdsa
debug1: Trying private key: /home/student-04-e657ce74df3d/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
After checking the .ssh folder, the only file in there is known_hosts, and the content is |1|Ufd+u5OJlKnZGrn7IXI2Bu/4XUs=|U1BWwkP97chmDwk/6E71T7UvKHM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJuxpHVNlFCmVFiHVuq+wKn/WlMs9thpNHT2M8rExeTYeEbjq//qlHLkZFMyEXFKaLAaMVHCG1O5ohR+KRuugXU=
Has the same problem occurred to anyone else, or does anybody have any solution to this problem? Any help would be appreciated, thank you.
Run this command in bastion SSH.
gcloud compute ssh juice-shop --internal-ip
after this keep empty in passphrase and press enter two times and press y in y/n.
and check your progress.
I am trying for the first time to transfer a file from my local machine to an EC2 instance.
I am managing to properly connect to the instance via ssh.
But when trying to transfer a file with scp, I get a permission denied.
I tried several things including making sure the destination folder was open to writing (CHMOD 777 of the destination folder).
Here is my verbose terminal output:
(finenv) ➜ deribit-snap git:(master) ✗ scp -v -i ~/.ssh/ec2-key-pair-mtlberri.pem ./snap-script.py ec2-user#ec2-18-216-175-218.us-east-2.compute.amazonaws.com:/home/ec2-user/deribit_script
Executing: program /usr/bin/ssh host ec2-18-216-175-218.us-east-2.compute.amazonaws.com, user ec2-user, command scp -v -t /home/ec2-user/deribit_script
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to ec2-18-216-175-218.us-east-2.compute.amazonaws.com port 22.
debug1: Connection established.
debug1: identity file /Users/Armellini1/.ssh/ec2-key-pair-mtlberri.pem type -1
debug1: identity file /Users/Armellini1/.ssh/ec2-key-pair-mtlberri.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to ec2-18-216-175-218.us-east-2.compute.amazonaws.com:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:8BODXGf6J+FunEc6LF6xDj+3vmf0E+SJLjHg6uUrYgc
debug1: Host 'ec2-18-216-175-218.us-east-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/Armellini1/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/Armellini1/.ssh/ec2-key-pair-mtlberri.pem explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/Armellini1/.ssh/ec2-key-pair-mtlberri.pem
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
ec2-user#ec2-18-216-175-218.us-east-2.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
lost connection
I just order a VPS in Vultr, and want set to ssh without passwords. after configured the ssh key things, I think it should be work, but failed.
yes, I have multiple ssh configures like github, gitlab or some other things and this is the configure file
Host gitlab
HostName cd.i.foo.com
IdentityFile ~/.ssh/id_rsa
Host github
HostName github.com
IdentityFile ~/.ssh/id_rsa_gayhub
Host vultr
HostName 198.13.59.103
Port 22
User root
IdentityFile ~/.ssh/id_rsa_vultr
but when I try with specified path ssh root#198.13.59.103 -i ~/.ssh/id_rsa_vultr, it can work!!!
below is some more log with ssh -v -v root#198.13.59.103
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/xdguo/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 198.13.59.103 port 22.
debug1: Connection established.
debug1: identity file /Users/xdguo/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/xdguo/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 198.13.59.103:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:s8qKj8CKXc6tp7zmVV32hiqHvdrxk46JVJQlQfpOQ0Q
debug1: Host '198.13.59.103' is known and matches the ECDSA host key.
debug1: Found key in /Users/xdguo/.ssh/known_hosts:40
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LBGwqZmXcUwd6kqIuDAxIj+jbPBeLbU1uwrxN1mQRKQ /Users/xdguo/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/xdguo/.ssh/id_dsa
debug1: Trying private key: /Users/xdguo/.ssh/id_ecdsa
debug1: Trying private key: /Users/xdguo/.ssh/id_ed25519
debug1: Next authentication method: password
root#198.13.59.103's password:
I think I spend lots of time here, it really maked me confused, thanks in advance for any help
ssh -v -v root#198.13.59.103 would not work, as it would default to id_rsa.
You need to test:
ssh -Tvv vultr
Only that "URL" (vultr) would be the equivalent of ssh root#198.13.59.103 -i ~/.ssh/id_rsa_vultr: it would find everything it needs in your ~/.ssh/config, under the Host vultr entry.
Doesn't look like it accepts an RSA-signed key.
Look at these lines:
debug1: Trying private key: /Users/xdguo/.ssh/id_dsa
debug1: Trying private key: /Users/xdguo/.ssh/id_ecdsa
debug1: Trying private key: /Users/xdguo/.ssh/id_ed25519
It's looking for a private key signed with DSA instead.
Try again and create a private-public pair signed with DSA instead. (No need to remove your other private key; you can have as many as you want of as many different types as you want on your machine.)
I am attempting to ssh into a a EC2 machine and ssh has stopped working. I'm not sure how I broke it but it is now unable to connect. I already tried creating a new key but it is not helping.
$ ssh -vT ****#****.****-2.compute.amazonaws.com
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to ec2-****.****-2.compute.amazonaws.com [****] port 22.
debug1: Connection established.
debug1: identity file /home/Brad/.ssh/id_rsa type 1
debug1: identity file /home/Brad/.ssh/id_rsa-cert type -1
debug1: identity file /home/Brad/.ssh/id_dsa type -1
debug1: identity file /home/Brad/.ssh/id_dsa-cert type -1
debug1: identity file /home/Brad/.ssh/id_ecdsa type -1
debug1: identity file /home/Brad/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/Brad/.ssh/id_ed25519 type -1
debug1: identity file /home/Brad/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ****
debug1: Host '****.****-2.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/Brad/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/Brad/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/Brad/.ssh/id_dsa
debug1: Trying private key: /home/Brad/.ssh/id_ecdsa
debug1: Trying private key: /home/Brad/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
I have replaced all of the personal info with *.
Thank you
Nowhere in your command you are referring the ssh private key. Try running command as below:
ssh -i <path_to_the_private_key> ubuntu#<EC2_Hostname>
In above command, note that I have used the username as ubuntu. Depending on which AMI you are using, you should change the username which corresponds to that AMI.