From one of my hosts I can authenticate with ssh to GitHub, from another I cannot git#github.com: Permission denied (publickey).
I was having some issues from my Mac creating a new repo and pushing to it, I always got a permission denied error. However from my Linux host it worked fine.
I checked the repos for deploy keys (in case this was causing the issue), none of my repos had a deploy key set.
I checked the keys on GitHub and there was only one ssh key installed. I deleted this key and tested, as expected the repos from the Linux host could not connect, yet the Mac could still connect.
From the Mac:
ssh -T git#github.com Hi mcdent/blog1! You've successfully authenticated, but GitHub does not provide shell access. bash-3.2$
From Linux:
[mike#docker1 doing]$ ssh -T git#github.com git#github.com: Permission denied (publickey). [mike#docker1 doing]$
I'm puzzled as to how the Mac is still authenticating? I likely did have a repo called blog1 in the past but I certainly don't now.
Ideally I'd like to have a single key used on GitHub, which I can use with both my Linux and MacOS hosts.
Any pointers very welcome.
I'm puzzled as to how the Mac is still authenticating?
Then try a ssh -Tv git#github.com.
You will see which key file is accessed and used for this authentication.
It should be a private key whose public key is registered to your account.
Check your environment variables or git config --global / git config --system -l for anything including blog1.
I'm getting an error when using ssh, which tries to use keys from ssh-agent, but fails with this message (when running ssh -v):
debug1: get_agent_identities: ssh_fetch_identitylist: communication with agent failed
Full log
I can see both of my keys added to the agent when running ssh-add -l:
$ ssh-add -l
3072 SHA256:0i3sqR60WRsAOpFVJyw951NUDW01jkAWFB1na921Asd xxxxxx#somehost (RSA)
4096 SHA256:CG6njka821AOd82j1xGFkyiOjwG/yo921KAIOWm3t/4 xxxxxx#anotherhost (RSA)
The same error appears with no keys or one key inside the agent.
I'm running the fish shell on Archlinux, and also tried this under bash, but it doesn't seem to make a difference. The same setup was working for me on Ubuntu. There seem to be no questions about this exact issue, and I'm stuck with no clues.
I found that this problem on my pc is caused by the windows default ssh client which stores my ssh key files. After upgrading to 8.9 with https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v8.9.0.0p1-Beta I solved this problem.
I have updated my system with sudo apt-get update.
There was a update of PAM (The Pluggable Authentication Module). I don't remember the message, but there was like a pink screen and I decided to choose no (sorry for that poor explanation).
After that the update continues until something like ssh stop/waiting and then nothing happens. I couldn't cancel this und decided to reboot my Ubuntu Server (14.04 LTS).
After that I cannot connect with a user to this machine with ssh -X user#host. Only the owner can connect. But no other user.
With ssh -v user#host I get the error
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
Then I recognized that there are a lot of missing files in my ~/.ssh/ directory.
There is only the file known_hosts. I think there should be also the files: Readme, authorized_keys, bup, deprec, id_dsa, id_dsa.pub.
Do I have to reinstall ssh?
You do not need to reinstall ssh.
Many of those files are generate as you use ssh and related commands.
The most important files in my experience (which you will generate) are:
authorized_keys: contains public keys which are authorized to connect.
id_dsa and id_dsa.pub (or id_rsa, etc.) are the private key and public key (with .pub suffix) are the keys you offer when attempting a connection. These are generated by executing ssh-keygen.
Also, config is nice to use, but also not necessary. see man ssh_config.
Restoring connections from other machines
It appears you've lost the authorized_keys file you had. If you wish to continue connecting via publickey from other machines, you will need to put the public key from the other machine into your authorized_keys file.
Ensure authorized_keys file exists (if not: touch ~/.ssh/authorized_keys)
Copy the public key (id_rsa.pub for example) from the machine[s] you will be connecting from.
Paste the public key[s] into authorized_keys, one per line.
I got this permission denied problem when I want to ssh to my ec2 host. I tried existing solution chmod 600 "My.pem" but still didn't work. Here is my debug information:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 54.223.47.74 [54.223.47.74] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file My.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file My.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 54.223.47.74:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305#openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305#openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:tfjxcE5kePSv1cJK7SWBp/56kgm2DQkyPLSLZ4d73Io
debug1: Host '54.223.47.74' is known and matches the ECDSA host key.
debug1: Found key in /Users/tan/.ssh/known_hosts:24
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: My.pem
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I resolved this issue in my centos machine by using command:
ssh -i <Your.pem> ec2-user#<YourServerIP>
It was about userName which was ec2-user in my case.
Referenced From: AMAZONTroubleshooting
You can find default usernames of ec2 instances here:
https://alestic.com/2014/01/ec2-ssh-username/
But in case you want to find the username of your instance:
click on the Connect button to see the default username.
After finding the username, run this command, to ensure your key is not publicly viewable.
chmod 400 <private-key-file.pem>
Then Connect to your instance using its Public DNS or IP:
ssh -i <private-key-file.pem> ec2-user#<public ip>
Solved by connecting with the user centos instead of ec2-user.
I noticed each Linux instance launches with a default Linux system user account. This might be different from ec2-user, depending on your instance. You log in using following command where DefaultUserName stands for a username from the quote below.
ssh -i <Your.pem> <DefaultUserName>#<YourPublicServerIP>
Each Linux instance launches with a default Linux system user account. The default user name is determined by the AMI that was specified when you launched the instance.
For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
For a CentOS AMI, the user name is centos.
For a Debian AMI, the user name is admin.
For a Fedora AMI, the user name is ec2-user or fedora.
For a RHEL AMI, the user name is ec2-user or root.
For a SUSE AMI, the user name is ec2-user or root.
For an Ubuntu AMI, the user name is ubuntu.
Otherwise, if ec2-user and root don't work, check with the AMI provider.
Apart from the username issue mentioned here, it can very well be an issue with.
permissions on the instance
public key on the instance not matching the public key you have available locally in your .pem file.
The following link Method 1 resolved it for me. https://aws.amazon.com/premiumsupport/knowledge-center/ec2-linux-fix-permission-denied-errors/
For me it was the public key mismatch. and the is how I resolved it. I am on Mac which comes with an ssh-client.
You can get your local public key from your .pem file by running the following command:
ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem
On your instance navigate to your authorized_keys file which will typically be found here:
/home/username/.ssh/authorized_keys
Add your public key to this file. Save and Done. That should do it.
Just a little context for why I ran into the issue. I had to create a new .pem file because I lost the one I downloaded when I launched the instance. For security reasons, this file cannot be downloaded again. As a I created a new .pem file, this created a new public key with it. This public key needs to be update manually on the instance as the authorized_keys file is still pointing to the old public key.
There is more formal 9 step process to get this sorted as well. See here.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replacing-lost-key-pair.html
Recently I went through this issue,
Accidently I have changed Home permission using, chmod -R g+rw .
it changed .ssh folder permission.
If nothing work out,
Create Temp Instance on Amazon-EC2
Detach Your Server storage (Before that Down your source Machine)
Mount it as secondary storage in Temp Instance
Do below permission changes,
[ec2-user ~]$ chmod 600 mount_point/home/ec2-user/.ssh/authorized_keys
[ec2-user ~]$ chmod 700 mount_point/home/ec2-user/.ssh
[ec2-user ~]$ chmod 700 mount_point/home/ec2-user
Unmount your Source Disk from Temp Instance
Attach it back to source Machine
Now Use same command to login,
ssh -i FileName.pem username#MachineIP
For More Details see this AWS Trouble Shooting Docs
add user to /etc/sshd_special_user
Check if you are in the same directory where your key is there.
I had the same problem and figured out that it was the wrong directory form where I tried to connect
cd .ssh
rm authorized_keys
file or edit and remove the saved key for the machine you are trying to access.
Change permissions on the key file with chmod 400 keyname (make sure keyname matches exactly as you have it on Amazon).
Try again with ec2-user#IPaddress -i keypair.pem
Make sure you are in the same directory where you have your .pem file.
use command, chmod 0400 example.pem
then use command, ssh -i example.pem ec2-user#YOUR-IP
Make sure the ssh command specifies the ec2 user:
# ec2 user is missing
ssh -i <identity_file.pem> <hostname>
# ec2 user is specified
ssh -i <identity_file.pem> ec2-user#<hostname>
I had the same problem, and, in my case, the problem was the file "My.pem" should be created with the admin user
So, the solution was, first create the file "My.pem" with sudo and change the permison to 400
$ sudo su
$ sudo vim My.pem
#paste the content
$ sudo vim chmod 400 My.pem
$ ssh -i My.pem user#host
# Login ok
I had the same issue but in my case it was because I created a new key to connect from a different device. The key pairs only get added when you create a new instance, if you want to create a new key after the instance has been created you will have to add it manually.
You can follow this guide here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#identify-key-pair-specified-at-launch
or
ssh into the AWS instance using your old key pair
cd into the ~/.ssh folder and
open authorized_keys file using nano or whatever you like
then go to you new .pem key pair and retrieve the public key using
ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem
copy the returned public key and paste it inside authorized_keys file below your other keys , save and exit.
chmod 400 my-key-pair.pem if you haven't already
Then you should be all good to connect using your new key pair.
On Mac:
cd ~/.ssh
sudo nano known_hosts
And delete the info of the host with the problem.
Well, The default user name for your EC2 instance is determined by the AMI that was specified when you launched the instance.
For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
Therefore, you will need to use ec2-user when SSH.
Afterwards, grant file permissions via chmod in Linux. (Make sure you are in the same directory where you have your .pem file)
use command, chmod 400 <Ur_Pem_File_Name>.pem
Now use command, ssh -i <Ur_Pem_File_Name>.pem ec2-user#<Public_IP_of_EC2>
By doing the above, I was able to SSH into my EC2 via CLI.
Check if selinux is blocking access to the file.
Try the following:
restorecon -r -vv .ssh/authorized_keys
I had same issue and resolved by -
in Window machine , Save key into Pageant
See https://aws.amazon.com/es/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/
and then in Putty select SSH->Auth-> Check "Allow Agent Forwarding" & put ppk file into "Private Key file for Authentication" .
if you are connecting ec2 via ssh using your terminal (.zsh) on mac then you have to change the name from .pem to .cer in all the commands because on mac your downloaded key_pair file has an extension .cer,
otherwise, you can follow the commands same as given on aws.
In addition to harneet singh's answer you can also change your ec2 instance user name from "ec2-user". navigate to EC2 instance->connect-> ec2InstanceConnect->user-name.
A good solution for this: https://bobbyhadz.com/blog/aws-ssh-permission-denied-publickey
In the AWS EC2 console, click on the checkbox next to your instance's name, then click on Actions and select Connect. Click on the SSH client tab and copy the ssh command example.
Soluction in terminal for error
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
ssh-keygen -f " ~/.ssh/known_hosts" -R xx.xx.xxx.xxx
xx - ip host
http://pastebin.com/YpqGSJ2E
You have to run below commands for ssh to your ec2 host
ssh -i <user.pem> ec2-user#<public ip>
if have
WARNING: UNPROTECTED PRIVATE KEY FILE!
Permissions 0644 for 'user.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
then run chmod 0400 <user.pem>
after run above command run ssh -i <user.pem> ec2-user#<public ip>
I tried to add slave in master machine. But when it adds it ask for password. That I didn't understand.
Master = jhamb
Slave = naveen, raja, gaurav
Please solve below error. Looking for your kind response.
Snapshot of console :-
when I try to add any hosts it shows these lines
0successful
HOST DTID
ANY NAME NO SUCH HOST
vim /etc/hosts shows :-
# Do not remove the following line, or various programs
# that require network functionality will fail.
#127.0.0.1 localhost.localdomain localhost
10.40.54.180 gaurav.my.domain #node 1 slave
10.40.54.92 naveen.my.domain #node 2 slave
10.40.55.31 raja.my.domain #node 3 slave
10.40.55.113 localhost.localdomain #node 4 master
#::1 localhost6.localdomain6 localhost6
EDITED
I write here, about my work, what I do till now
Download pvm3 tar file.
Setup all the variables to run PVM.
export PVM_RSH=/ur/bin/ssh
make passwordless connection between master and slave.
Run simple code on single machine, it works.
When I tried to add slave on master, by using command
add naveen.my.domain
it says the same, as of above image.
I think now it is sufficient information.
EDIT NO. 2
when I run ssh -v naveen#10.40.54.92, it says,
......
.....
debug1: Authentications that can continue: publickey, password
debug1: Next Authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key:pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0:new [client-session]
debug1: Entering Interactive session.
debug1: Sending environment.
.......
.....
When you add a slave, PVM tries to start pvmd on that machine. To do that, it will try to login via ssh(1). So the line "user#host password:" are from ssh.
You can try it yourself:
> ssh naveen.my.domain
This article explains what you can do to allow ssh login onto a different machine without giving it a password every time and without compromising the security of SSH: 3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id
EDIT Here is the important part of the image above:
Verifying Local Path to "rsh"
Rsh found in /usr/bin/ssh - O.K.
Testing Rsh/Rhosts Access to Host ...
PVM can use rsh(1) and ssh(1) to login remotely. Don't every use rsh(1). It's unsecure, brittle and ugly.
The output suggests that PVM uses ssh. You can verify that by looking at the process list while PVM asks for the password: You should see a ssh child process with PVM as the parent.
So for some reason, your password-less SSH setup is broken.
EDIT 2 Security isn't easy :-) What you need to understand is that there is a software which remembers the password for you. That's the "ssh agent."
When SSH asks you for a password, then there can be many reasons:
The ssh agent isn't running
Your key isn't loaded in the ssh agent
The wrong key is loaded in the ssh agent
You made it work and started a new terminal / new process and that new process doesn't "see" the ssh agent.
To check these:
Make sure you see a ssh agent running with your user ID in the process list.
Make sure the correct key is loaded (add it again if in doubt)
Make sure that ssh naveen works correctly.
Try pvm in the same console where you tried ssh naveen