HPE Community
Operating System - Linux
1753277 Members
4942 Online
108792 Solutions
New Discussion юеВ

Re: Permission denied (publickey,password,keyboard-interactive)

 
SOLVED
Go to solution
'chris'
Super Advisor

тАО05-27-2007 01:32 PM

тАО05-27-2007 01:32 PM

Permission denied (publickey,password,keyboard-interactive)

hi

I cannot login into ssh due to the following error:

storage> ssh localhost
Permission denied (publickey,password,keyboard-interactive).


my system:

storage> uname -a
Linux storage 2.4.22-uc0 #458 Tue Apr 3 01:09:49 CST 2007 ppc unknown

storage> ssh -v
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004

storage> ls -la /etc/ssh
drwxr-xr-x 2 root root 1024 May 28 03:23 .
drwxr-xr-x 8 root root 2048 May 28 03:13 ..
-rw------- 1 root root 1192 May 28 03:12 ssh_host_dsa_key
-rw-r--r-- 1 root root 1114 May 28 03:12 ssh_host_dsa_key.pub
-rw------- 1 root root 975 May 28 03:03 ssh_host_key
-rw-r--r-- 1 root root 639 May 28 03:03 ssh_host_key.pub
-rw------- 1 root root 1675 May 28 03:05 ssh_host_rsa_key
-rw-r--r-- 1 root root 394 May 28 03:05 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 2974 May 28 03:23 sshd_config
-rw-r--r-- 1 root root 2961 May 28 03:27 sshd_config_org
-rw-r--r-- 1 root root 2977 May 28 03:23 sshd_config_save


my sshd configuration:

# vi etc/ssh/sshd_config

# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 22
Protocol 2,1
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

#now ssh is only used by rsync ==> auth by passwd file of rsync server
#AuthPassFile /etc/rsyncd.secrets

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
Compression yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

DenyUsers admin

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server


I tried to remove /root/.ssh/known_hosts
and regenerate all keys:

ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''

but still doesn't work !

knows someone howto solve this problem ?
0 Kudos
Reply
6 REPLIES 6
Stuart Browne
Honored Contributor

тАО05-27-2007 03:42 PM

тАО05-27-2007 03:42 PM

Solution

Re: Permission denied (publickey,password,keyboard-interactive)

This is because your user doesn't have the their own keys shared in the '~/.ssh/authorized_keys' file.

If you read through your config, you'll see that you've got "PasswordAuthentication no".

This means, no matter what, you won't be asked for a password.

It has the side effect of meaning you have to have pre-shared authorized keys.
One long-haired git at your service...
Reply
'chris'
Super Advisor

тАО05-28-2007 12:57 AM

тАО05-28-2007 12:57 AM

Re: Permission denied (publickey,password,keyboard-interactive)

thanks, but howto create pre-shared authorized keys ?
0 Kudos
Reply
'chris'
Super Advisor

тАО05-28-2007 01:11 AM

тАО05-28-2007 01:11 AM

Re: Permission denied (publickey,password,keyboard-interactive)

I tried to generate pre-shared authorized keys using:

# cd /root/.ssh

# ssh-keygen -t rsa

# ssh-keygen -t rsa

# storage> ls -la /root/.ssh
drwx------ 2 root root 1024 May 28 15:09 .
drwxr-xr-x 3 root root 1024 May 28 02:07 ..
-rw------- 1 root root 1743 May 28 15:06 authorized_keys
-rw-r--r-- 1 root root 394 May 28 15:06 authorized_keys.pub
-rw------- 1 root root 1264 May 28 15:09 authorized_keys2
-rw-r--r-- 1 root root 1114 May 28 15:09 authorized_keys2.pub
-rw-r--r-- 1 root root 391 May 28 04:44 known_hosts

but still doesn't work:

storage> ssh -v localhost
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
storage>

0 Kudos
Reply
'chris'
Super Advisor

тАО05-28-2007 01:15 AM

тАО05-28-2007 01:15 AM

Re: Permission denied (publickey,password,keyboard-interactive)

I tried to generate pre-shared authorized keys using:

# cd /root/.ssh

# ssh-keygen -t rsa

# ssh-keygen -t dsa

# storage> ls -la /root/.ssh
drwx------ 2 root root 1024 May 28 15:09 .
drwxr-xr-x 3 root root 1024 May 28 02:07 ..
-rw------- 1 root root 1743 May 28 15:06 authorized_keys
-rw-r--r-- 1 root root 394 May 28 15:06 authorized_keys.pub
-rw------- 1 root root 1264 May 28 15:09 authorized_keys2
-rw-r--r-- 1 root root 1114 May 28 15:09 authorized_keys2.pub
-rw-r--r-- 1 root root 391 May 28 04:44 known_hosts

but still doesn't work:

storage> ssh -v localhost
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
storage>

0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО05-28-2007 02:28 AM - last edited on тАО11-13-2020 04:31 AM by

тАО05-28-2007 02:28 AM - last edited on тАО11-13-2020 04:31 AM by

Re: Permission denied (publickey,password,keyboard-interactive)

You have to copy the public key to the http://macnugget.org/projects/publickeys/ in the remote host, please see:

http://macnugget.org/projects/publickeys/

[ADMIN : The above links are no longer valid]

 

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
'chris'
Super Advisor

тАО05-31-2007 10:30 AM

тАО05-31-2007 10:30 AM

Re: Permission denied (publickey,password,keyboard-interactive)

I've installed openssh again:

# ipkg install openssh

and now it seems to work.

thanks anyway.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.