Simpler Navigation coming for Servers and Operating Systems
Coming soon: a much simpler Servers and Operating Systems section of the Community. We will combine many of the older boards, and you won't have to click through so many levels to get at the information you need. If you are looking for an older board and do not find it, check the consolidated boards, as the posts are still there.
General
cancel
Showing results for 
Search instead for 
Did you mean: 

Permission denied (publickey,password,keyboard-interactive)

SOLVED
Go to solution
'chris'
Super Advisor

Permission denied (publickey,password,keyboard-interactive)

hi

I cannot login into ssh due to the following error:

storage> ssh localhost
Permission denied (publickey,password,keyboard-interactive).


my system:

storage> uname -a
Linux storage 2.4.22-uc0 #458 Tue Apr 3 01:09:49 CST 2007 ppc unknown

storage> ssh -v
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004

storage> ls -la /etc/ssh
drwxr-xr-x 2 root root 1024 May 28 03:23 .
drwxr-xr-x 8 root root 2048 May 28 03:13 ..
-rw------- 1 root root 1192 May 28 03:12 ssh_host_dsa_key
-rw-r--r-- 1 root root 1114 May 28 03:12 ssh_host_dsa_key.pub
-rw------- 1 root root 975 May 28 03:03 ssh_host_key
-rw-r--r-- 1 root root 639 May 28 03:03 ssh_host_key.pub
-rw------- 1 root root 1675 May 28 03:05 ssh_host_rsa_key
-rw-r--r-- 1 root root 394 May 28 03:05 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 2974 May 28 03:23 sshd_config
-rw-r--r-- 1 root root 2961 May 28 03:27 sshd_config_org
-rw-r--r-- 1 root root 2977 May 28 03:23 sshd_config_save


my sshd configuration:

# vi etc/ssh/sshd_config

# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 22
Protocol 2,1
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

#now ssh is only used by rsync ==> auth by passwd file of rsync server
#AuthPassFile /etc/rsyncd.secrets

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
Compression yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

DenyUsers admin

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server


I tried to remove /root/.ssh/known_hosts
and regenerate all keys:

ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''

but still doesn't work !

knows someone howto solve this problem ?
6 REPLIES
Stuart Browne
Honored Contributor
Solution

Re: Permission denied (publickey,password,keyboard-interactive)

This is because your user doesn't have the their own keys shared in the '~/.ssh/authorized_keys' file.

If you read through your config, you'll see that you've got "PasswordAuthentication no".

This means, no matter what, you won't be asked for a password.

It has the side effect of meaning you have to have pre-shared authorized keys.
One long-haired git at your service...
'chris'
Super Advisor

Re: Permission denied (publickey,password,keyboard-interactive)

thanks, but howto create pre-shared authorized keys ?
'chris'
Super Advisor

Re: Permission denied (publickey,password,keyboard-interactive)

I tried to generate pre-shared authorized keys using:

# cd /root/.ssh

# ssh-keygen -t rsa

# ssh-keygen -t rsa

# storage> ls -la /root/.ssh
drwx------ 2 root root 1024 May 28 15:09 .
drwxr-xr-x 3 root root 1024 May 28 02:07 ..
-rw------- 1 root root 1743 May 28 15:06 authorized_keys
-rw-r--r-- 1 root root 394 May 28 15:06 authorized_keys.pub
-rw------- 1 root root 1264 May 28 15:09 authorized_keys2
-rw-r--r-- 1 root root 1114 May 28 15:09 authorized_keys2.pub
-rw-r--r-- 1 root root 391 May 28 04:44 known_hosts

but still doesn't work:

storage> ssh -v localhost
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
storage>

'chris'
Super Advisor

Re: Permission denied (publickey,password,keyboard-interactive)

I tried to generate pre-shared authorized keys using:

# cd /root/.ssh

# ssh-keygen -t rsa

# ssh-keygen -t dsa

# storage> ls -la /root/.ssh
drwx------ 2 root root 1024 May 28 15:09 .
drwxr-xr-x 3 root root 1024 May 28 02:07 ..
-rw------- 1 root root 1743 May 28 15:06 authorized_keys
-rw-r--r-- 1 root root 394 May 28 15:06 authorized_keys.pub
-rw------- 1 root root 1264 May 28 15:09 authorized_keys2
-rw-r--r-- 1 root root 1114 May 28 15:09 authorized_keys2.pub
-rw-r--r-- 1 root root 391 May 28 04:44 known_hosts

but still doesn't work:

storage> ssh -v localhost
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
storage>

Ivan Ferreira
Honored Contributor

Re: Permission denied (publickey,password,keyboard-interactive)

You have to copy the public key to the http://macnugget.org/projects/publickeys/ in the remote host, please see:

http://macnugget.org/projects/publickeys/
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
'chris'
Super Advisor

Re: Permission denied (publickey,password,keyboard-interactive)

I've installed openssh again:

# ipkg install openssh

and now it seems to work.

thanks anyway.