Why is my SSH public key authentication not working?

I have tried to set up SSH Key Pair authentication but regardless what I try I still have to enter my account password.

Some basic info:

My laptop used to create the keys is running Ubuntu 12.10

The Linode is running Ubuntu 12.04

I have tried the following:

Using passphrases and using no passphrase

Ensured I ran chown -R username:username .ssh (username was my actual username)

Ensured permissions are set accordingly per the linode documentation

Creating the keys with both my normal user and with root

Setting all chmod to 777 (I set it back to 700 and 600 respectively)

Restarting the ssh service on the Linode multiple times

Restarting the Linode itself

Regardless what I do, I need to still enter my user password for the Linode. Is there anything that I have missed? Any other ideas?

Thanks,

Ryan

7 Replies

I just found the following entry in the auth.log file for each failure:

Apr 20 18:57:16 sshd[4021]: reverse mapping checking getaddrinfo for [] failed - POSSIBLE BREAK-IN ATTEMPT!

I cannot find much relivant, just old posts that don't count any more as the "UseDNS" option does not exit in /etc/ssh/sshd_config

Are you sure you set up the keys correctly? Did you copy the idrsa.pub file to your user directory on the server and save it as ".ssh/authorizedkeys"? Is the private key in your local .ssh folder?

@u4ia:

Are you sure you set up the keys correctly?
Yes
@u4ia:

Did you copy the idrsa.pub file to your user directory on the server and save it as ".ssh/authorizedkeys"?
Yes
@u4ia:

Is the private key in your local .ssh folder?
Yes - path /home//.ssh/

Can you provide the output of the following:

ls -la /home//.ssh # run this on the Linode

ls -la /home//.ssh # run this on your local machine

ssh @ -v # run this from your local machine, towards your Linode's user/IP

tail -n20 /var/log/auth.log # And run that on the Linode after the above

  • Les

Hi Les,

The info is below… thanks for your help on this mate… I appreciate it.

@akerl:

ls -la /home//.ssh # run this on the Linode

drwxr-xr-x 2 <user><user>4096 Apr 20 18:54 .
drwxr-xr-x 4 <user><user>4096 Apr 20 18:12 ..
-rw-r--r-- 1 <user><user>393 Apr 20 18:54 authorized_keys</user></user></user></user></user></user> 

@akerl:

ls -la /home//.ssh # run this on your local machine

drwx------   2 <user><user>4096 Jun 20  2011 .
drwxr-xr-x 107 <user><user>28672 Apr 20 17:41 ..
-rwx------   1 <user><user>1679 Apr 20 18:30 id_rsa
-rwx------   1 <user><user>393 Apr 20 18:30 id_rsa.pub
-rwx------   1 <user><user>5907 Apr 20 17:37 known_hosts</user></user></user></user></user></user></user></user></user></user> 

ssh @ -v # run this from your local machine, towards your Linode's user/IP

OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <linode_ip>[<linode_ip>] port 22.
debug1: Connection established.
debug1: identity file /home/<username>/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/<username>/.ssh/id_rsa-cert type -1
debug1: identity file /home/<username>/.ssh/id_dsa type -1
debug1: identity file /home/<username>/.ssh/id_dsa-cert type -1
debug1: identity file /home/<username>/.ssh/id_ecdsa type -1
debug1: identity file /home/<username>/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA <host_key_stuff>debug1: Host '<linode_ip>' is known and matches the ECDSA host key.
debug1: Found key in /home/<username>/.ssh/known_hosts:16
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/<username>/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
Agent admitted failure to sign using the key.
debug1: Trying private key: /home/<username>/.ssh/id_dsa
debug1: Trying private key: /home/<username>/.ssh/id_ecdsa
debug1: Next authentication method: password</username></username></username></username></linode_ip></host_key_stuff></username></username></username></username></username></username></linode_ip></linode_ip> 

– ENTERED PASSWORD

debug1: Authentication succeeded (password).
Authenticated to <linode_ip>([<linode_ip>]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_MESSAGES = en_US.UTF-8
debug1: Sending env LC_COLLATE = en_US.UTF-8
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_CTYPE = en_US.UTF-8</linode_ip></linode_ip> 

tail -n20 /var/log/auth.log # And run that on the Linode after the above

Apr 20 21:08:45 <hostname>sshd[7991]: Server listening on :: port 22.
Apr 20 21:08:49 <hostname>sshd[7871]: Received disconnect from <my_ip_address>: 11: disconnected by user
Apr 20 21:08:49 <hostname>sshd[7739]: pam_unix(sshd:session): session closed for user <username>Apr 20 21:08:52 <hostname>sshd[7993]: reverse mapping checking getaddrinfo for <reverse_ip>[<my_ip_address>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 20 21:08:55 <hostname>sshd[7993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= <my_ip_address>user= <username>Apr 20 21:08:57 <hostname>sshd[7993]: Failed password for <username>from <my_ip_address>port 33801 ssh2
Apr 20 21:09:00 <hostname>sshd[7993]: Accepted password for <username>from <my_ip_address>port 33801 ssh2
Apr 20 21:09:00 <hostname>sshd[7993]: pam_unix(sshd:session): session opened for user <username>by (uid=0)
Apr 20 21:09:20 <hostname>sshd[8125]: Received disconnect from <my_ip_address>: 11: disconnected by user
Apr 20 21:09:20 <hostname>sshd[7993]: pam_unix(sshd:session): session closed for user <username>Apr 20 21:09:26 <hostname>sshd[8225]: reverse mapping checking getaddrinfo for <reverse_ip>[<my_ip_address>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 20 21:09:30 <hostname>sshd[8225]: Accepted password for <username>from <my_ip_address>port 33820 ssh2
Apr 20 21:09:30 <hostname>sshd[8225]: pam_unix(sshd:session): session opened for user <username>by (uid=0)
Apr 20 21:11:02 <hostname>sshd[8357]: Received disconnect from <my_ip_address>: 11: disconnected by user
Apr 20 21:11:02 <hostname>sshd[8225]: pam_unix(sshd:session): session closed for user <username>Apr 20 21:11:19 <hostname>sshd[8457]: reverse mapping checking getaddrinfo for <reverse_ip>[<my_ip_address>] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr 20 21:11:59 <hostname>sshd[8457]: Accepted password for <username>from <my_ip_address>port 33831 ssh2
Apr 20 21:11:59 <hostname>sshd[8457]: pam_unix(sshd:session): session opened for user <user>by (uid=0)
Apr 20 21:13:18 <hostname>sudo:     <username>: TTY=pts/0 ; PWD=/home/ <username>; USER=root ; COMMAND=/usr/bin/tail -n20 /var/log/auth.log
Apr 20 21:13:18 <hostname>sudo: pam_unix(sudo:session): session opened for user root by <username>(uid=1000)</username></hostname></username></username></hostname></user></hostname></my_ip_address></username></hostname></my_ip_address></reverse_ip></hostname></username></hostname></my_ip_address></hostname></username></hostname></my_ip_address></username></hostname></my_ip_address></reverse_ip></hostname></username></hostname></my_ip_address></hostname></username></hostname></my_ip_address></username></hostname></my_ip_address></username></hostname></username></my_ip_address></hostname></my_ip_address></reverse_ip></hostname></username></hostname></my_ip_address></hostname></hostname> 

The troublesome line:

Agent admitted failure to sign using the key.

It sounds like your SSH agent doesn't know about your key and for some reason isn't adding it. I'd recommend running 'ssh-add' on your local machine and trying again.

Thanks for that mate… ssh-add did the trick! Appreciate the help

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct