SSH Permission denied (publickey) - fail at preauth step

linux ssh permissions putty ssh-keys
11,248

It seems you didn't add public key of your computer to your server. Public keys from client computers are stored in authorized_keys file.

Change this line in /etc/ssh/sshd_config to yes (later you can turn it back again)

PasswordAuthentication yes

And restart ssh demon

sudo service ssh restart

Then issue the following command from your client computer to export public key to the server:

ssh-copy-id usersrv@server

In the command prompt enter your password. After that you will gain access to your server via ssh-keys.

Share:
11,248

Related videos on Youtube

J.Doe
Author by

J.Doe

Updated on September 18, 2022

Comments

  • J.Doe
    J.Doe over 1 year

    i tired different solution found internet to resolve that issue with no luck:

    • Correct permissions for keys at /etc/ssh/, 400 for private rsa key and 600 for public rsa key.
    • 700 for /home/usersrv/.ssh/ folder. authorized_keys does not existed. I created it later with permission 600; file still empty, do I supposed to copy something inside? Home directory is on the same volume with system.
    • Tried with different ports: 22 and 2222

    Server configuration /etc/ssh/sshd_configuncommented part:

    Port 2222
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key 

PermitRootLogin no  

RSAAuthentication yes
PubkeyAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no  

# Change to yes to enable challenge-response passwords (beware issues with# some PAM modules and threads)
ChallengeResponseAuthentication no   

KerberosAuthentication no
GSSAPIAuthentication no 
UsePAM yes
X11Forwarding yes
X11UseLocalhost yes
PermitTTY yes
PrintMotd no

    When i try to connect from Win+PuTTy, i have error message:No supported authentication methods available (server sent public key)

        /etc/ssh/sshd_config line 37: Deprecated option RSAAuthentication
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2l  25 May 2017
debug1: private host key #0: ssh-rsa SHA256:F61cGX7XOyKpBMChyVtxyaH2T23NoIr9+iAKCjRAbO4
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.98 port 40922 on 192.168.1.98 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_7.4p1 Debian-10+deb9u3
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u3 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
debug1: Enabling compatibility mode for protocol 2.0
debug1: permanently_set_uid: 110/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: rsa-sha2-512 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user usersrv service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
reprocess config line 37: Deprecated option RSAAuthentication
debug1: PAM: initializing for "usersrv"
debug1: PAM: setting PAM_RHOST to "192.168.1.98"
debug1: PAM: setting PAM_TTY to "ssh"
Connection closed by 192.168.1.98 port 40922 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 941
debug1: audit_event: unhandled event 12

    And then i try to login locally (directly under usersrv)m i got an error: Permission denied (publickey).

    /etc/ssh/sshd_config line 37: Deprecated option RSAAuthentication
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2l  25 May 2017
debug1: private host key #0: ssh-rsa SHA256:F61cGX7XOyKpBMChyVtxyaH2T23NoIr9+iAKCjRAbO4
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.98 port 54596 on 192.168.1.98 port 2222
debug1: Client protocol version 2.0; client software version OpenSSH_7.4p1 Debian-10+deb9u3
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u3 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
debug1: Enabling compatibility mode for protocol 2.0
debug1: permanently_set_uid: 110/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: rsa-sha2-512 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user usersrv service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
reprocess config line 37: Deprecated option RSAAuthentication
debug1: PAM: initializing for "usersrv"
debug1: PAM: setting PAM_RHOST to "192.168.1.98"
debug1: PAM: setting PAM_TTY to "ssh"
Connection closed by 192.168.1.98 port 54596 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 1111
debug1: audit_event: unhandled event 12

    Anyone had the same issue or know a solution? Kind regards.

  • Cliff Armstrong
    Cliff Armstrong almost 5 years
    The user needs to disable password authentication once this is done. Password authentication should not be left enabled on an internet accessible SSH server.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use SSH Public Key with PuTTY to connect to a Linux machine
How to convert .ppk key to OpenSSH key under Linux?
SSH "Server refused our key" for all users except root user
How to setup password-less ssh with RSA keys
PuTTY Serial `logout` or `exit` alternative
Cannot SSH log into Debian virtual machine from windows 7 via Putty
Login to server through PuTTY and then switch user
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
Can't scp file from local to remote host - Permission denied
Terminal highlight error when compiling with a make file