SSH Permission denied (publickey) - fail at preauth step
It seems you didn't add public key of your computer to your server. Public keys from client computers are stored in authorized_keys file.
Change this line in /etc/ssh/sshd_config to yes (later you can turn it back again)
PasswordAuthentication yes
And restart ssh demon
sudo service ssh restart
Then issue the following command from your client computer to export public key to the server:
ssh-copy-id usersrv@server
In the command prompt enter your password. After that you will gain access to your server via ssh-keys.
Related videos on Youtube
J.Doe
Updated on September 18, 2022Comments
-
J.Doe over 1 year
i tired different solution found internet to resolve that issue with no luck:
- Correct permissions for keys at
/etc/ssh/
, 400 for private rsa key and 600 for public rsa key. - 700 for
/home/usersrv/.ssh/
folder.authorized_keys
does not existed. I created it later with permission 600; file still empty, do I supposed to copy something inside? Home directory is on the same volume with system. - Tried with different ports: 22 and 2222
Server configuration
/etc/ssh/sshd_config
uncommented part:Port 2222 AddressFamily any ListenAddress 0.0.0.0 ListenAddress :: HostKey /etc/ssh/ssh_host_rsa_key PermitRootLogin no RSAAuthentication yes PubkeyAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with# some PAM modules and threads) ChallengeResponseAuthentication no KerberosAuthentication no GSSAPIAuthentication no UsePAM yes X11Forwarding yes X11UseLocalhost yes PermitTTY yes PrintMotd no
When i try to connect from Win+PuTTy, i have error message:No supported authentication methods available (server sent public key)
/etc/ssh/sshd_config line 37: Deprecated option RSAAuthentication debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2l 25 May 2017 debug1: private host key #0: ssh-rsa SHA256:F61cGX7XOyKpBMChyVtxyaH2T23NoIr9+iAKCjRAbO4 debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' debug1: Set /proc/self/oom_score_adj from 0 to -1000 debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 192.168.1.98 port 40922 on 192.168.1.98 port 22 debug1: Client protocol version 2.0; client software version OpenSSH_7.4p1 Debian-10+deb9u3 debug1: match: OpenSSH_7.4p1 Debian-10+deb9u3 pat OpenSSH* compat 0x04000000 debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3 debug1: Enabling compatibility mode for protocol 2.0 debug1: permanently_set_uid: 110/65534 [preauth] debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: algorithm: curve25519-sha256 [preauth] debug1: kex: host key algorithm: rsa-sha2-512 [preauth] debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth] debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] debug1: rekey after 134217728 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: rekey after 134217728 blocks [preauth] debug1: KEX done [preauth] debug1: userauth-request for user usersrv service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] reprocess config line 37: Deprecated option RSAAuthentication debug1: PAM: initializing for "usersrv" debug1: PAM: setting PAM_RHOST to "192.168.1.98" debug1: PAM: setting PAM_TTY to "ssh" Connection closed by 192.168.1.98 port 40922 [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 941 debug1: audit_event: unhandled event 12
And then i try to login locally (directly under usersrv)m i got an error: Permission denied (publickey).
/etc/ssh/sshd_config line 37: Deprecated option RSAAuthentication debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2l 25 May 2017 debug1: private host key #0: ssh-rsa SHA256:F61cGX7XOyKpBMChyVtxyaH2T23NoIr9+iAKCjRAbO4 debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' debug1: Set /proc/self/oom_score_adj from 0 to -1000 debug1: Bind to port 2222 on ::. Server listening on :: port 2222. debug1: Bind to port 2222 on 0.0.0.0. Server listening on 0.0.0.0 port 2222. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 192.168.1.98 port 54596 on 192.168.1.98 port 2222 debug1: Client protocol version 2.0; client software version OpenSSH_7.4p1 Debian-10+deb9u3 debug1: match: OpenSSH_7.4p1 Debian-10+deb9u3 pat OpenSSH* compat 0x04000000 debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3 debug1: Enabling compatibility mode for protocol 2.0 debug1: permanently_set_uid: 110/65534 [preauth] debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: algorithm: curve25519-sha256 [preauth] debug1: kex: host key algorithm: rsa-sha2-512 [preauth] debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth] debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] debug1: rekey after 134217728 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: rekey after 134217728 blocks [preauth] debug1: KEX done [preauth] debug1: userauth-request for user usersrv service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] reprocess config line 37: Deprecated option RSAAuthentication debug1: PAM: initializing for "usersrv" debug1: PAM: setting PAM_RHOST to "192.168.1.98" debug1: PAM: setting PAM_TTY to "ssh" Connection closed by 192.168.1.98 port 54596 [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 1111 debug1: audit_event: unhandled event 12
Anyone had the same issue or know a solution? Kind regards.
- Correct permissions for keys at
-
Cliff Armstrong almost 5 yearsThe user needs to disable password authentication once this is done. Password authentication should not be left enabled on an internet accessible SSH server.