ssh permission denied (publickey,keyboard-interactive)
The public key should be created on the guest machine. So guest machine ssh-keygen
and cat id_rsa.pub >> authorized_keys
where id_rsa.pub
is from guest machine and authorized_keys
is on host machine.
Related videos on Youtube
eZeth
Updated on September 18, 2022Comments
-
eZeth over 1 year
Why I insist on asking a question
I've done a quick search on this problem and done a few solutions that have been said. None worked.
What I did
Termux as host. Installed
apt install openssh
, created publickeyssh-keygen
with empty passphrase. And so I continued withcat id_rsa.pub >> authorized_keys
. Tried ssh withssh localhost -p 8022 -i id_rsa
at host machine. No problem. But withssh IP -p 8022 -i id_rsa
at guest machine, no luck. I getPermission denied (publickey,keyboard-interactive)
sshd -d
From host machine (success)
$ sshd -d debug1: sshd version OpenSSH_7.8, OpenSSL 1.1.1 11 Sep 2018 debug1: private host key #0: ssh-rsa SHA256:iFL8gWX/82tKCisCVLKZBNPOqjhCJkc7FsMnrpgnvLQ debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:e6xyxgJ4tsTWSgh/l8ugijsCnJNz10tc+CLtuLFiUvE debug1: private host key #2: ssh-ed25519 SHA256:5+j3igYvX5HjpIMV9OikSdhN9JxDzxhHkDfkA7huHp8 debug1: rexec_argv[0]='/data/data/com.termux/files/usr/bin/sshd' debug1: rexec_argv[1]='-d' debug1: Bind to port 8022 on ::. Server listening on :: port 8022. debug1: Bind to port 8022 on 0.0.0.0. Server listening on 0.0.0.0 port 8022. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 7 out 7 newsock 7 pipe -1 sock 10 debug1: inetd sockets after dupping: 5, 5 Connection from 127.0.0.1 port 54583 on 127.0.0.1 port 8022 debug1: Client protocol version 2.0; client software version OpenSSH_7.8 debug1: match: OpenSSH_7.8 pat OpenSSH* compat 0x04000000 debug1: Local version string SSH-2.0-OpenSSH_7.8 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_INIT debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: KEX done debug1: userauth-request for user u0_a121 service ssh-connection method none debug1: attempt 0 failures 0 Failed none for u0_a121 from 127.0.0.1 port 54583 ssh2 debug1: userauth-request for user u0_a121 service ssh-connection method publickey debug1: attempt 1 failures 0 debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0 debug1: temporarily_use_uid: 10121/10121 (e=10121/10121) debug1: trying public key file /data/data/com.termux/files/home/.ssh/authorized_keys debug1: fd 9 clearing O_NONBLOCK debug1: /data/data/com.termux/files/home/.ssh/authorized_keys:2: matching key found: RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0 debug1: /data/data/com.termux/files/home/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Accepted key RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0 found at /data/data/com.termux/files/home/.ssh/authorized_keys:2 debug1: restore_uid: (unprivileged) Postponed publickey for u0_a121 from 127.0.0.1 port 54583 ssh2 debug1: userauth-request for user u0_a121 service ssh-connection method publickey debug1: attempt 2 failures 0 debug1: temporarily_use_uid: 10121/10121 (e=10121/10121) debug1: trying public key file /data/data/com.termux/files/home/.ssh/authorized_keys debug1: fd 9 clearing O_NONBLOCK debug1: /data/data/com.termux/files/home/.ssh/authorized_keys:2: matching key found: RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0 debug1: /data/data/com.termux/files/home/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Accepted key RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0 found at /data/data/com.termux/files/home/.ssh/authorized_keys:2 debug1: restore_uid: (unprivileged) debug1: auth_activate_options: setting new authentication options Accepted publickey for u0_a121 from 127.0.0.1 port 54583 ssh2: RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: Entering interactive session for SSH2. debug1: server_init_dispatch debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_global_request: rtype [email protected] want_reply 0 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/pts/2 debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell Starting session: shell on pts/2 for u0_a121 from 127.0.0.1 port 54583 id 0 debug1: Setting controlling tty using TIOCSCTTY.
From guest machine (Permission denied)
$ sshd -d debug1: sshd version OpenSSH_7.8, OpenSSL 1.1.1 11 Sep 2018 debug1: private host key #0: ssh-rsa SHA256:iFL8gWX/82tKCisCVLKZBNPOqjhCJkc7FsMnrpgnvLQ debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:e6xyxgJ4tsTWSgh/l8ugijsCnJNz10tc+CLtuLFiUvE debug1: private host key #2: ssh-ed25519 SHA256:5+j3igYvX5HjpIMV9OikSdhN9JxDzxhHkDfkA7huHp8 debug1: rexec_argv[0]='/data/data/com.termux/files/usr/bin/sshd' debug1: rexec_argv[1]='-d' debug1: Bind to port 8022 on ::. Server listening on :: port 8022. debug1: Bind to port 8022 on 0.0.0.0. Server listening on 0.0.0.0 port 8022. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 7 out 7 newsock 7 pipe -1 sock 10 debug1: inetd sockets after dupping: 5, 5 Connection from 192.168.0.154 port 45802 on 192.168.0.197 port 8022 debug1: Client protocol version 2.0; client software version OpenSSH_7.4p1 Debian-10+deb9u4 debug1: match: OpenSSH_7.4p1 Debian-10+deb9u4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002 debug1: Local version string SSH-2.0-OpenSSH_7.8 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_INIT debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: KEX done debug1: userauth-request for user izzatnasrun service ssh-connection method none debug1: attempt 0 failures 0 Failed none for izzatnasrun from 192.168.0.154 port 45802 ssh2 debug1: userauth-request for user izzatnasrun service ssh-connection method keyboard-interactive debug1: attempt 1 failures 0 debug1: keyboard-interactive devs debug1: auth2_challenge: user=izzatnasrun devs= debug1: kbdint_alloc: devices '' Failed keyboard-interactive for izzatnasrun from 192.168.0.154 port 45802 ssh2 Connection closed by authenticating user izzatnasrun 192.168.0.154 port 45802 debug1: do_cleanup
NOTE
Permissions are as follows on host machine
chmod 600 ~/.ssh/authorized_keys chmod 700 ~/.ssh chmod 700 ~
Termux sshd is set 8022 as default
- Termux do not accept password so
PasswordAuthentication no
is a must
-
davidgo over 5 yearsIt sounds almost like you are confusing the host machine and your terminal, and that you have created the new id_rsa key on the host machine (which is probably not what you wanted to do). Can you be clearer as to where you have created what resources?
-
eZeth over 5 yearsAhh I see. So you should create new id_rsa on guest machine and use the guest machine's public key on the ssh host machine.
-
davidgo over 5 yearsYes. Pretending you did not own guest machines, the private key is private, so you create it on your system, then you give the public key to the server to provide access.