SSH Permission denied (using right password)

server permissions ssh password

28,099

Solution 1

Instead of using the hostname of the server, try using the ip-adres.
I ran into the same problem when setting up my server and this seemed to resolve the problem.

ssh [username]@[host_ip-adres]

If you want to use the hostname you might need to set up a dns-server.
but you can do without.

Solution 2

You should decide whether you want connection authentication by key/id or by password then focus on that to find the issue. I recommend using key/id since when managed correctly, it is the more secure method.

SSH will always fall back to asking for a password even in cases where it will never work. To avoid this use -o 'batchmode yes' (these quotes are needed) on the client ssh command making the connection. Then if the key cannot be accepted, it bypasses the password prompt (this is normally for use of ssh in a script that needs to avoid getting stuck at the password prompt). SSH will only try 3 keys at one time, so if the valid key is the 4th, it will not be tried and the connection will be aborted. It is best to try only one key per connection attempt if you are certain that it is the correct one. Then you can repeat the connection attempts while making changes at the server. It will help to have log file information from the server. Do grep sshd /var/log/auth.log to see what sshd is trying to tell you.

28,099

Author by

Daniele Prada

Updated on September 18, 2022

Comments

Daniele Prada over 1 year
I am having troubles setting an ssh connection between two laptops of mine. I tried different solutions posted on-line, but nothing worked. Since I am pretty new with SSH, I might be missing something important. I am using Ubuntu 14.04 LTS on the client, and Ubuntu 16.04 LTS on the server.

Here are the steps that I followed:

On the client:
- Specified host configuration options in ~/.ssh/config:
  
  Host [hostname]
```
  User [username]
  Hostname [IP address of host]
  ServerAliveInterval 10
```
- Generated RSA key by running:
ssh-keygen -t rsa -b 4096 -o -a 100
- I supplied a password to ssh-keygen. Private key was saved in ~/.ssh/id_rsa, whereas public key was saved in ~/.ssh/id_rsa.pub
- I manually copied ~/.ssh/id_rsa.pub to a USB key.
- At this point, file modes are as follows:
In ~/.ssh:
```
   -rw-rw-r--    config
   -rw-------    id_rsa
   -rw-r--r--    id_rsa.pub
```
On the server:
- installed openssh-server;
- created a new file ~/.ssh/authorized_keys by doing as follows
cat /media/daniele/disk/id_rsa.pub >> ~/.ssh/authorized_keys
- set file mode of ~/.ssh/authorized_keys to
-rw-rw-r--
- manually edited /etc/ssh/sshd_config to have
in /etc/ssh/sshd_config
```
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile     %h/.ssh/authorized_keys
PasswordAuthentication yes
```
Finally, on the client, when I try:
```
ssh [username]@[hostname]
```
the server asks for the password
```
[username]@[hostname]'s password:
```
but, even if I enter the correct one, the server does not accept it:
```
Permission denied, please try again
```
and, after three attempts, it closes the connection. Please find here a more descriptive output I get by using
```
ssh -v -v -v [username]@[hostname]
```
Any help would be greatly appreciated.

Thank you very much for your time
- steeldriver almost 7 years
  
  IIRC the authorized_keys file should be -rw------- (octal mode 600) and the ~/.ssh directories themselves should be drwx------ (octal mode 700) on both client and server
- Daniele Prada almost 7 years
  
  Thank you @steeldriver, but that did not work
- steeldriver almost 7 years
  
  Just to be clear, are you entering your Unix password for the remote account, or the passphrase that you entered when generating the keypair? Is your home directory on the remote host encrypted?
- Daniele Prada almost 7 years
  
  Good point. I am entering the passphrase entered when generating the keypair. Concerning my home directory on the remote host, I did: ls -a /home and found no .encryptfs folder, so I assume it is not encrypted. Am I correct? Sorry for the stupid question, but am I supposed to run some combination of adduser/passwd on the host?
- Daniele Prada almost 7 years
  
  If that helps, entering any other random combination of characters, always returns Permission denied, please try again. I just tried
- steeldriver almost 7 years
  
  Probably the easiest thing to try is enter your Unix password when you get the [username]@[hostname]'s password: prompt (at that point, key-based authentication has already been tried and rejected) and then open a second terminal window on your client and try to connect again. (The first - password based - login will decrypt and mount your home dir, if that is the issue.)
- Daniele Prada almost 7 years
  
  @steeldriver that did not work either, but thanks for the hint
- steeldriver almost 7 years
  
  At what point did it not work? Did the password-based login fail as well? At this point I don't really know what to suggest except starting over and using ssh-copy-id instead of transferring the key manually.
- Daniele Prada almost 7 years
  
  @steeldriver Yes, the password-based login initially failed as well. However, following your hints, I added a new user [username] on the host and tried the corresponding Unix password when I got [username]@[hostname]'s password, and that did work. However, now my (newbie) question is whether I am bypassing the RSA key or not
- steeldriver almost 7 years
  
  Not exactly "bypassing" - based on your log, it is trying the key but failing and dropping back to password-based authentication. The prompt will be different for unlocking your RSA key (something like Enter passphrase for key '/home/username/.ssh/id_rsa': ). Having logged in with your password, are you then able to log in from another terminal using your keypair?
- Daniele Prada almost 7 years
  
  @steeldriver Sorry for keeping you waiting, but I did few different attempts. Anyway, no, having logged in with my password, I am not then able to log in from another terminal using my keypair. It keeps asking for the Unix password. However, I believe the key is being checked somehow, because if I do ssh [other user]@[hostname] I get this warning: Agent admitted failure using the key (note: [other user] is the default home user I have on [hostname]). Does it make sense?
Daniele Prada almost 7 years

Thank you @Bjorn, but it did not work
Bjorn almost 7 years

the authorized keys are user specific, if you did not make the directory in the home folder of the user you want to remotely connect to the rsa key will not be found
Skaperen almost 6 years

set all file modes to the most secure, 0600 (-rw-------) for regular files, 0700 (drwx------) for directories. you have no reason to allow anyone else to read these.
Ege Kuzubasioglu about 2 years

Logged in to upvote you my man!
Erick A. Montañez about 2 years

your comment about the logs helped me find the issue: My shell as misconfigured so it was declining the ssh session. thank you