Permission denied (publickey)

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Permission denied (publickey)

Eben King
I'm trying to ssh to my router, which is a Netgear WNDR3700 running DD-WRT
v3.0-r27506 (07/09/15) std.  I have sshed to it in the past, so I don't know
what's wrong now.  Well, there are hints but I'm not picking them up.

Under Services -> Services -> Secure Shell, SSHd is enabled.

There, it has a text box with

ssh-rsa $KEY eben@pc

and when I do

grep $KEY ~/.ssh/*

it's in ~/.ssh/id_rsa.pub

Under Administration -> Management -> Remote Access, SSH Management is
enabled.

And yet, when from pc I run either

ssh 192.168.1.1

or

ssh eben@192.168.1.1

I get

DD-WRT v3.0-r27506 std (c) 2015 NewMedia-NET GmbH
Release: 07/09/15
Permission denied (publickey).

I can log in through the web, so my password is correct, not that I have a
chance to enter it through ssh.  What's the deal, and how do I get around
it?

--
-eben    [hidden email]    ebmanda.redirectme.net:81
LIBRA:  A big promotion is just around the corner for someone
much more talented than you.  Laughter is the very best medicine,
remember that when your appendix bursts next week.  -- Weird Al
_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Permission denied (publickey)

Art Eaton
Does the key have a password set on it?
If not, then you might need to do the following:

  * Put the public key in .ssh/authorized_keys2
  * Change the permissions of .ssh to 700
  * Change the permissions of .ssh/authorized_keys2 to 640



On 1/24/2016 5:08 PM, Eben King wrote:

> I'm trying to ssh to my router, which is a Netgear WNDR3700 running
> DD-WRT v3.0-r27506 (07/09/15) std.  I have sshed to it in the past, so
> I don't know what's wrong now.  Well, there are hints but I'm not
> picking them up.
>
> Under Services -> Services -> Secure Shell, SSHd is enabled.
>
> There, it has a text box with
>
> ssh-rsa $KEY eben@pc
>
> and when I do
>
> grep $KEY ~/.ssh/*
>
> it's in ~/.ssh/id_rsa.pub
>
> Under Administration -> Management -> Remote Access, SSH Management is
> enabled.
>
> And yet, when from pc I run either
>
> ssh 192.168.1.1
>
> or
>
> ssh eben@192.168.1.1
>
> I get
>
> DD-WRT v3.0-r27506 std (c) 2015 NewMedia-NET GmbH
> Release: 07/09/15
> Permission denied (publickey).
>
> I can log in through the web, so my password is correct, not that I
> have a chance to enter it through ssh.  What's the deal, and how do I
> get around it?
>

_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Permission denied (publickey)

Art Eaton
In reply to this post by Eben King
Bryan and I ran into that a few days ago...Well, I ran into it, and
Bryan fixed it!

On 1/24/2016 5:08 PM, Eben King wrote:

> I'm trying to ssh to my router, which is a Netgear WNDR3700 running
> DD-WRT v3.0-r27506 (07/09/15) std.  I have sshed to it in the past, so
> I don't know what's wrong now.  Well, there are hints but I'm not
> picking them up.
>
> Under Services -> Services -> Secure Shell, SSHd is enabled.
>
> There, it has a text box with
>
> ssh-rsa $KEY eben@pc
>
> and when I do
>
> grep $KEY ~/.ssh/*
>
> it's in ~/.ssh/id_rsa.pub
>
> Under Administration -> Management -> Remote Access, SSH Management is
> enabled.
>
> And yet, when from pc I run either
>
> ssh 192.168.1.1
>
> or
>
> ssh eben@192.168.1.1
>
> I get
>
> DD-WRT v3.0-r27506 std (c) 2015 NewMedia-NET GmbH
> Release: 07/09/15
> Permission denied (publickey).
>
> I can log in through the web, so my password is correct, not that I
> have a chance to enter it through ssh.  What's the deal, and how do I
> get around it?
>
_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Permission denied (publickey)

Eben King
In reply to this post by Art Eaton
On Sun, 24 Jan 2016, Art Eaton wrote:

> Does the key have a password set on it?
> If not, then you might need to do the following:
>
> * Put the public key in .ssh/authorized_keys2
> * Change the permissions of .ssh to 700
> * Change the permissions of .ssh/authorized_keys2 to 640

drwx------ 2 eben eben 4096 Aug  9 18:52 .ssh
-rw-r----- 1 eben eben 1015 Jan 24 19:17 .ssh/authorized_keys2

Same error.  Should I empty out id_rsa.pub?

.ssh/authorized_keys2 contains

command="/usr/NX/bin/nxnode" ssh-dss $KEY1 root@pc
ssh-rsa $KEY2 eben@pc

Is it OK that they're different forms?

I can delete the first line if it makes things easier, since that's for
something at school and I've graduated.

--
-eben    [hidden email]    ebmanda.redirectme.net:81
LIBRA:  A big promotion is just around the corner for someone
much more talented than you.  Laughter is the very best medicine,
remember that when your appendix bursts next week.  -- Weird Al
_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Permission denied (publickey)

Eben King
In reply to this post by Art Eaton
On Sun, 24 Jan 2016, Art Eaton wrote:

> Bryan and I ran into that a few days ago...Well, I ran into it, and Bryan
> fixed it!

Ask Bryan what he did, please.

--
-eben    [hidden email]    ebmanda.redirectme.net:81
LIBRA:  A big promotion is just around the corner for someone
much more talented than you.  Laughter is the very best medicine,
remember that when your appendix bursts next week.  -- Weird Al
_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Permission denied (publickey)

Bryan Lee
In reply to this post by Eben King
If I'm reading your text correctly, I don't think the first line of your
authorized_keys should be there.



If running ssh on the command line, you can get additional debugging
information by using the options "-v -v -v" to make it really Verbose.
If connecting using PuTTY, you can turn on debug logging.
I usually find the answer in the debugs.


Note that the private portion of your key is stored securely on the client
and the public (.pub) portion is uploaded to the servers to which you're
 connecting.


The pieces of public-key authentication that get me most are:


On the client side:

* Your key-pair may be required to have a password (option configured on server)

* You are not providing the correct key
        --> Specify a key to ssh using the command line option "-i <path/to/.ssh/key-file>", note this is not the file ending in .pub
        --> Once you figure out the problem and connect, you can add an entry for this host+key in .ssh/config
        --> Make sure PuTTY is providing correct key in the configuration

* Key-pair not readable by ssh (mode 000?)

* Key-pair in incorrect format
                (I'm not sure if this is an actual problem, but you can use ssh-keygen to change the key format)

* Server identity key has changed (not your problem with this error message)


On the server side: (Assuming you have command line access...)

* ~/.ssh/authorized_keys must not be writable by anyone except the user.
        --> chmod 644 ~/.ssh/authorized_keys

* ~/.ssh/ must not be writable by anyone except the user.
        --> chmod 700 ~/.ssh/

* Public key part must be appended to ~/.ssh/authorized_keys
        --> cat id_rsa.pub >> ~/.ssh/authorized_keys

* ~/.ssh/authorized_keys must contain one key per line
                (Did something add line wraps?)

* Certain versions of sshd may require the user's home directory not be world writable. (I HAVE encountered this.)

* Public key in incorrect format
                (I'm not sure if this is an actual problem, but you can use ssh-keygen to change the key format, then append to ~/.ssh/authorized_keys)



Thus Eben King hast written on Sun, Jan 24, 2016 at 07:24:32PM -0500, and, according to prophecy, it shall come to pass that:

> On Sun, 24 Jan 2016, Art Eaton wrote:
>
> >Does the key have a password set on it?
> >If not, then you might need to do the following:
> >
> >* Put the public key in .ssh/authorized_keys2
> >* Change the permissions of .ssh to 700
> >* Change the permissions of .ssh/authorized_keys2 to 640
>
> drwx------ 2 eben eben 4096 Aug  9 18:52 .ssh
> -rw-r----- 1 eben eben 1015 Jan 24 19:17 .ssh/authorized_keys2
>
> Same error.  Should I empty out id_rsa.pub?
>
> .ssh/authorized_keys2 contains
>
> command="/usr/NX/bin/nxnode" ssh-dss $KEY1 root@pc
> ssh-rsa $KEY2 eben@pc
>
> Is it OK that they're different forms?
>
> I can delete the first line if it makes things easier, since that's
> for something at school and I've graduated.
_______________________________________________
slug mailing list
[hidden email]
https://www.suncoastlug.org/mailman/listinfo/slug
Loading...