SCP Asking for Password with RSA Key

Question

I've followed a few tutorials on setting up RSA Public Key Authentication, but I cannot seem to get it to work. I can SSH into the remote machine without a password, but when I try and scp files, I still get prompted for a password even though it accepts the key...

This is the output...

nsizemore@usday02fsd:~$ scp -v -i /home/nsizemore/.ssh/id_rsa /home/nsizemore/test.txt nsizemore@10.152    .134.3:/home/nsizemore/
Executing: program /usr/bin/ssh host 10.152.134.3, user nsizemore, command scp -v -t /home/nsizemore/
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.152.134.3 [10.152.134.3] port 22.
debug1: Connection established.
debug1: identity file /home/nsizemore/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/nsizemore/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1p1 Debian-4
debug1: match: OpenSSH_6.1p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 38:5e:f5:62:87:7c:f7:55:2e:4b:6f:20:5d:00:44:40
debug1: Host '10.152.134.3' is known and matches the ECDSA host key.
debug1: Found key in /home/nsizemore/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/nsizemore/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
nsizemore@10.152.134.3's password:
debug1: Authentication succeeded (password).
Authenticated to 10.152.134.3 ([10.152.134.3]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: scp -v -t /home/nsizemore/
Sending file modes: C0644 20 test.txt
Sink: C0644 20 test.txt
test.txt                                                                          100%   20     0.    0KB/s   00:00
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 2288, received 1672 bytes, in 0.8 seconds
Bytes per second: sent 2757.2, received 2014.9
debug1: Exit status 0

Thanks in advance for any help!

Check the debug log in the _server_ to find out what is happening. — Michael Hampton, May 23 '13 at 20:31
Have you checked the permissions of the .ssh directory on the remote system as well its parent? — mdpc, May 23 '13 at 21:01

score 3 · Accepted Answer · answered May 23 '13 at 20:33

3

Your key wasn't accepted:

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/nsizemore/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password

Please check server logs rather then client logs.

answered May 23 '13 at 20:33

Chris

643
6
11

Where do I do this? I do not have a debug log in `/var/log/` I checked the `auth.log` but it only has my ssh sessions, not my scp things...? – w3rthl3ss May 23 '13 at 20:40
I'm RHEL guy but I would look into '/var/log/secure'. Tail your 'auth.log' while connecting and see what's popping up. You can set SSHD to be more verbose (/etc/ssh/sshd_conf) but that needs reload of sshd. – Chris May 23 '13 at 20:43
What distro are you running on server? – Sudheer May 23 '13 at 20:44
Distro - Ubuntu 13.04 – w3rthl3ss May 23 '13 at 20:45
I have no `var/log/debug` or `/var/log/secure`? No idea where to look? – w3rthl3ss May 23 '13 at 20:48
`/var/log/auth.log` and `/var/log/messages` – Chris May 23 '13 at 20:49
On server: `tail -f /var/log/auth.log` and then try SCP. – Chris May 23 '13 at 20:52
Extremely embarrassing - I had the IP address wrong in the SCP command, was supposed to be going to `.203` instead of to `.3` I only figured this out because while I was tailing, nothing was moving when the command executed... Thanks! – w3rthl3ss May 23 '13 at 21:02

score 0 · Answer 2 · answered Jun 01 '15 at 00:17

0

You may be using the public key (instead of the private key) to connect. Make sure that id_rsa does indeed contain your private key.

answered Jun 01 '15 at 00:17

antler

1

score -1 · Answer 3 · answered May 23 '13 at 20:43

-1

Add your key to the server:

ssh-copy-id -i /home/nsizemore/.ssh/id_rsa nsizemore@10.152.134.3

Then try ssh or scp. Both should work.

answered May 23 '13 at 20:43

Sudheer

169
2
10

Key is added to server, I can SSH just fine, SCP fails... – w3rthl3ss May 23 '13 at 20:45

SCP Asking for Password with RSA Key

3 Answers3