3

I want to ssh from my home computer (user: antonio@antonio-home) to serveruser@serverhost with rsa-key.

I generated rsa-key with ssh-keygen -t rsa and uploaded to server, but it is still asking me for password.

If I will create user antonio on serverhost and copy my id_rsa.pub into home directory of user antonio I can successfully do ssh antonio@serverhost. But ssh serveruser@serverhost isn't working (id_rsa.pub is inside home dir of serveruser too)

What am I doing wrong? maybe I should specify username while I generate rsa key? Something like ssh-keygen -t rsa --user serveruser?

I used ssh-copy-id to send key to the server, also tried to do cat ~/.ssh/id_rsa_serveruser.pub |ssh -lserveruser <hostname or IP of server> "cat >> .ssh/authorized_keys"

File permissions on server: drwx------ .ssh and -rw------- authorized_keys. serveruser is owner of this files and dirs.

File authorized_keys on the server:

ssh-rsa AAAAB3NzaC1yc2EA....AAADAQA antonio@Antonio-Home

I can see that there's still wrong username at the end of this file: antonio@Antonio-Home. Maybe, there's the problem?

I tried to set and not to set passphrase for the key - no difference

Antonio-Home:.ssh antonio$ cat config 
Host serveruser
Hostname <ip>
User serveruser
Identityfile2 ~/.ssh/id_rsa

ssh -vvvv serveruser
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/antonio/.ssh/config
debug1: /Users/antonio/.ssh/config line 1: Applying options for serveruser
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to <ip> [<ip>] port 22.
debug1: Connection established.
debug1: identity file /Users/antonio/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/antonio/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to <ip>:22 as 'serveruser'
debug3: hostkeys_foreach: reading file "/Users/antonio/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/antonio/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from <ip>
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:ceUAVoQrX7gnlD3N4j82eaYSO15RKgNDfdL66+cdTCA
debug3: hostkeys_foreach: reading file "/Users/antonio/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/antonio/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from <ip>
debug1: Host '<ip>' is known and matches the RSA host key.
debug1: Found key in /Users/antonio/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/antonio/.ssh/id_rsa (0x7f97e1713cb0), explicit
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/antonio/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
serveruser@<ip>'s password:
Antonio
  • 169
  • 1
  • 11
  • Did you use `ssh-copy-id` for both of the users? Are the permissions/owners correct for `serveruser`? – Eric Renouf Oct 24 '16 at 16:36
  • yes, I used `ssh-copy-id` for `serveruser@serverhost` and `antonio@serverhost`. Permission: `600 authorized_keys` – Antonio Oct 24 '16 at 16:41
  • And the owner is `serveruser` right? Are there any relevant logs from the ssh server, and what do you see that's different if you try doing `ssh -vvvv ` for each of the users? Also, please edit the question with new information instead of adding it to the comments. – Eric Renouf Oct 24 '16 at 16:43

3 Answers3

1

Finally, I got the solution! On the server my .ssh folder was owned by user serveruser and by group root, when I changed group to hosting (group where serveruser is). Everything started working fine. Thanks everybody for your help!

Antonio
  • 169
  • 1
  • 11
0

You can configure your ssh client to connect to your server using another username by default. In your ~/.ssh/config :

Host serverhost
User serveruser

This way you connect straight without changes to your server users.

Then be sure about the permisions of the ssh files, at serveruser's home:

chmod 0700 .ssh; chmod 0600 .ssh/authorized_keys

Fredi
  • 2,257
  • 10
  • 13
  • I don't think that really has much to do with the problem in the question, where the key is (seemingly) not being accepted for one user, but is for another – Eric Renouf Oct 24 '16 at 16:41
  • From the question it's not clear, the way i understood it was that he was doing a ssh serverhost (without specifying the username) – Fredi Oct 24 '16 at 16:47
  • Well, it does say that `ssh serveruser@serverhost` isn't working for the OP – Eric Renouf Oct 24 '16 at 17:23
0

Run:

ssh-keygen -trsa -b2048 -f ~/.ssh/id_rsa_serveruser

Then

cat ~/.ssh/id_rsa_serveruser.pub |ssh -lserveruser <hostname or IP of server> "cat >> .ssh/authorized_keys"

enter your password when prompted.

then In your ~/.ssh/config file:

Host <nickname for connection>
Hostname <hostname or IP address of serverhost>
User serveruser
Identityfile2 ~/.ssh/id_rsa_serveruser

and you should be able to use 

ssh <nickname for connection>

and you will not be prompted for a password. if this does not work make sure that the ~/.ssh/authorized_keys file actually exists with appropriate permissions on the server

EDIT

I can see that there's still wrong username at the end of this file: antonio@Antonio-Home. Maybe, there's the problem?

from the ssh-keygen man page:

For RSA1 keys, there is also a comment field in the key file that is only for convenience to the user
     to help identify the key.  The comment can tell what the key is for, or whatever is useful.  The com-
     ment is initialized to ``user@host'' when the key is created, but can be changed using the -c option.

I think the "username" you see at the end of this .pub file is that comment, so that is most likely not the problem.

Matt
  • 2,751
  • 1
  • 14
  • 20
  • Isn't it so that at least once you will be asked to verify with the password that was used to generate the ssh-key? – dbf Oct 24 '16 at 19:21
  • I was assuming that you used no passphrase when creating the key – Matt Oct 24 '16 at 20:15
  • I tried your solution. ssh logins with user `serveruser` but still asks for password. permissions are ok: `-rw------- authorized_keys` `rwx------ .ssh` – Antonio Oct 24 '16 at 21:16
  • @Antonio can you post the output of `ssh -vvv serveruser@serverhost`. did youmake the changes to `.ssh/config` as well and/or post its contents, because that is a necessary step and was not included in things you have tried so far? – Matt Oct 24 '16 at 21:40
  • @Matt, just posted it – Antonio Oct 24 '16 at 21:50
  • Thanks @Antonio, does the `/etc/ssh/sshd_config` file contain the line `StrictModes=no` and/or what are your strict mode settings? – Matt Oct 24 '16 at 22:10