Hello, Output from several suggestions: ------------------------------------------------ Permissions (backuppc is the user having problems) :
backuppc@sirius:~$ ls -ld /usr/local/BackupPC drwxr-xr-x 6 backuppc backuppc 4096 Nov 13 12:12 /usr/local/BackupPC backuppc@sirius:~$ ls -ld /usr/local/BackupPC/.ssh drwx------ 2 backuppc backuppc 4096 Nov 13 12:08 /usr/local/BackupPC/.ssh backuppc@sirius:~$ ls -l /usr/local/BackupPC/.sshtotal 28 -rw------- 1 backuppc backuppc 1790 Nov 13 12:04 authorized_keys -rw-r----- 1 backuppc backuppc 2240 Nov 13 12:02 config -rw-r--r-- 1 backuppc backuppc 142 Nov 13 12:08 known_hosts -rw------- 1 backuppc backuppc 484 Nov 13 12:03 sirius_bpc-id_ed25519 -rw-r----- 1 backuppc backuppc 126 Nov 13 12:03 sirius_bpc-id_ed25519.pub -rw------- 1 backuppc backuppc 3479 Nov 13 12:04 sirius_bpc-id_rsa -rw-r----- 1 backuppc backuppc 770 Nov 13 12:04 sirius_bpc-id_rsa.pub backuppc@sirius:~$ backuppc@sirius:~$ ls -la /etc/ssh drwxr-xr-x 2 root root 4096 Nov 13 12:04 . drwxr-xr-x 131 root root 12288 Nov 13 12:05 .. -rw-r--r-- 1 root root 511915 Nov 13 12:02 moduli -rw-r--r-- 1 root root 553122 Aug 21 11:14 moduli.dist -rw------- 1 root root 888 Nov 13 12:03 sirius_alan-authorized_keys -rw-rw---- 1 root root 896 Nov 13 12:04 sirius_bpc-authorized_keys -rw-r--r-- 1 root root 2830 Nov 13 12:02 ssh_config -rw-r--r-- 1 root root 1723 Aug 21 11:14 ssh_config.dist -rw-r--r-- 1 root root 4239 Nov 13 12:02 sshd_config -rw-r--r-- 1 root root 3298 Aug 21 11:14 sshd_config.dist -rw------- 1 root root 432 Nov 13 12:03 ssh_host_ed25519_key -rw-r----- 1 root root 117 Nov 13 12:03 ssh_host_ed25519_key.pub -rw------- 1 root root 3243 Nov 13 12:03 ssh_host_rsa_key -rw-r----- 1 root root 761 Nov 13 12:03 ssh_host_rsa_key.pub backuppc@sirius:~$ These permissions are identical to the user that works. ------------------------------------------------ Output from David's troubleshooting : As backuppc (problem user): backuppc@sirius:~$ whoami backuppc backuppc@sirius:~$ hostname sirius backuppc@sirius:~$ cat /etc/debian_version 9.6 backuppc@sirius:~$ uname -a Linux sirius 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux backuppc@sirius:~$ dpkg-query -W openssh-client openssh-client 1:7.4p1-10+deb9u4 backuppc@sirius:~$ ls -aFl /usr/local/BackupPC/.ssh total 36 drwx------ 2 backuppc backuppc 4096 Nov 13 12:08 ./ drwxr-xr-x 6 backuppc backuppc 4096 Nov 13 12:12 ../ -rw------- 1 backuppc backuppc 1790 Nov 13 12:04 authorized_keys -rw-r----- 1 backuppc backuppc 2240 Nov 13 12:02 config -rw-r--r-- 1 backuppc backuppc 142 Nov 13 12:08 known_hosts -rw------- 1 backuppc backuppc 484 Nov 13 12:03 sirius_bpc-id_ed25519 -rw-r----- 1 backuppc backuppc 126 Nov 13 12:03 sirius_bpc-id_ed25519.pub -rw------- 1 backuppc backuppc 3479 Nov 13 12:04 sirius_bpc-id_rsa -rw-r----- 1 backuppc backuppc 770 Nov 13 12:04 sirius_bpc-id_rsa.pub backuppc@sirius:~$ ssh -v sirius OpenSSH_7.4p1 Debian-10+deb9u4, OpenSSL 1.0.2l 25 May 2017 debug1: Reading configuration data /usr/local/BackupPC/.ssh/config debug1: /usr/local/BackupPC/.ssh/config line 16: Applying options for sirius debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: /etc/ssh/ssh_config line 69: Deprecated option "useroaming" debug1: Connecting to 192.168.8.3 [192.168.8.3] port 50400. debug1: Connection established. debug1: identity file /usr/local/BackupPC/.ssh/sirius_bpc-id_ed25519 type 4 debug1: key_load_public: No such file or directory debug1: identity file /usr/local/BackupPC/.ssh/sirius_bpc-id_ed25519-cert type -1 debug1: identity file /usr/local/BackupPC/.ssh/sirius_bpc-id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /usr/local/BackupPC/.ssh/sirius_bpc-id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u4 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u4 debug1: match: OpenSSH_7.4p1 Debian-10+deb9u4 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 192.168.8.3:50400 as 'backuppc' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-ed25519 SHA256:Qmmw9Hw9F68Lv9vTJTHpbJtwOzxUxod4FFAnA16D5bk debug1: Host '[192.168.8.3]:50400' is known and matches the ED25519 host key. debug1: Found key in /usr/local/BackupPC/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering ED25519 public key: /usr/local/BackupPC/.ssh/sirius_bpc-id_ed25519 debug1: Server accepts key: pkalg ssh-ed25519 blen 51 debug1: Offering RSA public key: /usr/local/BackupPC/.ssh/sirius_bpc-id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 535 debug1: No more authentication methods to try. Permission denied (publickey). backuppc@sirius:~$ ____________ as root : root@sirius:~# whoami root root@sirius:~# hostname sirius root@sirius:~# cat /etc/debian_version 9.6 root@sirius:~# uname -a Linux sirius 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux root@sirius:~# dpkg-query -W openssh-client openssh-client 1:7.4p1-10+deb9u4 root@sirius:~# ls -aFl /usr/local/BackupPC/.ssh total 36 drwx------ 2 backuppc backuppc 4096 Nov 13 12:08 ./ drwxr-xr-x 6 backuppc backuppc 4096 Nov 13 12:12 ../ -rw------- 1 backuppc backuppc 1790 Nov 13 12:04 authorized_keys -rw-r----- 1 backuppc backuppc 2240 Nov 13 12:02 config -rw-r--r-- 1 backuppc backuppc 142 Nov 13 12:08 known_hosts -rw------- 1 backuppc backuppc 484 Nov 13 12:03 sirius_bpc-id_ed25519 -rw-r----- 1 backuppc backuppc 126 Nov 13 12:03 sirius_bpc-id_ed25519.pub -rw------- 1 backuppc backuppc 3479 Nov 13 12:04 sirius_bpc-id_rsa -rw-r----- 1 backuppc backuppc 770 Nov 13 12:04 sirius_bpc-id_rsa.pub root@sirius:~# grep backuppc@sirius /usr/local/BackupPC/.ssh/authorized_keys ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIG1jFCDbjX1AuKEpi3U0rPtxW79kZwcEAzN+shbnni Generated on 181113.1203 for backuppc@sirius ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD2fiZLF9Q0+RKERleUw2LnoEXF3FdF/UPPX+khWUVIc+SWG+mTSIlFeEWNeoLpa32Vfb0T8cNooMgR6sodxQZlzC15ByPSotW7AHAdBylzkP0G4GM4zTYlkfuIzeJClNrNuphzbdIa8dH9xhmhqE7FbHcq34LErQX1zBfGcDVyqUABVdXTLqtDKRS2P3hCQ8gR8u0BDesvTUYWPwJXkXaq9UdS9VWsJuyQhnqzFKOm+cPdoqRFtvVAIxlqAyI9ok7d/cve4nIjFPg1n7ralTw4x8D4oxmOpUNqOC4dJYDCbihY3nImq0oB/+zt6uS3t232qjaUGrt0pUB2AywQwULYhGhAsiqGEaoJuuYUonCXT4IHxTIBFJraVSvr53gcM7Jm9kBcLG8x2B5rtiZzBImITv+nZnqTJgBu5q+ZBqm5FK4miBHjinscXxqCLmljXOW7Ui7uhg1NjcYMdaC1BRJoHzsTkIvnoRmONdUbDCK63n9MHikiRrvdme8SUQDjuKHfS5nNMClDfMF69Rgr27QkqOMOYYA2mqvcrjxtXS1n9DA88dnhCKsHfTDXCto710CHzQPh7YuUzlL8uNAE4RwzhOCDxgaI4WV9/qj2J+0C2PE0dkTwFqBuGytyBYFglpIhmnlucukdccZ5i/YpEkITvccB7EO/sPSRzAnm55iGUw== Generated on 181113.1203 for backuppc@sirius root@sirius:~# tail -n 20 /var/log/auth.log Nov 13 12:28:07 sirius sshd[2159]: debug1: fd 4 clearing O_NONBLOCK Nov 13 12:28:07 sirius sshd[2159]: debug2: user_key_allowed: check options: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIG1jFCDbjX1AuKEpi3U0rPtxW79kZwcEAzN+shbnni Generated on 181113.1203 for backuppc@sirius\n' Nov 13 12:28:07 sirius sshd[2159]: debug2: user_key_allowed: advance: 'AAAAC3NzaC1lZDI1NTE5AAAAIBIG1jFCDbjX1AuKEpi3U0rPtxW79kZwcEAzN+shbnni Generated on 181113.1203 for backuppc@sirius\n' Nov 13 12:28:07 sirius sshd[2159]: debug1: matching key found: file /usr/local/BackupPC/.ssh/authorized_keys, line 2 RSA SHA256:/TFnCvwpyL6W0Z4I71jw9u3eY4rWqB9lnHVSx3mdYNM Nov 13 12:28:07 sirius sshd[2159]: debug1: restore_uid: 0/0 Nov 13 12:28:07 sirius sshd[2159]: debug3: mm_answer_keyallowed: key 0x55f0b985d0d0 is allowed Nov 13 12:28:07 sirius sshd[2159]: debug3: mm_request_send entering: type 23 Nov 13 12:28:07 sirius sshd[2159]: debug3: send packet: type 60 [preauth] Nov 13 12:28:07 sirius sshd[2159]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth] Nov 13 12:28:07 sirius sshd[2159]: Postponed publickey for backuppc from 192.168.8.3 port 48708 ssh2 [preauth] Nov 13 12:28:07 sirius sshd[2159]: Connection closed by 192.168.8.3 port 48708 [preauth] Nov 13 12:28:07 sirius sshd[2159]: debug1: do_cleanup [preauth] Nov 13 12:28:07 sirius sshd[2159]: debug3: PAM: sshpam_thread_cleanup entering [preauth] Nov 13 12:28:07 sirius sshd[2159]: debug1: monitor_read_log: child log fd closed Nov 13 12:28:07 sirius sshd[2159]: debug3: mm_request_receive entering Nov 13 12:28:07 sirius sshd[2159]: debug1: do_cleanup Nov 13 12:28:07 sirius sshd[2159]: debug1: PAM: cleanup Nov 13 12:28:07 sirius sshd[2159]: debug3: PAM: sshpam_thread_cleanup entering Nov 13 12:28:07 sirius sshd[2159]: debug1: Killing privsep child 2160 Nov 13 12:28:07 sirius sshd[2159]: debug1: audit_event: unhandled event 12 root@sirius:~# On Tue, 13 Nov 2018 at 11:22, David Christensen <dpchr...@holgerdanske.com> wrote: > On 11/12/18 5:49 AM, Alan Taylor wrote: > > Greetings, > > Hi. :-) > > > > I have an ssh problem - one user can use it successfully, another > cannot. I have checked and rechecked permissions until I am blue in the > face … > > At the moment just trying to ssh into the same machine I am on for the > problem user (the other user can ssh successfully, both to the console > machine and outwards to others). > > Agent problem ? The successful user was setup in the installation, the > problem user was added at the command line after initial setup. > > Trouble-shooting can be tedious... > > > > Log output follows, appears to fail after the preauth stage … > > > > Any suggestions gratefully accepted > > > > root@sirius/etc/ssh # journalctl | grep sshd | grep "Nov 12 13:45" > <snip> > > > I would enter the following commands into the indicated accounts and > computers, substituting place holders with actual values (USERNAME, > SSH_CLIENT, SSH_SERVER). If you still don't see it, cut and paste your > console sessions into a reply: > > 1. As the user having problems on the computer having problems: > > $ whoami > > $ hostname > > $ cat /etc/debian_version > > $ uname -a > > $ dpkg-query -W openssh-client > > $ ls -aFl /home/USERNAME/.ssh > > $ ssh -v SSH_SERVER > > 2. As root on the SSH server: > > # hostname > > # cat /etc/debian_version > > # uname -a > > # dpkg-query -W openssh-server > > # ls -aFl /home/USERNAME/.ssh > > # grep USERNAME@SSH_CLIENT /home/USERNAME/.ssh/authorized_keys > > # tail /var/log/auth.log > > > David > >