Re: how to examine ssh problem
Alan Chandler a...@chandlerfamily.org.uk writes: On 04/08/11 09:15, Ivan Shmakov wrote: Alan Chandler a...@chandlerfamily.org.uk writes: (I actually have loads of these in my config file for all different combinations of username and host - I also tend to make different key pairs for each host which is why I am specifying an IdentityFile in each.) Why? The asymmetric cryptography employed by SSH is there precisely to /not/ have multiple “secrets” on the side of the party being authenticated. Two things 1) Legacy through a desire to limit issues when I was carrying around the private key on a laptop, 2) Lack of thinking things through on my part. What I should really do is consolidate down to one key for my static desktop and another key I am prepared to dispose of if the device its in gets lost. Well, I didn't say that I use a single key, either. Actually, there're a few hosts that I may be starting the SSH client on, and so each of them gets a key. It was the key per /target/ host part that made me wonder. I like to have a private key with no pass phrase to use within the privacy of my own home. Obviously anything mobile needs a pass phrase to protect it. Yes. -- FSF associate member #7257 Coming soon: Software Freedom Day http://mail.sf-day.org/lists/listinfo/ planning-ru (ru), sfd-discuss (en) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/864o1fxqlu@gray.siamics.net
Re: how to examine ssh problem
Apologies to lina - I replied directly to her instead of the list = here is what I sent. On 04/08/11 08:21, Alan Chandler wrote: On 02/08/11 16:02, lina wrote: Hi, when I tried to ssh some_server, it showed me, Permission denied (publickey,gssapi-with-mic,password). 1] I tried ssh from desktop, laptop and other server, the same problem. 2] I generate a new key by ssh-keygen in some_server, it still has this problem. I can ssh by username@full_some_server_address, but can't access in a simple way, Thanks for any advice, I think you need to add a stanza in you ~/.ssh/config file Host github HostName github.com User git IdentityFile ~/mydocs/PCinfo/keys/github/github_ssh_access Here is an example from mine. I can now go ssh github and login as git at github (I actually have loads of these in my config file for all different combinations of username and host - I also tend to make different key pairs for each host which is why I am specifying an IdentityFile in each.) -- Alan Chandler http://www.chandlerfamily.org.uk -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e3a48ed.20...@chandlerfamily.org.uk
Re: how to examine ssh problem
On Thu, Aug 4, 2011 at 3:23 PM, Alan Chandler a...@chandlerfamily.org.uk wrote: Apologies to lina - I replied directly to her instead of the list = here is what I sent. On 04/08/11 08:21, Alan Chandler wrote: On 02/08/11 16:02, lina wrote: Hi, when I tried to ssh some_server, it showed me, Permission denied (publickey,gssapi-with-mic,password). 1] I tried ssh from desktop, laptop and other server, the same problem. 2] I generate a new key by ssh-keygen in some_server, it still has this problem. I can ssh by username@full_some_server_address, but can't access in a simple way, Thanks for any advice, I think you need to add a stanza in you ~/.ssh/config file Host github HostName github.com User git IdentityFile ~/mydocs/PCinfo/keys/github/github_ssh_access Here is an example from mine. I can now go ssh github and login as git at github (I actually have loads of these in my config file for all different combinations of username and host - I also tend to make different key pairs for each host which is why I am specifying an IdentityFile in each.) Thanks for your suggestions. Actually I have had an inherited config file, which is sound. Just two weeks ago, I messed up the permission issue when I import some other public keys into authorized_keys. I guess I did something like chmod a+w * in .ssh directory. so the problem came out. With someone's help (someone sent me off-list suggestions to check the permission issue of this), which was something I barely realized to examine. Thanks again for your suggestions and others help, Best regards, lina -- Alan Chandler http://www.chandlerfamily.org.uk -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e3a48ed.20...@chandlerfamily.org.uk -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJmk=qAW+N2ce7ewMk_LwxZ_X=cfvdmyhsggk6kjmomw...@mail.gmail.com
Re: how to examine ssh problem
Alan Chandler a...@chandlerfamily.org.uk writes: (I actually have loads of these in my config file for all different combinations of username and host - I also tend to make different key pairs for each host which is why I am specifying an IdentityFile in each.) Why? The asymmetric cryptography employed by SSH is there precisely to /not/ have multiple “secrets” on the side of the party being authenticated. The authentication systems based on symmetric cryptography (say, Kerberos), indeed, require the authenticated party to have a distinct shared secret for each of the “authentication realms” (say, Kerberos realms) it belongs to -- FSF associate member #7257 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/86mxfph9sn@gray.siamics.net
Re: how to examine ssh problem
On 04/08/11 09:15, Ivan Shmakov wrote: Alan Chandlera...@chandlerfamily.org.uk writes: (I actually have loads of these in my config file for all different combinations of username and host - I also tend to make different key pairs for each host which is why I am specifying an IdentityFile in each.) Why? The asymmetric cryptography employed by SSH is there precisely to /not/ have multiple “secrets” on the side of the party being authenticated. Two things 1) Legacy through a desire to limit issues when I was carrying around the private key on a laptop, 2) Lack of thinking things through on my part. What I should really do is consolidate down to one key for my static desktop and another key I am prepared to dispose of if the device its in gets lost. I like to have a private key with no pass phrase to use within the privacy of my own home. Obviously anything mobile needs a pass phrase to protect it. -- Alan Chandler http://www.chandlerfamily.org.uk -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e3ab3c0.8080...@chandlerfamily.org.uk
Re: how to examine ssh problem
Thanks all for your suggestions. The problem was solved after chmod og-rw * in ~/.ssh directory. Thanks, On Wed, Aug 3, 2011 at 11:55 AM, Eero Volotinen eero.voloti...@iki.fi wrote: 2011/8/2 lina lina.lastn...@gmail.com: Hi, when I tried to ssh some_server, it showed me, Permission denied (publickey,gssapi-with-mic,password). 1] I tried ssh from desktop, laptop and other server, the same problem. 2] I generate a new key by ssh-keygen in some_server, it still has this problem. I can ssh by username@full_some_server_address, but can't access in a simple way, check that .ssh and .ssh/auhorized_keys is with correct permissions. You can also get information from server ssh log about problem. -- Eero -- Best Regards, lina -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJm=qmaf3zx85jvd-ohrshr2yqw9e0_dadnsshn2+taq...@mail.gmail.com
how to examine ssh problem
Hi, when I tried to ssh some_server, it showed me, Permission denied (publickey,gssapi-with-mic,password). 1] I tried ssh from desktop, laptop and other server, the same problem. 2] I generate a new key by ssh-keygen in some_server, it still has this problem. I can ssh by username@full_some_server_address, but can't access in a simple way, Thanks for any advice, -- Best Regards, lina -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cag9cjmkfk1pznruqurkj-vsfizzouwcmapcmrwi0pnkfv_7...@mail.gmail.com
Re: how to examine ssh problem
On Tue, 2011-08-02 at 23:02 +0800, lina wrote: Hi, when I tried to ssh some_server, it showed me, Permission denied (publickey,gssapi-with-mic,password). 1] I tried ssh from desktop, laptop and other server, the same problem. 2] I generate a new key by ssh-keygen in some_server, it still has this problem. I can ssh by username@full_some_server_address, but can't access in a simple way, try: ssh -vvv user@host Joao Thanks for any advice, -- Best Regards, lina -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1312298664.5701.0.ca...@wheejy.critical.pt
Re: how to examine ssh problem
On Tue, Aug 2, 2011 at 11:24 PM, Joao Ferreira Gmail joao.miguel.c.ferre...@gmail.com wrote: On Tue, 2011-08-02 at 23:02 +0800, lina wrote: Hi, when I tried to ssh some_server, it showed me, Permission denied (publickey,gssapi-with-mic,password). 1] I tried ssh from desktop, laptop and other server, the same problem. 2] I generate a new key by ssh-keygen in some_server, it still has this problem. I can ssh by username@full_some_server_address, but can't access in a simple way, try: ssh -vvv user@host ... debug1: Found key in /home/lina/.ssh/known_hosts:3 debug2: bits set: 529/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/lina/.ssh/id_rsa (0x7f9e47a530a0) debug2: key: /home/lina/.ssh/id_dsa (0x7f9e47a58660) debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-with-mic,password debug3: preferred publickey,keyboard-interactive debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/lina/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Offering public key: /home/lina/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,gssapi-with-mic,password) I don't know how to check further, thanks for any more advice, Joao Thanks for any advice, -- Best Regards, lina -- Best Regards, lina -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cag9cjmkvrpe91-b1nofgundvf-aefqhsncsj8zcd4qy6pqa...@mail.gmail.com
Re: how to examine ssh problem
Hi Lina, lina wrote: I can ssh by username@full_some_server_address, but can't access in a simple way, Is it simply that you are one user and you want to ssh to a different user name? If you ssh some_server, then it will default to whatever username you are currently logged in as. -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e382523.9070...@affinityvision.com.au
Re: how to examine ssh problem
2011/8/2 lina lina.lastn...@gmail.com: On Tue, Aug 2, 2011 at 11:24 PM, Joao Ferreira Gmail joao.miguel.c.ferre...@gmail.com wrote: On Tue, 2011-08-02 at 23:02 +0800, lina wrote: Hi, when I tried to ssh some_server, it showed me, Permission denied (publickey,gssapi-with-mic,password). 1] I tried ssh from desktop, laptop and other server, the same problem. 2] I generate a new key by ssh-keygen in some_server, it still has this problem. I can ssh by username@full_some_server_address, but can't access in a simple way, try: ssh -vvv user@host ... debug1: Found key in /home/lina/.ssh/known_hosts:3 debug2: bits set: 529/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/lina/.ssh/id_rsa (0x7f9e47a530a0) debug2: key: /home/lina/.ssh/id_dsa (0x7f9e47a58660) debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-with-mic,password debug3: preferred publickey,keyboard-interactive debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/lina/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Offering public key: /home/lina/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,gssapi-with-mic,password) I don't know how to check further, thanks for any more advice, Joao Thanks for any advice, -- Best Regards, lina -- Best Regards, lina -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cag9cjmkvrpe91-b1nofgundvf-aefqhsncsj8zcd4qy6pqa...@mail.gmail.com Hi, Can you delete your public key in the remote server and copy it again using: ssh-copy-id user@machine This way ssh-copy-id will check the permissions on the remote server. From the man page ssh-copy-id is a script that uses ssh to log into a remote machine (presumably using a login password, so password authentication should be enabled, unless you've done some clever use of multiple identities) It also changes the permissions of the remote user's home, ~/.ssh, and ~/.ssh/authorized_keys to remove group writability (which would otherwise prevent you from logging in, if the remote sshd has StrictModes set in its con‐ figuration). Good luck -- Mi nueva dirección es: - My new email address is: - Mon nouveau email est: j...@elsotanillo.net Usuario Linux Registrado: #257202 http://www.elsotanillo.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CABS=y9s2Muz9=nqts_8yorkw8z7ckgmurdcxnanckwzjgqc...@mail.gmail.com
Re: how to examine ssh problem
lina: I can ssh by username@full_some_server_address, but can't access in a simple way, Then create the file ~/.ssh/config and add an entry like this: Host shortname User username HostName full_some_server_address After saving the file, you can use 'ssh shortname' to connect to the remote system using the settings from the config file. J. -- I start many things but I have yet to finish a single one. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: how to examine ssh problem
On Wed, Aug 3, 2011 at 12:34 AM, Juan Sierra Pons j...@elsotanillo.net wrote: 2011/8/2 lina lina.lastn...@gmail.com: On Tue, Aug 2, 2011 at 11:24 PM, Joao Ferreira Gmail joao.miguel.c.ferre...@gmail.com wrote: On Tue, 2011-08-02 at 23:02 +0800, lina wrote: Hi, when I tried to ssh some_server, it showed me, Permission denied (publickey,gssapi-with-mic,password). 1] I tried ssh from desktop, laptop and other server, the same problem. 2] I generate a new key by ssh-keygen in some_server, it still has this problem. I can ssh by username@full_some_server_address, but can't access in a simple way, try: ssh -vvv user@host ... debug1: Found key in /home/lina/.ssh/known_hosts:3 debug2: bits set: 529/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/lina/.ssh/id_rsa (0x7f9e47a530a0) debug2: key: /home/lina/.ssh/id_dsa (0x7f9e47a58660) debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-with-mic,password debug3: preferred publickey,keyboard-interactive debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/lina/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Offering public key: /home/lina/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,gssapi-with-mic,password) I don't know how to check further, thanks for any more advice, Joao Thanks for any advice, -- Best Regards, lina -- Best Regards, lina -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cag9cjmkvrpe91-b1nofgundvf-aefqhsncsj8zcd4qy6pqa...@mail.gmail.com Hi, Can you delete your public key in the remote server and copy it again using: ssh-copy-id user@machine This way ssh-copy-id will check the permissions on the remote server. Now try logging into the machine, with ssh 'lina@machine, and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. I checked, it added keys in the authorized_keys in the remote machine. I also checked config, actually I could ssh before, no problem, based on present config file and all. just one day suddenly could not work without any knowledge of modification recently. Thanks, lina From the man page ssh-copy-id is a script that uses ssh to log into a remote machine (presumably using a login password, so password authentication should be enabled, unless you've done some clever use of multiple identities) It also changes the permissions of the remote user's home, ~/.ssh, and ~/.ssh/authorized_keys to remove group writability (which would otherwise prevent you from logging in, if the remote sshd has StrictModes set in its con‐ figuration). Good luck -- Mi nueva dirección es: - My new email address is: - Mon nouveau email est: j...@elsotanillo.net Usuario Linux Registrado: #257202 http://www.elsotanillo.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cabsy9s2muz9nqts_8yorkw8z7ckgmurdcxnanckwzjgqc...@mail.gmail.com -- Best Regards, lina -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJmmGJhyCtntvfCKVZo5b6=UJpmrbsA9=x4vmutwvv_g...@mail.gmail.com
Re: how to examine ssh problem
2011/8/2 lina lina.lastn...@gmail.com: Hi, when I tried to ssh some_server, it showed me, Permission denied (publickey,gssapi-with-mic,password). 1] I tried ssh from desktop, laptop and other server, the same problem. 2] I generate a new key by ssh-keygen in some_server, it still has this problem. I can ssh by username@full_some_server_address, but can't access in a simple way, check that .ssh and .ssh/auhorized_keys is with correct permissions. You can also get information from server ssh log about problem. -- Eero -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cabzzrxeu2azdcxnn0qcwimxd2any6xuqd6v821bttj7gssu...@mail.gmail.com
