Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Deerenaros2014-07-22 08:10:41
SSH
Deerenaros, 2014-07-22 08:10:41

SSH, public key authorization: CHADNT?

logs

Connect attempt
OpenSSH_6.6.1, OpenSSL 1.0.1g 7 Apr 2014
debug1: Reading configuration data /home/yuriy/.ssh/config
debug1: /home/yuriy/.ssh/config line 1: Applying options for home
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/yuriy/.ssh/config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.org [xxx.xxx.xxx.xxx] port xxx.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/yuriy/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/yuriy/.ssh/id_rsa type 1
debug1: identity file /home/yuriy/.ssh/id_rsa-cert type -1
debug1: identity file /home/yuriy/.ssh/id_dsa type -1
debug1: identity file /home/yuriy/.ssh/id_dsa-cert type -1
debug1: identity file /home/yuriy/.ssh/id_ecdsa type -1
debug1: identity file /home/yuriy/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/yuriy/.ssh/id_ed25519 type -1
debug1: identity file /home/yuriy/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: using hostkeyalias: home
debug3: load_hostkeys: loading entries for host "home" from file "/home/yuriy/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/yuriy/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hm[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: setup [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA aa:b0:c1:e9:1b:b3:81:82:eb:82:8a:3f:d0:42:51:88
debug1: using hostkeyalias: home
debug3: load_hostkeys: loading entries for host "home" from file "/home/yuriy/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/yuriy/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "176.222.203.100" from file "/home/yuriy/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/yuriy/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'home' is known and matches the ECDSA host key.
debug1: Found key in /home/yuriy/.ssh/known_hosts:5
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/yuriy/.ssh/id_rsa (0x60006d420),
debug2: key: /home/yuriy/.ssh/id_dsa (0x0),
debug2: key: /home/yuriy/.ssh/id_ecdsa (0x0),
debug2: key: /home/yuriy/.ssh/id_ed25519 (0x0),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/yuriy/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/yuriy/.ssh/id_dsa
debug3: no such identity: /home/yuriy/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/yuriy/.ssh/id_ecdsa
debug3: no such identity: /home/yuriy/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/yuriy/.ssh/id_ed25519
debug3: no such identity: /home/yuriy/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

Local config not found (cygwin), local user config:
Host home
  Hostname		xxx.org
  HostKeyAlias	home
  User			user


Actually, everything that may be required under the spoiler. You need something else: write, I will provide. Inspired by this , " A note from one of our readers " was also read and taken into account (i.e. tried in a different sequence and as much as possible - you never know what a tricky bug), but it did not help.
PS Toster once again disappointed: no more than 10k symbols. Lolshto: what about multivolume logs? And then the spoiler does not work (false alarm - the spoiler works, but the preview stubbornly ignored it). In general, do not hit hard, I tried.
UPD. I posted some logs / settings / something else in the comments to the question. I am more and more convinced that stackoverflow is thought out much better than this.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
S
Sergey Petrikov, 2014-07-22
@Deerenaros

Judging by:
You need to do for the user yuriy:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
restorecon -R -v ~/.ssh

If it doesn't help, attach the server log, not the client log.

Report
I
Igor, 2014-07-22
@merryjane

1. What is the operating system?
2. ls -l /home
3. ls -la /home/yuriy
4. ls -Z /home/yuriy
5. ls -l /home/yuriy/.ssh
6. Is the whole key written in authorized_keys exactly , if it's not difficult, show this file too:
cat /home/yuriy/.ssh/authorized_keys

Report
D
Deerenaros, 2014-07-24
@Deerenaros

You won't like ls /home and /home/yuriy (a couple of tens of kilobytes, heh).
However, there are a couple of ls'ov - everything you need with rights and in general, a lot of things in the comments to the question: TM is such a TM that does not allow to turn around and limits it to 30 or 10 kilocharacters (I don’t remember already), I had to reduce it.

Report
I
iXCray, 2014-10-15
@iXCray

id_rsa is usually the private key, while id_rsa.pub is the public key.
check for the presence of both files, and adjust the default config accordingly.
Judging by the debug, you are feeding the private key under the guise of a public key (judging by the file name).
And also check that on the server where the connection is made, the contents of the user's public key are in the file /home/{username}/.ssh/authorized_keys

Similar questions
U
Unicom2016-02-24 07:28:01
How to make sudo authorization with ssh key? 4Reply
D
Dim2018-07-13 20:17:28
Why doesn't authorization work in ssh via Keenetic DNS? 1Reply
V
Vitus98562020-07-11 22:59:10
Key authentication in SSH from AD. What are the options (I want not to distribute the keys, but online)? 2Reply
M
MaksSmag2020-07-13 19:01:32
If all port 22 is open, is it safe to run the server on the internet? 7Reply
A
AlexVoronin2016-03-05 14:13:52
List of files/directories with permissions in absolute notation? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question