I just set up a new Debian server. I disabled root SSH and password auth, so you've gotta use a key file.
For my primary user, everything works exactly as expected. I used ssh-keygen -t dsa and got myself a public and private key. Put one in authorized keys, put the other in a pem file locally.
I wanted to create a user that I can deploy things with, so I did basically the same process. I addusered it, made a .ssh folder, ran ssh-keygen -t dsa (I also tried RSA), put the keys in their appropriate locations.
No luck. I'm getting a Permission denied (publickey) error. When I use the exact same keys as the account that works, same error. When I enable password authentication, I can log in via SSH with the password.
How do I debug this?
EDIT
Verbose ssh output (deployer.pem is proper key):
debug2: key: /Users/eli/.ec2/deployer.pem (0x100126830)
debug2: key: /Users/eli/.ec2/deployer.pem (0x100126b30)
debug2: key: /Users/eli/.ec2/deployer.pem (0x0)
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/eli/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: eli.pem
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: /Users/eli/.ec2/deployer.pem
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: /Users/eli/.ec2/deployer.pem
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/eli/.ec2/deployer.pem
debug1: read PEM private key done: type DSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
Answer
Two parts: first, turn up debugging on your ssh sever. Edit /etc/ssh/sshd_config and increase LogLevel to DEBUG. Then force your ssh server to reload it's config with killall -HUP .
That will cause the server to add much more details to your /var/log/secure and/or /var/log/auth logfiles.
Secondly (actually you cant try this first), increase the debug level on the client side. ssh in to the box with
$ ssh -vvv hostname
and that will print out lots more info about where the process is failing.
If you do turn up the debug level on your ssh server, don't forget to turn it back down when you are finished.
No comments:
Post a Comment