Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: permission denied (publickey)

from [Eni] Network Security [Permanent Link]
Subject: Re: permission denied (publickey)
Date: Sat, 27 May 2006 22:21:40 +0200 
Hi,

thanks for answering me :)

My /etc/ssh/sshd_config looks currently like this:
---
Port 5583
Protocol 2
AllowUsers admin user
AddressFamily inet
PasswordAuthentication no
ChallengeResponseAuthentication no
Subsystem sftp /usr/lib/misc/sftp-server
AllowGroups wheel users
LoginGraceTime 20
PermitEmptyPasswords no
PermitRootLogin no
X11Forwarding no
PrintLastLog yes
HostbasedAuthentication no
--

After your email I've set "PubkeyAuthentication yes" to, but it don't change the problem or the error messages :(

uhm, that sshd_config is a backup from my old server-system and there ssh had work very well.

Greets,
Eni

Dony Pierre wrote: 
Can you verify if you have set PubkeyAuthentication yes in your 
/etc/ssh/sshd-config on your ssh server.

Regards.
Pierre.


-----Original Message-----
From: Eni [mailto:eni@gothic-family.net] Sent: samedi 27 mai 2006 0:49
To: secureshell@securityfocus.com
Subject: permission denied (publickey)

Hi,

please, excuse my terrible english, but can anyone help?
I re-installed my server with Gentoo Linux and after that i get this:

---
$ ssh user@server
permission denied (publickey).
---

/var/log/auth.log says:
---
sshd[8159]: User 'username' from 'domain' not allowed because not listed in 
AllowUsers
---

But the user is listed in /etc/ssh/sshd_config at "AllowUsers" for sure!


---debug---

$ ssh -vv -2 -l user@remotebox -p 5583
OpenSSH_4.3p2, OpenSSL 0.9.7i 14 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 'IP' ['IP'] port 5583.
debug1: Connection established.
debug1: identity file /home/'localuser'/.ssh/id_rsa type -1
debug1: identity file /home/'localuser'/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 144/256
debug2: bits set: 482/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'IP' is known and matches the RSA host key.
debug1: Found key in /home/localuser/.ssh/known_hosts:3
debug2: bits set: 502/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/localuser/.ssh/id_rsa ((nil))
debug2: key: /home/localuser/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/localuser/.ssh/id_rsa
debug1: Trying private key: /home/localuser/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

---debug end---

I generated the Keys with:
---
"ssh-keygen -b 2048 -t rsa -f ${HOME}/.ssh/user_server"
---

Then copied it to the remote server to
/home/user/.ssh/authorized_keys
and set chmod 600 to authorized_keys.

I can't find the problem, please help.

Thanks in advance,
Eni (Denise Paschen)

--
<<< Gentoo Linux | Fluxbox >>>
  _   _
( )_( ) Sorry, I'm Late.
  (° °)  But I Got Lost On The Road Of Life.
   >°<   http://www.gothic-family.net/eni



-----------------------------------------
Visit our website! http://www.nbb.be

"DISCLAIMER: The content of this e-mail message should not be
construed as binding on the part of the National Bank of Belgium
(NBB) unless otherwise and previously stated. The opinions
expressed in this message are solely those of the author and do not
necessarily reflect NBB viewpoints, particularly when the content
of this message, or part thereof, is private by nature or does not
fall within the professional scope of its author."




--
<<< Gentoo Linux | Fluxbox >>>
 _   _
( )_( ) Sorry, I'm Late.
 (° °)  But I Got Lost On The Road Of Life.
  >°<   http://www.gothic-family.net/eni


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: permission denied (publickey), Pravin Jayakumar
Next by Date:  Empty Windows, Simon Goodwin
Previous by Thread:  RE: permission denied (publickey), Dony Pierre
Next by Thread:  Re: permission denied (publickey), Pravin Jayakumar
Indexes:  [Date] [Thread] [Top] [All Lists]