ssh: Permission denied (publickey, password)

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • ssh: Permission denied (publickey, password)

      Hi,

      I've been trying to ssh into my OMV all afternoon and it keeps giving me Permission denied (publickey, password). I have done this many times and believe I have selected the proper settings in the OMV Web Admin (specifically, "Enable keyboard-interactive authentication" : Checked!) I've also gone into /etc/ssh/ and looked at my sshd_config file and everything looks fine. But when I ssh into my box, it doesn't ask me for my password, just pauses and ... Permission denied (publickey, password)! I have various RSA keys that I use and would like to get them set up in my /user/.ssh/ directory but I cannot access anything. I've tried creating an entirely new user and pass in the WebAdmin and accessing it via the new user but I get the exact result. I'm fairly handy in the terminal and I've set up RSA keys for all the servers I access without issue. This has been an intermittent issue with my OMV since installing a few months ago. This is driving me nucking futs. Any help?
    • Re: ssh: Permission denied (publickey, password)

      Fixed it --- kinda.

      Here's how I was able to finally access via SSH. Went into the dashboard and temporarily shared my "Users" directory in both Linux and CIFS. I'm running the latest version of Ubuntu on my personal computer but I needed to access the "CIFS" network to gain access to my "Users" folder. From there I navigated to my user name. Making sure the "show hidden files" option was selected, I was able to navigate to my .ssh directory. I'd already generated an RSA pair on my Ubuntu box, so, on my OMV server, I was able to create an "authorized_keys" file and paste the .pub RSA that I'd created on my Ubuntu machine into it. Once I'd accomplished this, I was able to access my OMV via rss. I quickly "unshared" my "Users" directory in the OMV WebUI and I'm off and running again.

      I would consider this a workaround, not a Fix. I'm still not able to ssh into my OMV server using the settings presented to me in the WebUI SSH setup. Is there something I can do to enable this in the future?
    • Re: ssh: Permission denied (publickey, password)

      Even as root? If just the user, did you add the user to the ssh group?
      omv 4.0.11 arrakis | 64 bit | 4.13 backports kernel | omvextrasorg 4.1.0
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please don't PM for support... Too many PMs!
    • Re: ssh: Permission denied (publickey, password)

      Certainly! Here you go:

      Source Code

      1. Protocol 2
      2. HostKey /etc/ssh/ssh_host_rsa_key
      3. HostKey /etc/ssh/ssh_host_dsa_key
      4. UsePrivilegeSeparation yes
      5. KeyRegenerationInterval 3600
      6. ServerKeyBits 768
      7. SyslogFacility AUTH
      8. LogLevel INFO
      9. LoginGraceTime 120
      10. StrictModes yes
      11. RSAAuthentication yes
      12. PubkeyAuthentication yes
      13. IgnoreRhosts yes
      14. RhostsRSAAuthentication no
      15. HostbasedAuthentication no
      16. PermitEmptyPasswords no
      17. ChallengeResponseAuthentication no
      18. X11Forwarding yes
      19. X11DisplayOffset 10
      20. PrintMotd no
      21. PrintLastLog yes
      22. TCPKeepAlive yes
      23. AcceptEnv LANG LC_*
      24. Subsystem sftp /usr/lib/openssh/sftp-server
      25. UsePAM yes
      26. AllowGroups root ssh
      27. AddressFamily any
      28. Port 22
      29. PermitRootLogin no
      30. AllowTcpForwarding no
      31. Compression no
      32. PasswordAuthentication yes
      33. PubkeyAuthentication yes
      34. AuthorizedKeysFile .ssh/authorized_keys
      35. AllowGroups root ssh users
      Display All


      Thanks!
    • Re: ssh: Permission denied (publickey, password)

      tekkbebe and ryecoaaron, thanks for your responses. I've solved many a problem using your replys to posts on this forum. Re: my sshd_config, that would explain the inability to log into root; however, I must confess that I've "clicked" and "unclicked" the allow root checkbox a number of times trying to get it to work so perhaps what I uploaded is the result of one of the times I "unclicked" it. However, even if I don't allow root config, shouldn't I at least be able to log in as my user? I'll make the edit tekkbebe suggests (PermitRootLogin yes) and report back, but I'm still suspicious that there's something else awry. Stay tuned ... (please).
    • Re: ssh: Permission denied (publickey, password)

      "Herm71" wrote:

      ... However, even if I don't allow root config, shouldn't I at least be able to log in as my user?


      Yes, that is possible. Lets see if root login works for you.
      OMV stoneburner | HP Microserver | 256GB Samsung 830 SSD for system | 4x 2TB in a RAID5
      OMV erasmus| Odroid XU4 | 5TB Data drive | 500GB Backup drive
    • Re: ssh: Permission denied (publickey, password)

      Hi Folks,
      Ok, "PermitRootLogin yes", as shown below:

      Source Code

      1. Protocol 2
      2. HostKey /etc/ssh/ssh_host_rsa_key
      3. HostKey /etc/ssh/ssh_host_dsa_key
      4. UsePrivilegeSeparation yes
      5. KeyRegenerationInterval 3600
      6. ServerKeyBits 768
      7. SyslogFacility AUTH
      8. LogLevel INFO
      9. LoginGraceTime 120
      10. StrictModes yes
      11. RSAAuthentication yes
      12. PubkeyAuthentication yes
      13. IgnoreRhosts yes
      14. RhostsRSAAuthentication no
      15. HostbasedAuthentication no
      16. PermitEmptyPasswords no
      17. ChallengeResponseAuthentication no
      18. X11Forwarding yes
      19. X11DisplayOffset 10
      20. PrintMotd no
      21. PrintLastLog yes
      22. TCPKeepAlive yes
      23. AcceptEnv LANG LC_*
      24. Subsystem sftp /usr/lib/openssh/sftp-server
      25. UsePAM yes
      26. AllowGroups root ssh
      27. AddressFamily any
      28. Port 22
      29. PermitRootLogin yes
      30. AllowTcpForwarding no
      31. Compression no
      32. PasswordAuthentication yes
      33. AllowGroups root ssh users
      Display All


      ... and I still get: Permission denied (publickey, password) trying to log in with root.

      a bit more background: I typically set up a static hostname at no-ip.com, which gives me a "real" url to access my OMV that looks something like "myhost.no-ip.org". Of course, my OMV has its own ip address, 192.168.1.XX, and the internal domain of OPENMEDIAVAULT. I can access the web admin in my browser using either "myhost.no-ip.org" or "192.168.1.xx" (if I'm within my own LAN). In past installations of my OMV, within my own LAN I could also SSH into it with all three addresses, i.e., "user@myhost.no-ip.org", "user@192.168.1.xx", or "user@OPENMEDIAVAULT". Of course, if I'm on the road, I use "user@myhost.no-ip.org".

      Currently, however, I can only use my no-ip url or my LAN IP -- even with the "fix" I described in my second post -- to gain access, if I use "user@OPENMEDIAVAULT" , I get the following response:

      Source Code

      1. user@Notebook-PC:~$ ssh user@OPENMEDIAVAULT
      2. ssh: Could not resolve hostname openmediavault: Name or service not known
      3. user@Notebook-PC:~$


      ... and finally, even with my "fix" described in my second post, whenever I SSH into my server with "user@myhost.no-ip.org" I get an odd "key_from_blob: can't read key type" error -- twice -- before it finally lets me in, like so:

      Source Code

      1. user@Notebook-PC:~$ ssh user@myhost.no-ip.org
      2. buffer_get_string_ret: bad string length 813827235
      3. key_from_blob: can't read key type
      4. key_read: key_from_blob MIIEowIBAAKCAQEAwV8KaqPlDie3Vg19brg6ZX7qa5sI/Cc9zdD56QdL/N3Ab4Mn
      5. failed
      6. buffer_get_string_ret: bad string length 813827235
      7. key_from_blob: can't read key type
      8. key_read: key_from_blob MIIEowIBAAKCAQEAwV8KaqPlDie3Vg19brg6ZX7qa5sI/Cc9zdD56QdL/N3Ab4Mn
      9. failed
      10. Linux openmediavault 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64
      11. The programs included with the Debian GNU/Linux system are free software;
      12. the exact distribution terms for each program are described in the
      13. individual files in /usr/share/doc/*/copyright.
      14. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
      15. permitted by applicable law.
      16. Last login: Mon May 26 09:41:32 2014 from notebook-pc.local
      17. user@openmediavault:~$
      Display All


      So, to recap:

      1) OMV never asks me for password when I try to SSH into it but gives me the "Permission denied (publickey, password);"
      2) This occurs with either a user or root login and even if sshd_config includes "PermitRootLogin yes"
      3) I can fix this for a user as described in my earlier post; I have not attempted this method for root;
      4) SSH "cannot resolve hostname openmediavault: name or service unknown"
      5) ssh user@myhostname.no-ip.org returns the "key_from_blob" error twice before finally allowing me access to my home directory.

      Apologies if these additional issues are beyond the scope of my original post but they all seem related to me in that I've experienced all of them trying to gain access to my OMV via SSH.
      Thanks for the help.
    • Re: ssh: Permission denied (publickey, password)

      Okay ... some suggestions.

      simply try ssh <host> without the @ please. The system cannot resolve the domain names you use.

      Source Code

      1. user@Notebook-PC:~$ ssh user@OPENMEDIAVAULT
      2. ssh: Could not resolve hostname openmediavault: Name or service not known
      3. user@Notebook-PC:~$

      Okay that is easy :) Notebook-PC has no information from its local name resolver who OPENMEDIAVAULT is. So it cannot even connect to it. This is a client side issue, not a server side issue.

      The syntax you use is somehow odd.
      Try:

      Source Code

      1. user@Notebook-PC:~$ ssh myhost.no-ip.org

      So please do not use the user@ syntax. Report back if you can login with root and corresponding password. Should work that way.

      Next try:

      Source Code

      1. user@Notebook-PC:~$ ssh -u root myhost.no-ip.org
      That should direktly ask you for password and you need to enter the root password.

      The last thing is the key you try. You have said you mounted it with CIFS (I assume windows) and destroyed the key. I bet, you have now a key file with multiple line breaks in your file. Your log is telling you, that the key is corrupted ...
      key_read: key_from_blob MIIEowIBAAKCAQEAwV8KaqPlDie3Vg19brg6ZX7qa5sI/Cc9zdD56QdL/N3Ab4Mn
      failed
      The length is massive ... bad string length 813827235 - that is 813,827,235 Bytes or 813 MBytes.... I believe that protects ssh from buffer overflows :)

      Please check again your authorized_keys.

      The key need to be all in a single line

      start with: ssh-rsa
      end with: == rsa-key-20140730 (or similar)

      Also if it still does not work, try this to debug the server and the client side.
      sfxpt.wordpress.com/2011/03/05…d-server-configuration-2/

      Hope that helps.
      Everything is possible, sometimes it requires Google to find out how.
    • Users Online 1

      1 Guest