ssh: Permission denied (publickey, password)

  • Hi,


    I've been trying to ssh into my OMV all afternoon and it keeps giving me Permission denied (publickey, password). I have done this many times and believe I have selected the proper settings in the OMV Web Admin (specifically, "Enable keyboard-interactive authentication" : Checked!) I've also gone into /etc/ssh/ and looked at my sshd_config file and everything looks fine. But when I ssh into my box, it doesn't ask me for my password, just pauses and ... Permission denied (publickey, password)! I have various RSA keys that I use and would like to get them set up in my /user/.ssh/ directory but I cannot access anything. I've tried creating an entirely new user and pass in the WebAdmin and accessing it via the new user but I get the exact result. I'm fairly handy in the terminal and I've set up RSA keys for all the servers I access without issue. This has been an intermittent issue with my OMV since installing a few months ago. This is driving me nucking futs. Any help?

  • Fixed it --- kinda.


    Here's how I was able to finally access via SSH. Went into the dashboard and temporarily shared my "Users" directory in both Linux and CIFS. I'm running the latest version of Ubuntu on my personal computer but I needed to access the "CIFS" network to gain access to my "Users" folder. From there I navigated to my user name. Making sure the "show hidden files" option was selected, I was able to navigate to my .ssh directory. I'd already generated an RSA pair on my Ubuntu box, so, on my OMV server, I was able to create an "authorized_keys" file and paste the .pub RSA that I'd created on my Ubuntu machine into it. Once I'd accomplished this, I was able to access my OMV via rss. I quickly "unshared" my "Users" directory in the OMV WebUI and I'm off and running again.


    I would consider this a workaround, not a Fix. I'm still not able to ssh into my OMV server using the settings presented to me in the WebUI SSH setup. Is there something I can do to enable this in the future?

    • Offizieller Beitrag

    Even as root? If just the user, did you add the user to the ssh group?

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Certainly! Here you go:


    Thanks!

  • This line:
    PermitRootLogin no



    Should be:
    PermitRootLogin yes


    You can enable this via the web-gui with the SSH plugin in the Services section, you can also edit the file manually but I recommend doing it in the web-gui.

  • tekkbebe and ryecoaaron, thanks for your responses. I've solved many a problem using your replys to posts on this forum. Re: my sshd_config, that would explain the inability to log into root; however, I must confess that I've "clicked" and "unclicked" the allow root checkbox a number of times trying to get it to work so perhaps what I uploaded is the result of one of the times I "unclicked" it. However, even if I don't allow root config, shouldn't I at least be able to log in as my user? I'll make the edit tekkbebe suggests (PermitRootLogin yes) and report back, but I'm still suspicious that there's something else awry. Stay tuned ... (please).

  • Hi Folks,
    Ok, "PermitRootLogin yes", as shown below:


    ... and I still get: Permission denied (publickey, password) trying to log in with root.


    a bit more background: I typically set up a static hostname at http://www.no-ip.com, which gives me a "real" url to access my OMV that looks something like "myhost.no-ip.org". Of course, my OMV has its own ip address, 192.168.1.XX, and the internal domain of OPENMEDIAVAULT. I can access the web admin in my browser using either "myhost.no-ip.org" or "192.168.1.xx" (if I'm within my own LAN). In past installations of my OMV, within my own LAN I could also SSH into it with all three addresses, i.e., "user@myhost.no-ip.org", "user@192.168.1.xx", or "user@OPENMEDIAVAULT". Of course, if I'm on the road, I use "user@myhost.no-ip.org".


    Currently, however, I can only use my no-ip url or my LAN IP -- even with the "fix" I described in my second post -- to gain access, if I use "user@OPENMEDIAVAULT" , I get the following response:

    Code
    user@Notebook-PC:~$ ssh user@OPENMEDIAVAULT
    ssh: Could not resolve hostname openmediavault: Name or service not known
    user@Notebook-PC:~$


    ... and finally, even with my "fix" described in my second post, whenever I SSH into my server with "user@myhost.no-ip.org" I get an odd "key_from_blob: can't read key type" error -- twice -- before it finally lets me in, like so:


    So, to recap:


    1) OMV never asks me for password when I try to SSH into it but gives me the "Permission denied (publickey, password);"
    2) This occurs with either a user or root login and even if sshd_config includes "PermitRootLogin yes"
    3) I can fix this for a user as described in my earlier post; I have not attempted this method for root;
    4) SSH "cannot resolve hostname openmediavault: name or service unknown"
    5) ssh user@myhostname.no-ip.org returns the "key_from_blob" error twice before finally allowing me access to my home directory.


    Apologies if these additional issues are beyond the scope of my original post but they all seem related to me in that I've experienced all of them trying to gain access to my OMV via SSH.
    Thanks for the help.

  • Okay ... some suggestions.


    simply try ssh <host> without the @ please. The system cannot resolve the domain names you use.


    Code
    user@Notebook-PC:~$ ssh user@OPENMEDIAVAULT
    ssh: Could not resolve hostname openmediavault: Name or service not known
    user@Notebook-PC:~$


    Okay that is easy :) Notebook-PC has no information from its local name resolver who OPENMEDIAVAULT is. So it cannot even connect to it. This is a client side issue, not a server side issue.


    The syntax you use is somehow odd.
    Try:

    Code
    user@Notebook-PC:~$ ssh myhost.no-ip.org


    So please do not use the user@ syntax. Report back if you can login with root and corresponding password. Should work that way.


    Next try:

    Code
    user@Notebook-PC:~$ ssh -u root myhost.no-ip.org

    That should direktly ask you for password and you need to enter the root password.


    The last thing is the key you try. You have said you mounted it with CIFS (I assume windows) and destroyed the key. I bet, you have now a key file with multiple line breaks in your file. Your log is telling you, that the key is corrupted ...
    key_read: key_from_blob MIIEowIBAAKCAQEAwV8KaqPlDie3Vg19brg6ZX7qa5sI/Cc9zdD56QdL/N3Ab4Mn
    failed
    The length is massive ... bad string length 813827235 - that is 813,827,235 Bytes or 813 MBytes.... I believe that protects ssh from buffer overflows :)


    Please check again your authorized_keys.


    The key need to be all in a single line


    start with: ssh-rsa
    end with: == rsa-key-20140730 (or similar)


    Also if it still does not work, try this to debug the server and the client side.
    http://sfxpt.wordpress.com/201…d-server-configuration-2/


    Hope that helps.

    Everything is possible, sometimes it requires Google to find out how.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!