[SOLVED] Not able to establish SSH connection to linux remote machine

jlfdiaz · 3. April 2022

Hi,

I have two accounts on a remote linux machine:

Account "soropro":

Code

[soropro@sfefac172 ~]$ uname -a
Linux sfefac172.indra.es 3.10.0-1062.el7.x86_64 #1 SMP Thu Jul 18 20:25:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[soropro@sfefac172 ~]$ id
uid=1009(soropro) gid=1009(soropro) groups=1009(soropro) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[soropro@sfefac172 ~]$ ls -rlad . .ssh .ssh/*
-rw-r--r--.  1 soropro soropro  186 Mar 24 10:15 .ssh/known_hosts
-rw-------.  1 soropro soropro 1950 Apr  3 19:24 .ssh/authorized_keys
drwx------.  2 soropro soropro   48 Apr  3 19:24 .ssh
drwx------. 15 soropro soropro 4096 Apr  3 19:24 .

[soropro@sfefac172 .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7is4ScKqGT9CNFerb6yieEye5wWWDfqMMpngVbxSPsR5nhxSrhJadxB4WIGVMQUJOUyDEheAbgCtxFg/BEYNLVgnxrCI93xXF4GuxZzMJDq1tC2wNI8KNK50HBtKmJXOfMRXXo8mkPt7SJtCvKTOpoEuZ0SoXvPVCo8XKvzhhKO8XT5MFiu2wfZU6hL4T27IXHoFbPGX4hcR1eYs4JQyP76bWc+9O6VhADKjWrQMc7AXC9XlLygKrRxj0TkWIWRBgl/+HEv843TkOq3YDHGSxKGq3NXZOZQ6F7TVBrWS+c3v+WpkJ/5/2jAUdfLVLT+E1xssbP5AoUFWVSNnYEf3LL5un/vfjWhfF5CiWxlp/iAsrLnNuP8RCEOS0HerQ7Kz0oakZxP0CGfQ+s8+snk+BMNfY7VVYCIfEqADMpTVmbkV+0+7sC92MLJxggUIuHXTQOmoS7Gde0MPe4LYv3bryguyqdit8lqQPWiTUrINPpcaUYkHR5noeXNPNapw8SQU= jose_@DESKTOP-ELMS9UD

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAryNv3Txi1vgVvwO0gRFpkLgsvLsSjuYejhkNM0Va1zSSZTinFzvsws9A7SbWThDgHvd4YDLPd4m/9OP9nlIAqI5HP8imJ6v5BUrZ6ZU758oNUQl3W3lnQZG63jF3SStUBVQbGDbPLKMZBuQw96VKyeCZjB38XemiwUbdnS6DfQpWB6VyHpnBFpGgxcNVAKVfFHPkxtQv77evcqCJU/Vukf6ipbdo5kiq/X37B4J6L7s7joFYhOliN9o6vvGALp0ATUHMVlHL+gAc3nUU7+WBVOvPBPbgPy0X6PWZJY1RMttn4DWDDzusIkd3aEBh2YTP6ObsYJhKDOxDewDtaC08ow== rsa-key-20210202



ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgRAIj74M5d9XtpfaL6mwkvv4kCnutwpUNLk9esqcUtsYc1GyrMKaMGMuNpCeGEnx54kyVwcjsvMrU+knoPhZgKe4lc0nxfw9lmP7galRJ5UwhEa3OP+Hw5RlhOAZ9qe3ENGtJfDOfwRJyhjuXnRtFN+UrLfF4dyv7AWMLeT4xiz0wFr+mFf+cvWnEedEIvPP1I8iI9B+SROBISZFPaunXH7BdRHKw1m60WMkQ9RuIb26ZWr6LkXIZgr+CQ76doJzOq+ScCns+hUpPFZXGYANZV7/oGgqdgzP+zoGRxw9m4iU8SYN2VjMCVYNpoTr75CcxWm36i9TUm4HWz3Qg/gp2Q== rsa-key-20210727


ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC69INJJbNeI00i6L0kw2+LapjuFC9UjXmAfUJIggnftlF6Vudr33gwo4Wn+6vrf3+dN9TqH0+7L8odvlhShV4+dz8eNV0L7ptxG2pm+0VyFuG0SMV+sCIiHhee7tLg7I9luYfI6UVGpycxK7BuCP7qxaNqRuw48+zTf1qsf1ccoSsgU4iGYHsTH3wLeFAejlm5BY3PQNED8d+0HxkBBEiC9O6Vcxz515z1U8CNQ8BiMerRs3aXjhZquud/oVyINc9l76xiNgHhhAs3YrJ9vaxjgpXUs6Cpa2Vn6ITlclhcom0w7FpHKkgOyBROdxMsxwrRdBY4yneUe77PYCtyciU1eYz3a61/IuwKTYQ9EgimCvyD/V4Yu09pjV7Di/23zCnJnbuuVlq4OzCmU0hLMRijgw9vJQ49YRY6stH9vfNDjkzGcRh7VcW7Q4NEo6VwMaPrVLJAhozZhNXph1/HhbKR6bmOWQw31cfsctVMPp1sFFhWSElMy8QDZigwqCGrdhE= jlfdiaz@JLFDIAZ10A

Alles anzeigen

Account "soropro":

Code

[solqpro@sfefac172 ~]$ uname -a
Linux sfefac172.indra.es 3.10.0-1062.el7.x86_64 #1 SMP Thu Jul 18 20:25:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[solqpro@sfefac172 ~]$ id
uid=1006(solqpro) gid=1006(solqpro) groups=1006(solqpro),505(oinstall) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[solqpro@sfefac172 ~]$ ls -rlad . .ssh .ssh/*
-rw-r--r--.  1 solqpro solqpro  592 Sep  9  2021 .ssh/known_hosts
-rw-------.  1 solqpro solqpro 2922 Mar 21 14:58 .ssh/authorized_keys
drwx------.  2 solqpro solqpro   48 Apr  3 19:25 .ssh
drwx------. 16 solqpro solqpro 4096 Apr  3 19:25 .

[solqpro@sfefac172 .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAqCVwF0Z0WM95KiXI3vIbkTw4wVU4U3Bkcron24tdZzcA2jgQAg/e3haJjZdKgxLTYAsps3c5eMtoeoN8sMLWDN+EUe7QDin7aVIGv7aghuMiIH+bCCUWYc44XapRq1n35k6eESAKoHYza7nGvoLX879MMG6Mg87f7Vw4SKSicSQGL2yuF0c5jGfd1GcR8EdFGqi60/QNnqYMz+g9RyEeNnz6CgNYzyjZ5UNcDF63xZjgHPtKnIpxdIyzr5eLY2ppNAIKVTGMVbBy7vIZwZ6aonZtgybinEDDoxRLvuMNarB/AwQj93JYw2BLcq/AreLxB3Qz6YsAXTaCftZnzUogow== rsa-key-20210804


ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArMVvIBSZvX6uuYBr4lnN853tdzxGweCGRrHhjQM5mq8FNcabxSmCyMm5hqyGKJr3o2+0ssqXkgqBmppEmzNrFD3+k4SsiU3FRoSfalVkwyAMjf0wwopJkCztuNxhG0dtGmThnLAnI8MUoVyzwk7o9s63Eqi2DrL7Y8jY759uGnSToQOd9/EpPpRVL4QOZL1nuKzW+im7CK1JIqAihPbKX6Qs9UWjQl6+7jwYXgAp7oea4KoTk3H+Kf79xW4xIjlYkp/8EZa90LMM5Ge+HW5jFW+J9NCbpXPmWnG3TjZHHuGsLIgmDjS1GZYW1JsSHVkpDeP/RB/+VjdnQ5R0AXfwnw== rsa-key-20210804

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAiUEGvWe/ZPeRoOK+D9kg0/9Q1atAq97gq+7R6k99JEjMy/OdXNM3Ivfp1d7JuG991qFdFk0WNyB0IbCelHnYWiIQdIL1pa+4upig0LPzIW3w2MGZV6lRrCOcmDG3QBkM26TGNHbxGYbXE8iXBUltP+siRK/my3if7Fo6gWX+NI7D9/Sc7mUBC87uiv1Tk9+SMVfC/j5pxlQlbhAZCxCYbREQJ1fA8di2+Idgt9ZaNSnyHOmOBx+bmc+E2EohpcaG/sS+22DEVcktaM958Z5eAbUbmTLMt9fvyoHCsyt3DsIe8/DTVbG2REU/v6PZ0bhrbsj8aGIYD/r19VR0QyaXVw== rsa-key-20210803


ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC69INJJbNeI00i6L0kw2+LapjuFC9UjXmAfUJIggnftlF6Vudr33gwo4Wn+6vrf3+dN9TqH0+7L8odvlhShV4+dz8eNV0L7ptxG2pm+0VyFuG0SMV+sCIiHhee7tLg7I9luYfI6UVGpycxK7BuCP7qxaNqRuw48+zTf1qsf1ccoSsgU4iGYHsTH3wLeFAejlm5BY3PQNED8d+0HxkBBEiC9O6Vcxz515z1U8CNQ8BiMerRs3aXjhZquud/oVyINc9l76xiNgHhhAs3YrJ9vaxjgpXUs6Cpa2Vn6ITlclhcom0w7FpHKkgOyBROdxMsxwrRdBY4yneUe77PYCtyciU1eYz3a61/IuwKTYQ9EgimCvyD/V4Yu09pjV7Di/23zCnJnbuuVlq4OzCmU0hLMRijgw9vJQ49YRY6stH9vfNDjkzGcRh7VcW7Q4NEo6VwMaPrVLJAhozZhNXph1/HhbKR6bmOWQw31cfsctVMPp1sFFhWSElMy8QDZigwqCGrdhE= jlfdiaz@JLFDIAZ10A

Alles anzeigen

From the local machine can connect to the "solqpro" account (ssh_solqpro.txt), but not to then "soropro" account (ssh_soropro.txt), although I use the same public key:

Any help will be appreciated.

Thanks and regards,

Jose Luis.

Zoki · 4. April 2022

Did you check for lone endings, should be LF (linux)

Add more vs ti

ssh -vvv soropro@sfefac172

or check the servers auth.log

jlfdiaz · 23. April 2022

Hi,

Attached is the "vvv" trace file.

The remote SO is Red Hat Linux. This is the "secure" log file trace:

Code

Apr 22 10:53:43 sfefac172 sshd[15112]: reprocess config line 45: Deprecated option RSAAuthentication
Apr 22 10:53:49 sfefac172 sshd[15112]: Accepted password for soropro from 10.91.17.24 port 62070 ssh2
Apr 22 10:53:49 sfefac172 sshd[15112]: pam_unix(sshd:session): session opened for user soropro by (uid=0)
Apr 22 10:54:07 sfefac172 sshd[15157]: Received disconnect from 10.91.17.24 port 62070:11: disconnected by user
Apr 22 10:54:07 sfefac172 sshd[15157]: Disconnected from 10.91.17.24 port 62070
Apr 22 10:54:07 sfefac172 sshd[15112]: pam_unix(sshd:session): session closed for user soropro>

Regards,

Jose Luis

Zoki · 23. April 2022

Your server does not accept this key:

Code

debug1: Offering public key: /home/jlfdiaz/.ssh/id_rsa RSA SHA256:yiq3918jgRSLFBzz6phLLL7txn6JUh0+4/U/ePcahgY

May this be related to this:

Code

Apr 22 10:53:43 sfefac172 sshd[15112]: reprocess config line 45: Deprecated option RSAAuthentication

Try to fix the sshd config of the RHEL server.

jlfdiaz · 25. April 2022

Hi,

Attached is the sshd log with "LogLevel DEBUG3"

I don't understand why it can't open the authorized_keys file with "temporarily_use_uid: 1009/1009":

Code

Apr 25 18:25:11 sfefac172 sshd[19652]: debug1: temporarily_use_uid: 1009/1009 (e=0/0)
Apr 25 18:25:11 sfefac172 sshd[19652]: debug1: trying public key file /fac/desa/soropro/.ssh/authorized_keys
Apr 25 18:25:11 sfefac172 sshd[19652]: debug1: Could not open authorized keys '/fac/desa/soropro/.ssh/authorized_keys': Permission denied

Code

soropro@sfefac172 ~]$ echo $USER
soropro
[soropro@sfefac172 ~]$ id
uid=1009(soropro) gid=1009(soropro) groups=1009(soropro) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Regards,

Jose Luis

Zoki · 26. April 2022

what is the output of

stat /fac/desa/soropro/.ssh/authorized_keys

jlfdiaz · 26. April 2022

Hi,

This is the output:

Code

[solqpro@sfefac172 ~]$ stat /fac/desa/solqpro/.ssh/authorized_keys
File: ‘/fac/desa/solqpro/.ssh/authorized_keys’
Size: 973             Blocks: 8          IO Block: 4096   regular file
Device: fd02h/64770d    Inode: 79707082    Links: 1
Access: (0600/-rw-------)  Uid: ( 1006/ solqpro)   Gid: ( 1006/ solqpro)
Context: unconfined_u:object_r:ssh_home_t:s0
Access: 2022-04-25 10:36:54.489806266 +0200
Modify: 2022-04-25 10:36:52.734809582 +0200
Change: 2022-04-25 10:36:52.734809582 +0200
Birth: -

Code

[soropro@sfefac172 ~]$ stat /fac/desa/soropro/.ssh/authorized_keys
File: ‘/fac/desa/soropro/.ssh/authorized_keys’
Size: 574             Blocks: 8          IO Block: 4096   regular file
Device: fd02h/64770d    Inode: 9139813     Links: 1
Access: (0600/-rw-------)  Uid: ( 1009/ soropro)   Gid: ( 1009/ soropro)
Context: unconfined_u:object_r:default_t:s0
Access: 2022-04-25 22:48:17.033248445 +0200
Modify: 2022-04-25 09:41:24.629786945 +0200
Change: 2022-04-25 18:45:38.384075938 +0200
Birth: -


Regards,
Jose Luis

Alles anzeigen

Zoki · 26. April 2022

Check file permissions of the directories /fac/desa/solqpro/.ssh/ and above.

Code

stat /fac/desa/solqpro/.ssh
stat /fac/desa/solqpro

jlfdiaz · 26. April 2022

Code

[solqpro@sfefac172 ~]$ stat /fac/desa/solqpro/.ssh
  File: ‘/fac/desa/solqpro/.ssh’
  Size: 48              Blocks: 0          IO Block: 4096   directory
Device: fd02h/64770d    Inode: 67160139    Links: 2
Access: (0700/drwx------)  Uid: ( 1006/ solqpro)   Gid: ( 1006/ solqpro)
Context: unconfined_u:object_r:ssh_home_t:s0
Access: 2022-04-25 18:44:51.521079377 +0200
Modify: 2022-04-25 10:36:55.718804894 +0200
Change: 2022-04-25 10:36:55.718804894 +0200
 Birth: -
[solqpro@sfefac172 ~]$ stat /fac/desa/solqpro
  File: ‘/fac/desa/solqpro’
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: fd02h/64770d    Inode: 33554509    Links: 16
Access: (0700/drwx------)  Uid: ( 1006/ solqpro)   Gid: ( 1006/ solqpro)
Context: unconfined_u:object_r:user_home_dir_t:s0
Access: 2022-04-25 18:44:48.824079575 +0200
Modify: 2022-04-25 10:36:55.617805005 +0200
Change: 2022-04-25 10:36:55.617805005 +0200
 Birth: -
[solqpro@sfefac172 ~]$ stat /fac/desa/solqpro/.ssh/authorized_keys
  File: ‘/fac/desa/solqpro/.ssh/authorized_keys’
  Size: 973             Blocks: 8          IO Block: 4096   regular file
Device: fd02h/64770d    Inode: 79707082    Links: 1
Access: (0600/-rw-------)  Uid: ( 1006/ solqpro)   Gid: ( 1006/ solqpro)
Context: unconfined_u:object_r:ssh_home_t:s0
Access: 2022-04-26 11:01:31.031894896 +0200
Modify: 2022-04-25 10:36:52.734809582 +0200
Change: 2022-04-25 10:36:52.734809582 +0200
 Birth: -

Alles anzeigen

Code

[soropro@sfefac172 ~]$ stat /fac/desa/soropro/.ssh
  File: ‘/fac/desa/soropro/.ssh’
  Size: 48              Blocks: 0          IO Block: 4096   directory
Device: fd02h/64770d    Inode: 403453      Links: 2
Access: (0700/drwx------)  Uid: ( 1009/ soropro)   Gid: ( 1009/ soropro)
Context: system_u:object_r:default_t:s0
Access: 2022-04-25 09:58:05.807513462 +0200
Modify: 2022-04-25 09:39:50.446912114 +0200
Change: 2022-04-25 09:58:01.579518767 +0200
 Birth: -
[soropro@sfefac172 ~]$ stat /fac/desa/soropro
  File: ‘/fac/desa/soropro’
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: fd02h/64770d    Inode: 101599008   Links: 14
Access: (0700/drwx------)  Uid: ( 1009/ soropro)   Gid: ( 1009/ soropro)
Context: system_u:object_r:default_t:s0
Access: 2022-04-26 09:58:01.485634862 +0200
Modify: 2022-04-26 11:20:49.418524106 +0200
Change: 2022-04-26 11:20:49.418524106 +0200
 Birth: -
[soropro@sfefac172 ~]$ stat /fac/desa/soropro/.ssh/authorized_keys
  File: ‘/fac/desa/soropro/.ssh/authorized_keys’
  Size: 574             Blocks: 8          IO Block: 4096   regular file
Device: fd02h/64770d    Inode: 9139813     Links: 1
Access: (0600/-rw-------)  Uid: ( 1009/ soropro)   Gid: ( 1009/ soropro)
Context: unconfined_u:object_r:default_t:s0
Access: 2022-04-25 22:48:17.033248445 +0200
Modify: 2022-04-25 09:41:24.629786945 +0200
Change: 2022-04-25 18:45:38.384075938 +0200
 Birth: -

Alles anzeigen

Zoki · 26. April 2022

You have SELinux enabled on RHEL and the settings for soropro do not match.

For SELinux read: https://access.redhat.com/docu…tors_guide/part_i-selinux

try to fix:

Code

sudo chcon -R unconfined_u:object_r:ssh_home_t:s0 /fac/desa/soropro/.ssh
sudo chcon unconfined_u:object_r:user_home_t:s0 /fac/desa/soropro

Check paths and spelling in the command and next time ask your sysadmin for help with SELinux.

[SOLVED] Not able to establish SSH connection to linux remote machine

jlfdiaz 26. April 2022

jlfdiaz 26. April 2022

Jetzt mitmachen!

Tags