| View previous topic :: View next topic |
| Author |
Message |
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
 Posted: Sat Mar 22, 2025 10:04 pm Post subject: Need help getting started with SSH |
 |
|
I'm trying to set up an SSH server on my PC, so that I can access it securely from school computers for remote development.
Unfortunately, when trying to connect locally, this happens: | bash: | leyvi ~ (0) $ ssh -v leyvi@localhost
OpenSSH_9.9p2, OpenSSL 3.4.1 11 Feb 2025
debug1: Reading configuration data /home/leyvi/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/9999999gentoo-security.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/9999999gentoo.conf
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /home/leyvi/.ssh/id_rsa type -1
debug1: identity file /home/leyvi/.ssh/id_rsa-cert type -1
debug1: identity file /home/leyvi/.ssh/id_ecdsa type -1
debug1: identity file /home/leyvi/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/leyvi/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/leyvi/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/leyvi/.ssh/id_ed25519 type 3
debug1: identity file /home/leyvi/.ssh/id_ed25519-cert type -1
debug1: identity file /home/leyvi/.ssh/id_ed25519_sk type -1
debug1: identity file /home/leyvi/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/leyvi/.ssh/id_xmss type -1
debug1: identity file /home/leyvi/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9
debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'leyvi'
debug1: load_hostkeys: fopen /home/leyvi/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-512-etm@openssh.com compression: zlib@openssh.com
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-512-etm@openssh.com compression: zlib@openssh.com
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:dpWBsEjI1ySS6u2Gy/BmmCfJtuPEk4cFuY6XY8o9wmU
debug1: load_hostkeys: fopen /home/leyvi/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'localhost' is known and matches the ED25519 host key.
debug1: Found key in /home/leyvi/.ssh/known_hosts:5
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug1: kex_ext_info_check_ver: ping@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: leyvirose@gmail.com ED25519 SHA256:LHrbuDTrfO0wubxjJQM5XR1ZjRIQvPWH8H9NrE1gZ5k agent
debug1: Will attempt key: leyvi@fast-penguin ED25519 SHA256:ieNA2IMF8Umw38sNZPaKS25vYtxFOuse+6OhUUH4eeU agent
debug1: Will attempt key: /home/leyvi/.ssh/id_rsa
debug1: Will attempt key: /home/leyvi/.ssh/id_ecdsa
debug1: Will attempt key: /home/leyvi/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/leyvi/.ssh/id_ed25519 ED25519 SHA256:/p8S8ekD0MwnLy5lymrIGxfuKYP+/MsfrlEeT89Imy0
debug1: Will attempt key: /home/leyvi/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/leyvi/.ssh/id_xmss
debug1: Offering public key: leyvirose@gmail.com ED25519 SHA256:LHrbuDTrfO0wubxjJQM5XR1ZjRIQvPWH8H9NrE1gZ5k agent
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: leyvi@fast-penguin ED25519 SHA256:ieNA2IMF8Umw38sNZPaKS25vYtxFOuse+6OhUUH4eeU agent
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/leyvi/.ssh/id_rsa
debug1: Trying private key: /home/leyvi/.ssh/id_ecdsa
debug1: Trying private key: /home/leyvi/.ssh/id_ecdsa_sk
debug1: Offering public key: /home/leyvi/.ssh/id_ed25519 ED25519 SHA256:/p8S8ekD0MwnLy5lymrIGxfuKYP+/MsfrlEeT89Imy0
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/leyvi/.ssh/id_ed25519_sk
debug1: Trying private key: /home/leyvi/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
leyvi@localhost: Permission denied (publickey,keyboard-interactive). |
I'm not sure why; maybe it's just late at night. Does anyone know why it's not working? Are there any configuration files I should send? I imagine that I missed a configuration step, though I looked and I can't find it... |
|
| Back to top |
|
 |
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 2120
|
| Posted: Sat Mar 22, 2025 10:12 pm Post subject: |
|
|
| Does the key using to connect exist in /home/leyvi/.ssh/authorized_keys? This is what the server uses to say "yup, this can continue" |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sat Mar 22, 2025 10:16 pm Post subject: |
|
|
I don't know if this answers your question, but here you go:
I recently made a new ed25519 key-pair, named "my_machine". I ran the following command: | bash: | | cp ~/.ssh/my_machine.pub ~/.ssh/authorized_keys |
I do not need to authorize any other keys. Is this what I was supposed to do? |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3610
|
| Posted: Sat Mar 22, 2025 10:31 pm Post subject: |
|
|
So.... The problem is that your client doesn't offer the key you want to use, do I get it right?
Check permissions on the keyfile. Private key must only be readable by you and nobody else.
Well, it is also possible that you have too many keys. You can try a bunch before ssh gives up, but you do already have a bunch of keys at hand, so maybe you've just hit the cap and your intended key wasn't checked because it was at the end of the queue. You can try that by explicitly telling ssh to use a particular key. Try running ssh with -i <path/to/privkey>
_________________
Make Computing Fun Again
Last edited by szatox on Sat Mar 22, 2025 10:38 pm; edited 1 time in total |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sat Mar 22, 2025 10:33 pm Post subject: |
|
|
I think the file permissions are OK: | bash: | leyvi ~/.ssh (0) $ ls -lah my_machine*
-rw------- 1 leyvi leyvi 411 Mar 22 21:38 my_machine
-rw-r--r-- 1 leyvi leyvi 100 Mar 22 21:38 my_machine.pub |
|
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1640
Location: Richmond Hill, Canada
|
| Posted: Sat Mar 22, 2025 10:45 pm Post subject: |
|
|
| leyvi wrote: | I think the file permissions are OK: | bash: | leyvi ~/.ssh (0) $ ls -lah my_machine*
-rw------- 1 leyvi leyvi 411 Mar 22 21:38 my_machine
-rw-r--r-- 1 leyvi leyvi 100 Mar 22 21:38 my_machine.pub |
|
Have you notice your ssh -v debug post stated that identify file name?
If you wish to use "my_machine" as identify file name, you need to tell sshd (sshd_config) to search for that name. |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sat Mar 22, 2025 10:47 pm Post subject: |
|
|
| pingtoo wrote: | | If you wish to use "my_machine" as identify file name, you need to tell sshd (sshd_config) to search for that name. |
How might I do that? (I'm not sure I understand what you mean) |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1640
Location: Richmond Hill, Canada
|
| Posted: Sat Mar 22, 2025 11:00 pm Post subject: |
|
|
| leyvi wrote: | | pingtoo wrote: | | If you wish to use "my_machine" as identify file name, you need to tell sshd (sshd_config) to search for that name. |
How might I do that? (I'm not sure I understand what you mean) |
I got it a bit wrong. It is not sshd. it is ssh_config.
you need to name your public key file, in your case it is 'my_machine.pub' therefor your ssh command need to change to 'ssh -i my_machine.pub' ...
use "man ssh_config" and search for "IdentityFile" |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sat Mar 22, 2025 11:01 pm Post subject: |
|
|
| Ah, alright. I'll give it a try, and let you know how it goes... |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sat Mar 22, 2025 11:03 pm Post subject: |
|
|
| bash: | leyvi ~ (255) $ ssh -v -i .ssh/my_machine.pub leyvi@localhost
OpenSSH_9.9p2, OpenSSL 3.4.1 11 Feb 2025
debug1: Reading configuration data /home/leyvi/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/9999999gentoo-security.conf
debug1: Reading configuration data /etc/ssh/ssh_config.d/9999999gentoo.conf
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file .ssh/my_machine.pub type 3
debug1: identity file .ssh/my_machine.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9
debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'leyvi'
debug1: load_hostkeys: fopen /home/leyvi/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-512-etm@openssh.com compression: zlib@openssh.com
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-512-etm@openssh.com compression: zlib@openssh.com
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:dpWBsEjI1ySS6u2Gy/BmmCfJtuPEk4cFuY6XY8o9wmU
debug1: load_hostkeys: fopen /home/leyvi/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'localhost' is known and matches the ED25519 host key.
debug1: Found key in /home/leyvi/.ssh/known_hosts:5
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug1: kex_ext_info_check_ver: ping@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: .ssh/my_machine.pub ED25519 SHA256:ieNA2IMF8Umw38sNZPaKS25vYtxFOuse+6OhUUH4eeU explicit agent
debug1: Will attempt key: leyvirose@gmail.com ED25519 SHA256:LHrbuDTrfO0wubxjJQM5XR1ZjRIQvPWH8H9NrE1gZ5k agent
debug1: Offering public key: .ssh/my_machine.pub ED25519 SHA256:ieNA2IMF8Umw38sNZPaKS25vYtxFOuse+6OhUUH4eeU explicit agent
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering public key: leyvirose@gmail.com ED25519 SHA256:LHrbuDTrfO0wubxjJQM5XR1ZjRIQvPWH8H9NrE1gZ5k agent
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
leyvi@localhost: Permission denied (publickey,keyboard-interactive). |
About known_hosts: are the hashes in there the hashes from the public key files? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1640
Location: Richmond Hill, Canada
|
| Posted: Sat Mar 22, 2025 11:13 pm Post subject: |
|
|
Did you see | grknight wrote: | | Does the key using to connect exist in /home/leyvi/.ssh/authorized_keys? This is what the server uses to say "yup, this can continue" |
?
I suggest you read up the "man ssh" for more detail. if you plan to remote into your own network. It is better understand the security implication before doing anything. |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 2120
|
| Posted: Sun Mar 23, 2025 12:19 am Post subject: |
|
|
| You have to look at the sshd log to know why it is denying. Asking ssh, the client, won't know why the server is saying no. |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sun Mar 23, 2025 4:47 pm Post subject: |
|
|
Quick update:
The problem is not fixed, however it did turn out that the permissions on both my ~/.ssh folder and my ~ folder were set incorrectly. I only found out now, because I thought `sshd` logged to syslog, I didn't realize it logged to auth.log. Here is the problem, according to the logs, with some (possibly) sensitive information redacted with "...": | auth.log: | root /var/log (0) $ grep -e "sshd" auth.log | grep -e "Mar 23" | bat
───────┬────────────────────────────────────────────────────────────────────────
│ STDIN
───────┼────────────────────────────────────────────────────────────────────────
1 │ Mar 23 00:14:45 fast-penguin sshd-session[6292]: Authentication refused: bad ownership or modes for directory /home/leyvi/.ssh
2 │ Mar 23 00:14:45 fast-penguin sshd-session[6292]: Connection closed by authenticating user leyvi ::1 port 52986 [preauth]
3 │ Mar 23 01:02:10 fast-penguin sshd-session[16852]: Authentication refused: bad ownership or modes for directory /home/leyvi/.ssh
4 │ Mar 23 01:02:10 fast-penguin sshd-session[16852]: Connection closed by authenticating user leyvi ::1 port 54842 [preauth]
5 │ Mar 23 01:02:16 fast-penguin sshd-session[16863]: Authentication refused: bad ownership or modes for directory /home/leyvi/.ssh
6 │ Mar 23 01:02:16 fast-penguin sshd-session[16863]: Connection closed by authenticating user leyvi ::1 port 54848 [preauth]
7 │ Mar 23 01:02:21 fast-penguin sshd-session[16890]: Authentication refused: bad ownership or modes for directory /home/leyvi/.ssh
8 │ Mar 23 01:02:21 fast-penguin sshd-session[16890]: Connection closed by authenticating user leyvi ::1 port 56364 [preauth]
9 │ Mar 23 01:02:27 fast-penguin sshd-session[16915]: Authentication refused: bad ownership or modes for directory /home/leyvi/.ssh
10 │ Mar 23 01:02:27 fast-penguin sshd-session[16915]: Connection closed by authenticating user leyvi ::1 port 56368 [preauth]
11 │ Mar 23 01:13:11 fast-penguin sshd[31774]: Received signal 15; terminating.
12 │ Mar 23 18:16:24 fast-penguin sshd[5879]: Server listening on 127.0.0.1 port 22.
13 │ Mar 23 18:16:24 fast-penguin sshd[5879]: Server listening on :: port 22.
14 │ Mar 23 18:16:24 fast-penguin sshd[5879]: error: Bind to port 22 on 2a06:c701:9909:1601:ca7f:54ff:fea9:1984 failed: Address already in use.
15 │ Mar 23 18:24:22 fast-penguin sshd[5879]: Received signal 15; terminating.
16 │ Mar 23 18:24:37 fast-penguin sshd[24531]: Server listening on 127.0.0.1 port 22.
17 │ Mar 23 18:24:37 fast-penguin sshd[24531]: Server listening on :: port 22.
18 │ Mar 23 18:24:37 fast-penguin sshd[24531]: error: Bind to port 22 on 2a06:c701:991d:b001:ca7f:54ff:fea9:1984 failed: Cannot assign requested address.
19 │ Mar 23 18:24:37 fast-penguin sshd[24531]: error: Bind to port 22 on 147.235.198.243 failed: Cannot assign requested address.
20 │ Mar 23 18:25:36 fast-penguin sshd-session[31608]: Connection from ::1 port 55172 on ::1 port 22 rdomain ""
21 │ Mar 23 18:25:36 fast-penguin sshd-session[31608]: Authentication refused: bad ownership or modes for directory /home/leyvi/.ssh
22 │ Mar 23 18:25:36 fast-penguin sshd-session[31608]: Failed publickey for leyvi from ::1 port 55172 ssh2: ED25519 SHA256:/p8S8...
23 │ Mar 23 18:25:36 fast-penguin sshd-session[31608]: Connection closed by authenticating user leyvi ::1 port 55172 [preauth]
24 │ Mar 23 18:25:36 fast-penguin sshd[24531]: srclimit_penalise: ipv6: new ::1/128 deferred penalty of 5 seconds for penalty: failed authentication
25 │ Mar 23 18:36:04 fast-penguin sshd-session[21443]: Connection from ::1 port 47738 on ::1 port 22 rdomain ""
26 │ Mar 23 18:36:04 fast-penguin sshd-session[21443]: Authentication refused: bad ownership or modes for directory /home/leyvi
27 │ Mar 23 18:36:04 fast-penguin sshd-session[21443]: Failed publickey for leyvi from ::1 port 47738 ssh2: ED25519 SHA256:/p8S8...
28 │ Mar 23 18:36:04 fast-penguin sshd-session[21443]: Connection closed by authenticating user leyvi ::1 port 47738 [preauth]
29 │ Mar 23 18:36:04 fast-penguin sshd[24531]: srclimit_penalise: ipv6: new ::1/128 deferred penalty of 5 seconds for penalty: failed authentication
30 │ Mar 23 18:39:11 fast-penguin sshd-session[9649]: Connection from ::1 port 43492 on ::1 port 22 rdomain ""
31 │ Mar 23 18:39:11 fast-penguin sshd-session[9649]: Failed publickey for leyvi from ::1 port 43492 ssh2: ED25519 SHA256:/p8S8...
32 │ Mar 23 18:39:11 fast-penguin sshd-session[9649]: Connection closed by authenticating user leyvi ::1 port 43492 [preauth]
33 │ Mar 23 18:39:11 fast-penguin sshd[24531]: srclimit_penalise: ipv6: new ::1/128 deferred penalty of 5 seconds for penalty: failed authentication
───────┴──────────────────────────────────────────────────────────────────────── |
In case any were wondering, yes, I did fix the permissions.
[Administrator edit: shortened the decorative banners at header and footer to fix thread layout. -Hu] |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1640
Location: Richmond Hill, Canada
|
| Posted: Sun Mar 23, 2025 5:00 pm Post subject: |
|
|
may be you could share info after permission fixed, what other error(s) you got.
Your log still contain permission issue if they are after "permission fix" |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sun Mar 23, 2025 6:01 pm Post subject: |
|
|
To clarify:
The last log I shared contains stuff from both before and after the changes I made to the directory permissions; pay very close attention and you'll see what I mean. When I get home, I'll make a list of line numbers for different stages. |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1640
Location: Richmond Hill, Canada
|
| Posted: Sun Mar 23, 2025 6:22 pm Post subject: |
|
|
| leyvi wrote: | To clarify:
The last log I shared contains stuff from both before and after the changes I made to the directory permissions; pay very close attention and you'll see what I mean. When I get home, I'll make a list of line numbers for different stages. |
May be you can share what exact you did that you believe you fixed the permission issue.
See in you log line#9 vs line#21 it seems to me they were same issue. |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sun Mar 23, 2025 6:29 pm Post subject: |
|
|
| See lines 26 and 30. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23356
|
| Posted: Sun Mar 23, 2025 6:37 pm Post subject: |
|
|
| It appears to be refusing your key. Check that the ed25519 key you are trying to use is listed in authorized_keys. |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1640
Location: Richmond Hill, Canada
|
| Posted: Sun Mar 23, 2025 7:06 pm Post subject: |
|
|
| leyvi wrote: | | See lines 26 and 30. |
OK, so lets take your advise and I will explain how I interpret what happen.
At line#26 "Authentication refused: bad ownership or modes for directory /home/leyvi" and at line#27 "Failed publickey for leyvi from ::1 port 47738 ssh2: ED25519 SHA256:/p8S8..." which all happened at "Mar 23 18:36:04 in same session "fast-penguin sshd-session[21443]" so I associate the line#27 error message because it is ownership/permission issue
Now on line#30 "Failed publickey for leyvi from ::1 port 43492 ssh2: ED25519 SHA256:/p8S8..." at "Mar 23 18:39:11" in session "sshd-session[9649]", so in 3 minutes later same error message as line#27. although this time the permission/ownership error message did not proceeding it.
So you are saying in that three minutes you perform some action(s) that corrected the "ownership/permission" issue?
I hope I illustrated that why I am asking more detail information because without knowing what changes at which point we will be just guessing.
I will for now assume above was how the event sequence. So I concurred with Hu's suggestion that possible your public key does not match your private key.
Please note this is assume you did put the public key into file "authorized-keys" file.
You could try | Code: | | ssh-keygen -y -f my_machine | diff - my_machine.pub |
to verify your private and public key indeed is a pair. |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sun Mar 23, 2025 7:14 pm Post subject: |
|
|
Yeah, pretty much. Sorry I wasn't clear about it, I wrote some of those posts from my phone, and I had both limited information and time. Here's the output of history: | history: | 492 │ 501 ssh leyvi@localhost
493 │ 502 ls -lah .ssh
494 │ 503 chmod u+rwx,go-rwx .ssh
495 │ 504 ssh leyvi@localhost
496 │ 505 ls -lah ~
497 │ 506 chmod o-rwx,g-w ~
498 │ 507 ls -lah ~
499 │ 508 ssh leyvi@localhost |
Last edited by leyvi on Sun Mar 23, 2025 7:17 pm; edited 1 time in total |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sun Mar 23, 2025 7:15 pm Post subject: |
|
|
| Return value of `ssh-keygen -y -f my_machine | diff - my_machine.pub` was 0, by the way (no difference, I think). |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1640
Location: Richmond Hill, Canada
|
| Posted: Sun Mar 23, 2025 8:35 pm Post subject: |
|
|
Thanks for the information.
Looks alright from the command history. But I am not able to correlate those commands to the execution environment.
So I will suggest few steps and please try them when you are in front of your computer. This way hopefully it will show a clear pictures of execution environment so we don't need to go back and forth.
Assume you can have two terminal sessions,
In session A do | Code: | # As root
/usr/sbin/sshd -ddd -p 22222 -E /tmp/sshd.log |
In session B do | Code: | # As user leyvi
ssh -vvv -p 22222 -i ~/.ssh/my_machine -E /tmp/ssh.log localhost |
If you change the identify file name, please change accordingly.
finally any user (leyvi) session do | Code: | | namei -l ~/.ssh/{authorized_keys,known_hosts,my_machine,my_machine.pub} |
I am assume you are using bash. If the {...} cause shell error please try to do namei -l <those 4 files> individually.
Please post both /tmp/sshd.log and /tmp/ssh.log as well as the output of namei -l ...
In theory this test run should also fail at the end but it should generate enough information to help understand what happen.
the "-p 22222" is to run a debug session using port 22222 in parallel so it will not disrupt normal system. |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Sun Mar 23, 2025 9:07 pm Post subject: |
|
|
| Alright, thanks. I gotta go to bed now (matriculation exam tomorrow), I'll try it when I get home, and post the results here. |
|
| Back to top |
|
|
leyvi
Guru
Joined: 08 Sep 2023
Posts: 308
|
| Posted: Mon Mar 24, 2025 1:00 pm Post subject: |
|
|
Alright: | shell: | leyvi ~ (0) $ ssh -vvv -p 22222 -i ~/.ssh/my_machine -E /tmp/ssh.log localhost
Last login: Mon Mar 24 14:42:42 2025
Environment:
COLORTERM=truecolor
LANGUAGE=C
LC_ADDRESS=en_IL.UTF-8
LC_MONETARY=en_IL.UTF-8
LC_PAPER=C
LANG=en_US.utf8
LC_TELEPHONE=en_IL.UTF-8
LC_MEASUREMENT=C
LC_TIME=en_IL.UTF-8
USER=leyvi
LOGNAME=leyvi
HOME=/home/leyvi
PATH=/usr/bin:/bin:/usr/sbin:/sbin
MAIL=/var/mail/leyvi
SHELL=/bin/bash
TERM=tmux-256color
SSH_CLIENT=::1 46684 22222
SSH_CONNECTION=::1 46684 ::1 22222
SSH_TTY=/dev/pts/3
leyvi ~ (0) $ namei -l ~/.ssh/{authorized_keys,known_hosts,my_machine,my_machine.pub}
f: /home/leyvi/.ssh/authorized_keys
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--- leyvi leyvi leyvi
drwx------ leyvi leyvi .ssh
-rw-r--r-- leyvi leyvi authorized_keys
f: /home/leyvi/.ssh/known_hosts
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--- leyvi leyvi leyvi
drwx------ leyvi leyvi .ssh
-rw-r--r-- leyvi leyvi known_hosts
f: /home/leyvi/.ssh/my_machine
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--- leyvi leyvi leyvi
drwx------ leyvi leyvi .ssh
-rw------- leyvi leyvi my_machine
f: /home/leyvi/.ssh/my_machine.pub
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--- leyvi leyvi leyvi
drwx------ leyvi leyvi .ssh
-rw-r--r-- leyvi leyvi my_machine.pub |
| /tmp/sshd.log: | debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 3909
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 3909
debug2: /etc/ssh/sshd_config line 109: new include /etc/ssh/sshd_config.d/*.conf
debug2: /etc/ssh/sshd_config line 109: including /etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf
debug2: load_server_config: filename /etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf
debug2: load_server_config: done config len = 80
debug2: parse_server_config_depth: config /etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf len 80
debug3: /etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf:2 setting Subsystem sftp /usr/lib64/misc/sftp-server
debug2: /etc/ssh/sshd_config line 109: including /etc/ssh/sshd_config.d/9999999gentoo.conf
debug2: load_server_config: filename /etc/ssh/sshd_config.d/9999999gentoo.conf
debug2: load_server_config: done config len = 317
debug2: parse_server_config_depth: config /etc/ssh/sshd_config.d/9999999gentoo.conf len 317
debug3: /etc/ssh/sshd_config.d/9999999gentoo.conf:2 setting AcceptEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
debug3: /etc/ssh/sshd_config.d/9999999gentoo.conf:5 setting AcceptEnv COLORTERM
debug3: /etc/ssh/sshd_config:124 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:127 setting AllowGroups leyvi wheel
debug3: /etc/ssh/sshd_config:130 setting AllowUsers leyvi
debug3: /etc/ssh/sshd_config:133 setting SyslogFacility AUTH
debug3: /etc/ssh/sshd_config:134 setting LogLevel VERBOSE
debug3: /etc/ssh/sshd_config:137 setting HostbasedAuthentication no
debug3: /etc/ssh/sshd_config:138 setting PasswordAuthentication no
debug3: /etc/ssh/sshd_config:139 setting PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:142 setting Ciphers aes256-gcm@openssh.com,aes256-ctr
debug3: /etc/ssh/sshd_config:143 setting MACs hmac-sha2-512-etm@openssh.com
debug3: /etc/ssh/sshd_config:146 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:147 setting AuthorizedKeysFile /home/leyvi/.ssh/authorized_keys
debug3: /etc/ssh/sshd_config:150 setting ListenAddress leyvi.duckdns.org
debug3: /etc/ssh/sshd_config:151 setting ListenAddress ::
debug3: /etc/ssh/sshd_config:152 setting ListenAddress 127.0.0.1
debug3: /etc/ssh/sshd_config:155 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug1: sshd version OpenSSH_9.9, OpenSSL 3.4.1 11 Feb 2025
debug1: private host key #0: ssh-ed25519 SHA256:dpWBsEjI1ySS6u2Gy/BmmCfJtuPEk4cFuY6XY8o9wmU
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='22222'
debug1: rexec_argv[4]='-E'
debug1: rexec_argv[5]='/tmp/sshd.log'
debug3: using /usr/lib64/misc/sshd-session for re-exec
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 8 setting O_NONBLOCK
debug1: Bind to port 22222 on 127.0.0.1.
Server listening on 127.0.0.1 port 22222.
debug2: fd 9 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 9 IPV6_V6ONLY
debug1: Bind to port 22222 on ::.
Server listening on :: port 22222.
debug2: fd 10 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 10 IPV6_V6ONLY
debug1: Bind to port 22222 on 2a06:c701:9909:1601:ca7f:54ff:fea9:1984.
Bind to port 22222 on 2a06:c701:9909:1601:ca7f:54ff:fea9:1984 failed: Cannot assign requested address.
debug2: fd 10 setting O_NONBLOCK
debug1: Bind to port 22222 on 147.235.198.243.
Bind to port 22222 on 147.235.198.243 failed: Cannot assign requested address.
debug3: fd 10 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 13 config len 3909
debug3: ssh_msg_send: type 0 len 4682
debug3: ssh_msg_send: done
debug3: send_rexec_state: done
debug1: rexec start in 10 out 10 newsock 10 pipe -1 sock 13/14
debug1: sshd version OpenSSH_9.9, OpenSSL 3.4.1 11 Feb 2025
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug2: parse_hostkeys: privkey 0: ssh-ed25519
debug2: parse_hostkeys: pubkey 0: ssh-ed25519
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 3909
debug2: parse_server_config_depth: config /etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf len 80
debug3: /etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf:2 setting Subsystem sftp /usr/lib64/misc/sftp-server
debug2: parse_server_config_depth: config /etc/ssh/sshd_config.d/9999999gentoo.conf len 317
debug3: /etc/ssh/sshd_config.d/9999999gentoo.conf:2 setting AcceptEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
debug3: /etc/ssh/sshd_config.d/9999999gentoo.conf:5 setting AcceptEnv COLORTERM
debug3: rexec:124 setting PermitRootLogin no
debug3: rexec:127 setting AllowGroups leyvi wheel
debug3: rexec:130 setting AllowUsers leyvi
debug3: rexec:133 setting SyslogFacility AUTH
debug3: rexec:134 setting LogLevel VERBOSE
debug3: rexec:137 setting HostbasedAuthentication no
debug3: rexec:138 setting PasswordAuthentication no
debug3: rexec:139 setting PermitEmptyPasswords no
debug3: rexec:142 setting Ciphers aes256-gcm@openssh.com,aes256-ctr
debug3: rexec:143 setting MACs hmac-sha2-512-etm@openssh.com
debug3: rexec:146 setting PubkeyAuthentication yes
debug3: rexec:147 setting AuthorizedKeysFile /home/leyvi/.ssh/authorized_keys
debug3: rexec:150 setting ListenAddress leyvi.duckdns.org
debug3: rexec:151 setting ListenAddress ::
debug3: rexec:152 setting ListenAddress 127.0.0.1
debug3: rexec:155 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug1: network sockets: 5, 5
debug3: server_process_channel_timeouts: setting 0 timeouts
debug3: channel_clear_timeouts: clearing
Connection from ::1 port 46684 on ::1 port 22222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9
debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 7754
debug3: preauth child monitor started
debug3: privsep user:group 22:22 [preauth]
debug1: permanently_set_uid: 22/22 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-s,kex-strict-s-v00@openssh.com [preauth]
debug2: host key algorithms: ssh-ed25519 [preauth]
debug2: ciphers ctos: aes256-gcm@openssh.com,aes256-ctr [preauth]
debug2: ciphers stoc: aes256-gcm@openssh.com,aes256-ctr [preauth]
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com [preauth]
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com [preauth]
debug2: compression ctos: none,zlib@openssh.com [preauth]
debug2: compression stoc: none,zlib@openssh.com [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com [preauth]
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: zlib@openssh.com,none [preauth]
debug2: compression stoc: zlib@openssh.com,none [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug3: kex_choose_conf: will use strict KEX ordering [preauth]
debug1: kex: algorithm: sntrup761x25519-sha512 [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-512-etm@openssh.com compression: zlib@openssh.com [preauth]
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-512-etm@openssh.com compression: zlib@openssh.com [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
debug3: mm_sshkey_sign: entering [preauth]
debug3: mm_request_send: entering, type 6 [preauth]
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect: entering, type 7 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign: entering
debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83
debug3: mm_request_send: entering, type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
debug2: ssh_set_newkeys: mode 1 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug3: send packet: type 7 [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: receive packet: type 21 [preauth]
debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: ssh_set_newkeys: mode 0 [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug2: KEX algorithms: sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-s,kex-strict-s-v00@openssh.com [preauth]
debug2: host key algorithms: ssh-ed25519 [preauth]
debug2: ciphers ctos: aes256-gcm@openssh.com,aes256-ctr [preauth]
debug2: ciphers stoc: aes256-gcm@openssh.com,aes256-ctr [preauth]
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com [preauth]
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com [preauth]
debug2: compression ctos: none,zlib@openssh.com [preauth]
debug2: compression stoc: none,zlib@openssh.com [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 7 [preauth]
debug1: SSH2_MSG_EXT_INFO received [preauth]
debug3: kex_input_ext_info: extension ext-info-in-auth@openssh.com [preauth]
debug1: kex_ext_info_check_ver: ext-info-in-auth@openssh.com=<0> [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user leyvi service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow: entering [preauth]
debug3: mm_request_send: entering, type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect: entering, type 9 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow: entering
debug2: parse_server_config_depth: config reprocess config len 3909
debug2: parse_server_config_depth: config /etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf len 80
debug2: parse_server_config_depth: config /etc/ssh/sshd_config.d/9999999gentoo.conf len 317
debug3: auth_shadow_acctexpired: today 20171 sp_expire -1 days left -20172
debug3: account expiration disabled
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send: entering, type 9
debug2: monitor_read: 8 used once, disabling now
debug3: server_process_channel_timeouts: setting 0 timeouts [preauth]
debug3: channel_clear_timeouts: clearing [preauth]
debug2: input_userauth_request: setting up authctxt for leyvi [preauth]
debug3: mm_inform_authserv: entering [preauth]
debug3: mm_request_send: entering, type 4 [preauth]
debug1: kex_server_update_ext_info: Sending SSH2_MSG_EXT_INFO [preauth]
debug3: send packet: type 7 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user leyvi service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug2: userauth_pubkey: valid user leyvi querying public key ssh-ed25519 AAAAC... [preauth]
debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:ieNA2... [preauth]
debug3: mm_key_allowed: entering [preauth]
debug3: mm_request_send: entering, type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect: entering, type 23 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed: entering
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/leyvi/.ssh/authorized_keys
debug1: fd 6 clearing O_NONBLOCK
debug1: /home/leyvi/.ssh/authorized_keys:1: matching key found: ED25519 SHA256:ieNA2...
debug1: /home/leyvi/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: /home/leyvi/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Accepted key ED25519 SHA256:ieNA2... found at /home/leyvi/.ssh/authorized_keys:1
debug2: auth_check_authkeys_file: /home/leyvi/.ssh/authorized_keys: processed 1/1 lines
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
debug3: mm_request_send: entering, type 23
debug3: send packet: type 60 [preauth]
debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 0.160ms, delaying 5.350ms (requested 5.510ms) [preauth]
Postponed publickey for leyvi from ::1 port 46684 ssh2 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user leyvi service ssh-connection method publickey-hostbound-v00@openssh.com [preauth]
debug1: attempt 2 failures 0 [preauth]
debug2: input_userauth_request: try method publickey-hostbound-v00@openssh.com [preauth]
debug2: userauth_pubkey: valid user leyvi attempting public key ssh-ed25519 AAAAC... [preauth]
debug3: userauth_pubkey: publickey-hostbound-v00@openssh.com have ssh-ed25519 signature for ED25519 SHA256:ieNA2... [preauth]
debug3: mm_key_allowed: entering [preauth]
debug3: mm_request_send: entering, type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect: entering, type 23 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed: entering
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/leyvi/.ssh/authorized_keys
debug1: fd 6 clearing O_NONBLOCK
debug1: /home/leyvi/.ssh/authorized_keys:1: matching key found: ED25519 SHA256:ieNA2...
debug1: /home/leyvi/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: /home/leyvi/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Accepted key ED25519 SHA256:ieNA2... found at /home/leyvi/.ssh/authorized_keys:1
debug2: auth_check_authkeys_file: /home/leyvi/.ssh/authorized_keys: processed 1/1 lines
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication: ED25519 key is allowed
debug3: mm_request_send: entering, type 23
debug3: mm_sshkey_verify: entering [preauth]
debug3: mm_request_send: entering, type 24 [preauth]
debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
debug3: mm_request_receive_expect: entering, type 25 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 24
debug3: mm_answer_keyverify: publickey ED25519 signature using ssh-ed25519 verified
debug1: auth_activate_options: setting new authentication options
debug3: mm_request_send: entering, type 25
Accepted publickey for leyvi from ::1 port 46684 ssh2: ED25519 SHA256:ieNA2...
debug1: monitor_child_preauth: user leyvi authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect: entering, type 26
debug3: mm_request_receive: entering
debug3: mm_get_keystate: GOT new keys
debug1: auth_activate_options: setting new authentication options [preauth]
debug2: userauth_pubkey: authenticated 1 pkalg ssh-ed25519 [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 0.947ms, delaying 4.562ms (requested 5.510ms) [preauth]
debug3: send packet: type 52 [preauth]
debug1: Enabling compression at level 6. [preauth]
debug3: mm_request_send: entering, type 26 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug1: monitor_read_log: child log fd closed
debug3: ssh_sandbox_parent_finish: finished
User child is on pid 7755
debug1: permanently_set_uid: 1000/1000
debug3: monitor_apply_keystate: packet_set_state
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: ssh_packet_set_postauth: called
debug1: Enabling compression at level 6.
debug3: ssh_packet_set_state: done
debug3: notify_hostkeys: key 0: ssh-ed25519 SHA256:dpWBs...
debug3: notify_hostkeys: sent 1 hostkeys
debug3: send packet: type 80
debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: sending debug message: /home/leyvi/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: send packet: type 4
debug3: sending debug message: /home/leyvi/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: send packet: type 4
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new session [server-session] (inactive timeout: 0)
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug3: send packet: type 91
debug3: receive packet: type 80
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug3: mm_request_send: entering, type 28
debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
debug3: mm_request_receive_expect: entering, type 29
debug3: mm_request_receive: entering
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 28
debug3: mm_answer_pty: entering
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug3: mm_request_send: entering, type 29
debug3: mm_answer_pty: tty /dev/pts/3 ptyfd 6
debug1: session_pty_req: session 0 alloc /dev/pts/3
debug3: send packet: type 99
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 0: COLORTERM=truecolor
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 1: LANGUAGE=C
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 2: LC_ADDRESS=en_IL.UTF-8
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 3: LC_MONETARY=en_IL.UTF-8
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 4: LC_PAPER=C
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 5: LANG=en_US.utf8
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 6: LC_TELEPHONE=en_IL.UTF-8
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 7: LC_MEASUREMENT=C
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Setting env 8: LC_TIME=en_IL.UTF-8
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug2: channel_set_xtype: labeled channel 0 as session:shell (inactive timeout 0)
Starting session: shell on pts/3 for leyvi from ::1 port 46684 id 0
debug2: fd 5 setting TCP_NODELAY
debug3: set_sock_tos: set socket 5 IPV6_TCLASS 0x48
debug2: channel 0: rfd 10 isatty
debug2: fd 10 setting O_NONBLOCK
debug3: fd 8 is O_NONBLOCK
debug3: send packet: type 99
debug1: Setting controlling tty using TIOCSCTTY.
debug3: mm_request_receive: entering
debug3: mm_request_receive: monitor fd closed
mm_reap: preauth child terminated by signal 2
debug1: do_cleanup
debug1: session_pty_cleanup2: session 0 release /dev/pts/3 |
Please note that some (potentially) sensitive information was partially removed, and shortened to its first 5 characters and "...". |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1640
Location: Richmond Hill, Canada
|
| Posted: Mon Mar 24, 2025 1:59 pm Post subject: |
|
|
no /tmp/ssh.log?
Did client successful connect?
I am not able to understand "shell" post, it seems to me you are able to login, And on the remote server you ran the namei -l command is my understand correct?
from the /tmp/sshd.log,
It show the key was accepted and pty allocated and shell started but later got signal 2 (SIGINT) so I think it is successfully working but a Ctrl-C or something else generate a SIGINT that interrupted the session. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
