Being Prompted for Password After Already Registered Public Key On server

Question

NOTE: This is not a duplicate to the popular question. Why am I still getting a password prompt with ssh with public key authentication?

I had an original post but I did not get much answers helping me. I will try and explain my 3 day problem in thorough detail.

How I added the id_rsa.pub ssh key into my Ubuntu server:

What I did was I created it through my normal windows 10 computer through a git scm terminal (can be found here https://git-for-windows.github.io/). I had to use git because a normal cmd prompt in windows 10 would not work. I generated it through ssh-keygen which generated 2 keys for me, one id_rsa and one id_rsa.pub.

After that I went on my putty terminal, logged into my remote server and created a .ssh directory in my /home/superjohnny folder (my sudo user) and I made a folder within the .ssh folder called authorized_keys. I copied and pasted my id_rsa.pub key into the authorized_keys folder and then later added 600 permissions on it by doing chmod 600 .ssh/authorized_keys.

Once I did that I went into my /etc/ssh/sshd_config and added the following into my config settings:

    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile %h/.ssh/authorized_keys

All these lines are also uncommented. I then did sudo service ssh restart and then I still get a password prompt when trying to log in. This has been going on for a week

The methods I have tried: I have used both threads that were discussed above to try and get an answer and I have also used my google search extensively. Here are the methods that I have used.

1. Putting the key on one line I have tried using in the git scm terminal on my computer the following command:

    cat ~/.ssh/id_rsa.pub | awk '{print}' ORS=' '

The command above supposedly doesn't do anything because the key was already on one line when I copied it, it's just that the terminal couldn't fit the key. Here is the thread I have used to find that command. https://stackoverflow.com/questions/36818651/how-to-display-output-on-single-line

Using the wc command: Using this command:

wc ~/.ssh/authorized_keys

I have gotten an output of:

  1   3 398 /home/superjohnny/.ssh/authorized_keys

Checking if my home directory is encrypted: I have used the following command:
```
ls -A /home/superjohnny
```
and I have gotten an output of:
```
.bash_history  .bash_logout  .bashrc  .cache  .profile  .ssh  .viminfo
```
There was no .encrypted folder to be found.
Going on debugging mode to check for extra information: While on a session I did the following command:
```
ssh -v superjohnny@myip
```

and got this as a result:

    debug1: Found key in /home/superjohnny/.ssh/known_hosts:1
    debug1: ssh_ecdsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/superjohnny/.ssh/id_rsa
    debug1: Trying private key: /home/superjohnny/.ssh/id_dsa
    debug1: Trying private key: /home/superjohnny/.ssh/id_ecdsa
    debug1: Trying private key: /home/superjohnny/.ssh/id_ed25519
    debug1: Next authentication method: password

This must be a hint to something but looking through the web for awhile I couldn't find much about this problem, only found a thread about it here: https://askubuntu.com/questions/54670/passwordless-ssh-not-working And this thead just tells me to recreate the key file which I have done numerous times

Using grep command: Using the following command:
```
grep -v '^[[:space:]]*$' ~/.ssh/authorized_keys | wc -l
```
I get a output of:
```
1
```

Checking logs messages: Using the following command:

sudo vi /var/log/auth.log

I have received a lot of errors all on the same day, the same exact error but I will only post a bit of it:

 Apr 25 04:14:01 ramnode CRON[977]: pam_unix(cron:session): session    closed for user root
Apr 25 04:54:01 ramnode CRON[1076]: pam_env(cron:session): Unable to open env file: /etc/default/locale: No such file or directory

I have not received any other messages in any other days other than April 25th.

Going on debugging mode with sshd:

Doing

    /usr/sbin/sshd -d

gives me an output of:

    debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
    debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
    Could not load host key: /etc/ssh/ssh_host_rsa_key
    debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied
    Could not load host key: /etc/ssh/ssh_host_dsa_key
    debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied
    Could not load host key: /etc/ssh/ssh_host_ecdsa_key
    debug1: could not open key file '/etc/ssh/ssh_host_ed25519_key': Permission denied
    Could not load host key: /etc/ssh/ssh_host_ed25519_key
    debug1: setgroups() failed: Operation not permitted
    debug1: rexec_argv[0]='/usr/sbin/sshd'
    debug1: rexec_argv[1]='-d'

However adding sudo in front of the command likeso:

    sudo /usr/sbin/sshd -d

gives me an output of:

    debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
    debug1: key_parse_private2: missing begin marker
    debug1: read PEM private key done: type RSA
    debug1: private host key: #0 type 1 RSA
    debug1: key_parse_private2: missing begin marker
    debug1: read PEM private key done: type DSA
    debug1: private host key: #1 type 2 DSA
    debug1: key_parse_private2: missing begin marker
    debug1: read PEM private key done: type ECDSA
    debug1: private host key: #2 type 3 ECDSA
    debug1: private host key: #3 type 4 ED25519
    debug1: rexec_argv[0]='/usr/sbin/sshd'
    debug1: rexec_argv[1]='-d'
    Set /proc/self/oom_score_adj from -800 to -1000

Trying to see if home directory permissions had to be smaller: I tried to change the home directory permissions because I thought that the permissions might not allowed for the .ssh directory to work. I used the following command:
```
chmod 755 ~/
```
but that did nothing at all when I restarted my terminal with sudo service ssh restart and then when I logged back into another terminal it still prompted me with a password.
Trying to disable Password I have tried to disable the password and not logging out of my secession so I can change it if it doesn't work. I did this by going into the
```
/etc/ssh/sshd_config 
```
but when I went on to a new terminal screen I get the following error:
```
Disconnected: No supported authentication methods avaliable(server sent: publickey
```

The /var/log/auth.log messages that I had when trying to log in with password disabled so the system would try and use ssh keys was this:

    May  1 09:02:00 ramnode sshd[16905]: error: Received disconnect from 64.121.77.168: 14: No supported authentication methods available [preauth]
    May  1 09:02:13 ramnode sudo: superjohnny : TTY=pts/1 ; PWD=/home/superjohnny ; USER=root ; COMMAND=/usr/bin/vi /var/log/auth.log
    May  1 09:02:13 ramnode sudo: pam_unix(sudo:session): session opened for user root by superjohnny(uid=0)

THERE IS NO REASON TO SHOUT. We have bold and italics for emphasis. — Anthon, Apr 24 '16 at 14:43
It is still most likely that your .authorizedkeys file is not correct. Don't you have the command ssh-copy-id on your client (windows) box to copy the id? Have you logged into the server (with password) and ran wc ~/.ssh/authorized_keys (output should be 1)? — Anthon, Apr 24 '16 at 14:48
And if you don't have ssh-copy-id, you can use scp id_rsa.pub user@server:~/.ssh/authorized_keys (assuming you don't already have other public ids in there) — Anthon, Apr 24 '16 at 14:52
Ok, I will delete my authorized key file and try again with your method — questions, Apr 24 '16 at 14:57
You have at least wrong permissions on .ssh/authorized_keys file and .ssh folder. It should be 0600 and 0700 respectively. Also checking the verbose log of server, will give you the hint what is wrong. — Jakuje, Apr 24 '16 at 14:58
@JohnnyInno1 No 700 on .ssh (as that is a directory) and 600 on the authorized_keys file in that directory — Anthon, Apr 24 '16 at 15:06
Ok, it I've added those permissions and it still doesn't work, I have also tried your method @Anthon but it says it doesn't exist even though I literally have the files... the output error is in my post sorry. — questions, Apr 24 '16 at 15:12
That the copy doesn't work is because you missed the ~ which indicates your home directory. The output from wc looks ok though (one line, three words). You can try to look at /var/log/messages on the server to see if it says something useful. Or start ssh -v superjohnny@myip for extra debugging — Anthon, Apr 24 '16 at 15:23
After my debugging I realized that "supposebly" every line in my etc/ssh/ssh_config has an error.. how do I fix this? — questions, Apr 24 '16 at 17:39
Looks like your /etc/ssh/ssh_config was overwritten with something else. Can you show its contents (the first 10 lines)? — ott--, Apr 24 '16 at 18:03
You are correct that your question is not a duplicate. You are wrong about the reason. A dupe is still a dupe if the underlying problem is the same, even if the Linux distro is different and even if the older question is for FreeBSD or OS X or AIX or Solaris or some other non-Linux unix. In other words, the fact that you're on Ubuntu and the other question is on Centos doesn't automatically prevent your question from being a duplicate. — cas, Apr 25 '16 at 02:12
Ok I have changed that, I also don't have errors now but when going on degugging mode my server just skips the passwords... — questions, Apr 25 '16 at 19:54
you really need to be a lot clearer about what you are trying to do and what your problem is. what is this git bash you keep talking about? sounds like nonsensical misunderstanding to me. what are you actually trying to do? ssh from a windows box using putty to an ubuntu box? ssh from the ubuntu box to somewhere else? what exactly does created a file which was pretty much id_rsa.pub by using the touch command mean? touch can't create key files, that's a job for ssh-keygen (on ubuntu) or puttgen (on windows). and forget that nonsense about using awk or anything to {cont} — cas, Apr 25 '16 at 23:21
{cont} put it all on one line - it is already on one line, it just takes a lot more more than one 80-column terminal line to display. As for your claim that There is literally nothing i am doing wrong, you are absolutely wrong about that. — cas, Apr 25 '16 at 23:24
Alright, I have changed it, sorry for the lack of knowledge in linux. — questions, Apr 26 '16 at 00:57
you mentioned changing /etc/ssh/sshd_config so i guess that means you have root access on the ubuntu server. if so, a) did you restart sshd after changing its config? and b) what does /var/log/auth.log show when you try to log in? BTW, given your description of how you created ~/.ssh/authorized_keys it is possible you messed it up somehow - try grep -v '^[[:space:]]*$' ~/.ssh/authorized_keys | wc -l. That will count the number of non-empty lines in the file, which should equal the number of keys - so if you've only ever added one key to it, the result should be 1. — cas, Apr 26 '16 at 08:12
Using sudo service ssh restart doesn't appear to do anything, when I do ~var/log/auth.log it says permission denied. Typing in the command grep -v '^[[:space:]]*$' ~/.ssh/authorized_keys | wc -l gives me a result of 1. — questions, Apr 26 '16 at 18:58
I've literally been just rechecking everything from my sshd config to and doing grep over and over again, I have also checked my var log, it just says that this: Apr 25 04:54:01 ramnode CRON[1076]: pam_env(cron:session): Unable to open env file: /etc/default/locale: No such file or directory. I have done literally everything, I have looked everywhere for the answer and I find that they jsut give the same answers, no one has really had an ssh key problem as serious as mine... — questions, Apr 30 '16 at 01:55
I have tried @Anthon's method again, the wc command now gives me another output that is in my post. — questions, Apr 30 '16 at 02:01
Have you tried putting the remote sshd into debug mode ? It may have a reason for denying the key auth. — Jeff Schaller, Apr 30 '16 at 14:43
What do you mean by "do ~var/log/auth.log"? /var/log/auth.log is a log file that you are supposed to look in, with e.g. sudo less /var/log/auth.log. — Henrik supports the community, Apr 30 '16 at 15:38
@Henrik Sorry for not being so specific, I meant I used a text editor to look at it using sudo vi /var/log/auth.log. — questions, Apr 30 '16 at 17:00
@JeffSchaller, My outputs for ssh debug mode are in the post, I don't really know how would I specifically debug sshd. If you have the command for it that would be nice. — questions, Apr 30 '16 at 17:15
Did you not read through http://unix.stackexchange.com/q/36540/117549 ? — Jeff Schaller, Apr 30 '16 at 17:23
You're saying you get "permission denied" when using sudo vi? Is there SELinux or some other (please tell us which, if there is) additional security features enabled on the server? — Henrik supports the community, Apr 30 '16 at 17:27
@Henrick that was before when I did ~var/log/auth.log, the actual syntax of it is var/log/auth.log which I was not doing. If you read the thread you can see the output of what I get when using `sudo vi var/log/auth.log'.There is no other secutrity feature on my server unless you count disabling root login as one in my sshd_config — questions, Apr 30 '16 at 18:33
@JeffSchaller, I read part of it and I found out an error message in it, it method 6 in the post — questions, Apr 30 '16 at 18:38
@JeffSchaller I dug about it more and I found out the reason it was saying permission denied for all the keys was because I was not putting sudo in front of the command so now I use it like this sudo /usr/sbin/sshd. — questions, Apr 30 '16 at 18:42
The point of debug sshd was to gather the logs when you try to log in with a key. What happened? — Jeff Schaller, Apr 30 '16 at 21:14
I still don't see any sshd logs from your key-based authentication attempt. — Jeff Schaller, Apr 30 '16 at 23:46
I'm sorry, isn't doing /usr/sbin/sshd -d going into debugging mode on sshd? All my logs that I have are above on method 7 from debugging mode on sshd, sorry if I am not getting what you are saying. — questions, May 01 '16 at 01:20
I have tried to force my server to use key based authentication by disabling passwords in my /etc/ssh/sshd_config, is this what you were asking Jeff? The following error message I got from it is in the above post. — questions, May 01 '16 at 01:32
Your sshd output is only of sshd's startup; what does sshd say when you then try to log in? — Jeff Schaller, May 01 '16 at 11:42
I think I get what your saying, I posted a /var/log/auth.log message with password disabled to see if it would say anything about ssh keys, I updated method 8 with the var logs of trying to go in by "forcing" it to use ssh keys — questions, May 01 '16 at 13:03

score 1 · Accepted Answer · answered May 01 '16 at 14:27

I found the answer with the help of a very good friend who was very patient with my problem. The problem was that the putty client was not set up to accept my key, I had the authorized key files and all the permissions right it's just that this one little problem was not noticed until now.

In my putty client I did not put in a private key into my secession and I originally had thought that the remote server would just look into my files and check to see if the key was there. I was wrong and my friend had told me that this would be a huge security risk and said that the private key had to be put into putty likeso:

Thank you guys for also helping too, I learned a lot along the way with this problem.

Being Prompted for Password After Already Registered Public Key On server

1 Answers1