Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: ssh to SLES11SP2: "Permission denied (public key)"

  1. #11

    Re: ssh to SLES11SP2: "Permission denied (public key)"

    root is the only user who needs ssh sessions

    /var/log/messages does not show any entries when
    - trying to log in with ssh (with the error we are talking about)
    - login on the vmware console window

    On my first vmware console login it said "last login: Friday 28.07.2017 13:39... from [my Windows PC]". I immediately took a screenshot from this message
    The backup I restored is from Friday 21.07.2017
    Even in the unlikely case that I have accidentally deleted a configuration file after 28.07. the backup from 21.07. cannot be affected by this.

  2. #12

    Re: ssh to SLES11SP2: "Permission denied (public key)"

    Quote Originally Posted by bernbert View Post
    ChallengeResponseAuthentication: I confirm that there is the following line
    ChallengeResponseAuthentication no
    If you change it to:
    ChallengeResponseAuthentication yes
    ... does that resolve your issue?
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below this post. Thanks.

  3. #13

    Re: ssh to SLES11SP2: "Permission denied (public key)"

    Quote Originally Posted by bernbert View Post
    Configuration files like /etc/ssh/* and /etc/pam.d/sshd do not show any recent modification dates.
    Here's the beginning of the ssh_config man pages.
    Code:
    server:~ # man ssh_config
    SSH_CONFIG(5)               BSD File Formats Manual              SSH_CONFIG(5)
    
    
    NAME
         ssh_config - OpenSSH SSH client configuration files
    
    
    SYNOPSIS
         ~/.ssh/config
         /etc/ssh/ssh_config
    
    
    DESCRIPTION
         ssh(1) obtains configuration data from the following sources in the fol-
         lowing order:
    
    
               1.   command-line options
               2.   user's configuration file (~/.ssh/config)
               3.   system-wide configuration file (/etc/ssh/ssh_config)
    Read the full man page description to better understand how the config files are processed.

    Based on this description, I can speculate why ssh stopped working for you:
    • sshd command-line options may have changed, perhaps due to having applied a patch?
    • Do you have a /root/.ssh/config file? Settings in that file would override corresponding settings in /etc/ssh/ssh_config for user "root".
    • If you do not have a /root/.ssh/config file, perhaps it was created after your backup and therefore wasn't restored?
    • Perhaps sshd cannot access a particular config file. Have you checked for file system errors?

    As I said, this is just speculation but it should give you a few other things to consider.
    Last edited by KBOYLE; 24-Aug-2017 at 17:19.
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below this post. Thanks.

  4. #14

    Re: ssh to SLES11SP2: "Permission denied (public key)"

    I have reread this thread several times to see what I may have missed. IMO, there are two issues we are trying to resolve:
    • Determine why ssh stopped working.
    • How to get it working again.

    I have offered some suggestions for both in previous posts.

    This quote is the real brain teaser!
    Quote Originally Posted by bernbert View Post
    On my first vmware console login it said "last login: Friday 28.07.2017 13:39... from [my Windows PC]". I immediately took a screenshot from this message
    The backup I restored is from Friday 21.07.2017
    Even in the unlikely case that I have accidentally deleted a configuration file after 28.07. the backup from 21.07. cannot be affected by this.
    I believe that last statement is the key. As you point out, the backup you restored should work but doesn't. Here are a couple of other things to consider:
    • The system date is no longer Friday 21.07.2017. How might the system date affect this. The most common issue involving the date is that certificates may have expired.
    • Is it possible that your original VM had a snapshot that may have been reverted?

    I don't have an answer for you but, at this point, I'm trying to think outside the box (pun intended).

    Perhaps others may have some suggestions?
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below this post. Thanks.

  5. #15

    Re: ssh to SLES11SP2: "Permission denied (public key)"

    I made a little change in /etc/ssh/sshd_config

    from original version (19.03.2016)

    ...
    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication no
    ...


    to current version (24.08.2017)
    ...
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    ...


    After restart of sshd the login with putty and ssh from other linux clients works. Now I have at least a workaround.

    Unfortunately this explains nothing. But I can work now.

    I want to thank everybody for his contribution to this puzzling problem.

  6. #16

    Re: ssh to SLES11SP2: "Permission denied (public key)"

    Quote Originally Posted by bernbert View Post
    Now I have at least a workaround.

    Unfortunately this explains nothing. But I can work now.
    That, I assume, was your primary objective!

    This is what the man pages have to say:
    Code:
    ChallengeResponseAuthentication
           Specifies whether to use challenge-response authentication.  The argument to this keyword must be yes or no.  The default is yes.
    
    PasswordAuthentication
           Specifies whether to use password authentication.  The argument to this keyword must be yes or no.  The default is yes.
    Normally, I like to stay with default settings unless I have a good reason for changing them.
    • I have no problems accessing my SLES11 SP4 server via PuTTy.
    • I have made no changes to my /etc/ssh/sshd_config but my settings are different from yours.

    This is what I have for the settings we have discessed.

    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication no
    #PermitEmptyPasswords no

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes

    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication. Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    UsePAM yes
    From what I have been able to determine, setting either ChallengeResponseAuthentication or PasswordAuthentication to "yes" will allow you to enter a user/password to logon. Setting ChallengeResponseAuthentication to yes is what enables the keyboard-interactive authentication method. I would be a bit concerned about permitting "tunneled clear text passwords" by setting PasswordAuthentication to yes.

    While we both have a working SSHD, I am using the SLES provided defaults and you are not.
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below this post. Thanks.

  7. #17

    Re: ssh to SLES11SP2: "Permission denied (public key)"

    On 24/08/17 20:54, bernbert wrote:

    > After restart of sshd the login with putty and ssh from other linux
    > clients works. Now I have at least a workaround.


    That's good.

    > Unfortunately this explains nothing. But I can work now.


    A thought I had last night - is it possible you've recently installed an
    update to openSSH on the server?

    Given SLES11 SP2 is no longer supported by SUSE and no updates have been
    released since 2014 (unless you've got Long Term Service Pack Support -
    LTSS) it's unlikely but it could explain a configuration file and/or
    openSSH binary changing ...

    I'm still thinking this is down to something changing between it last
    working and until your workaround not. The question is what and where.

    HTH.
    --
    Simon
    SUSE Knowledge Partner

    ------------------------------------------------------------------------
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below. Thanks.
    ------------------------------------------------------------------------

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •