I just set up a new Debian server. I disabled root SSH and password auth, so you've gotta use a key file.
For my primary user, everything works exactly as expected. I used ssh-keygen -t dsa
and got myself a public and private key. Put one in authorized keys, put the other in a pem file locally.
I wanted to create a user that I can deploy things with, so I did basically the same process. I adduser
ed it, made a .ssh
folder, ran ssh-keygen -t dsa
(I also tried RSA), put the keys in their appropriate locations.
No luck. I'm getting a Permission denied (publickey)
error. When I use the exact same keys as the account that works, same error. When I enable password authentication, I can log in via SSH with the password.
How do I debug this?
EDIT
Verbose ssh output (deployer.pem is proper key):
debug2: key: /Users/eli/.ec2/deployer.pem (0x100126830) debug2: key: /Users/eli/.ec2/deployer.pem (0x100126b30) debug2: key: /Users/eli/.ec2/deployer.pem (0x0) debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /Users/eli/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Offering public key: eli.pem debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Offering public key: /Users/eli/.ec2/deployer.pem debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Offering public key: /Users/eli/.ec2/deployer.pem debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Trying private key: /Users/eli/.ec2/deployer.pem debug1: read PEM private key done: type DSA debug3: sign_and_send_pubkey debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey).
Best Answer
Two parts: first, turn up debugging on your ssh sever. Edit
/etc/ssh/sshd_config
and increase LogLevel to DEBUG. Then force your ssh server to reload it's config withkillall -HUP <sshd pid>
.That will cause the server to add much more details to your
/var/log/secure
and/or/var/log/auth
logfiles.Secondly (actually you cant try this first), increase the debug level on the client side. ssh in to the box with
and that will print out lots more info about where the process is failing.
If you do turn up the debug level on your ssh server, don't forget to turn it back down when you are finished.