Being Prompted for Password After Already Registered Public Key On server

Question

NOTE: This is not a duplicate to the popular question. Why am I still getting a password prompt with ssh with public key authentication?

I had an original post but I did not get much answers helping me. I will try and explain my 3 day problem in thorough detail.

How I added the id_rsa.pub ssh key into my Ubuntu server:

What I did was I created it through my normal windows 10 computer through a git scm terminal (can be found here https://git-for-windows.github.io/). I had to use git because a normal cmd prompt in windows 10 would not work. I generated it through ssh-keygen which generated 2 keys for me, one id_rsa and one id_rsa.pub.

After that I went on my putty terminal, logged into my remote server and created a .ssh directory in my /home/superjohnny folder (my sudo user) and I made a folder within the .ssh folder called authorized_keys. I copied and pasted my id_rsa.pub key into the authorized_keys folder and then later added 600 permissions on it by doing chmod 600 .ssh/authorized_keys.

Once I did that I went into my /etc/ssh/sshd_config and added the following into my config settings:

    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile %h/.ssh/authorized_keys

All these lines are also uncommented. I then did sudo service ssh restart and then I still get a password prompt when trying to log in. This has been going on for a week

The methods I have tried: I have used both threads that were discussed above to try and get an answer and I have also used my google search extensively. Here are the methods that I have used.

1. Putting the key on one line I have tried using in the git scm terminal on my computer the following command:

    cat ~/.ssh/id_rsa.pub | awk '{print}' ORS=' '

The command above supposedly doesn't do anything because the key was already on one line when I copied it, it's just that the terminal couldn't fit the key. Here is the thread I have used to find that command. https://stackoverflow.com/questions/36818651/how-to-display-output-on-single-line

Using the wc command: Using this command:

wc ~/.ssh/authorized_keys

I have gotten an output of:

  1   3 398 /home/superjohnny/.ssh/authorized_keys

Checking if my home directory is encrypted: I have used the following command:
```
ls -A /home/superjohnny
```
and I have gotten an output of:
```
.bash_history  .bash_logout  .bashrc  .cache  .profile  .ssh  .viminfo
```
There was no .encrypted folder to be found.
Going on debugging mode to check for extra information: While on a session I did the following command:
```
ssh -v superjohnny@myip
```

and got this as a result:

    debug1: Found key in /home/superjohnny/.ssh/known_hosts:1
    debug1: ssh_ecdsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/superjohnny/.ssh/id_rsa
    debug1: Trying private key: /home/superjohnny/.ssh/id_dsa
    debug1: Trying private key: /home/superjohnny/.ssh/id_ecdsa
    debug1: Trying private key: /home/superjohnny/.ssh/id_ed25519
    debug1: Next authentication method: password

This must be a hint to something but looking through the web for awhile I couldn't find much about this problem, only found a thread about it here: https://askubuntu.com/questions/54670/passwordless-ssh-not-working And this thead just tells me to recreate the key file which I have done numerous times

Using grep command: Using the following command:
```
grep -v '^[[:space:]]*$' ~/.ssh/authorized_keys | wc -l
```
I get a output of:
```
1
```

Checking logs messages: Using the following command:

sudo vi /var/log/auth.log

I have received a lot of errors all on the same day, the same exact error but I will only post a bit of it:

 Apr 25 04:14:01 ramnode CRON[977]: pam_unix(cron:session): session    closed for user root
Apr 25 04:54:01 ramnode CRON[1076]: pam_env(cron:session): Unable to open env file: /etc/default/locale: No such file or directory

I have not received any other messages in any other days other than April 25th.

Going on debugging mode with sshd:

Doing

    /usr/sbin/sshd -d

gives me an output of:

    debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
    debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
    Could not load host key: /etc/ssh/ssh_host_rsa_key
    debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied
    Could not load host key: /etc/ssh/ssh_host_dsa_key
    debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied
    Could not load host key: /etc/ssh/ssh_host_ecdsa_key
    debug1: could not open key file '/etc/ssh/ssh_host_ed25519_key': Permission denied
    Could not load host key: /etc/ssh/ssh_host_ed25519_key
    debug1: setgroups() failed: Operation not permitted
    debug1: rexec_argv[0]='/usr/sbin/sshd'
    debug1: rexec_argv[1]='-d'

However adding sudo in front of the command likeso:

    sudo /usr/sbin/sshd -d

gives me an output of:

    debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
    debug1: key_parse_private2: missing begin marker
    debug1: read PEM private key done: type RSA
    debug1: private host key: #0 type 1 RSA
    debug1: key_parse_private2: missing begin marker
    debug1: read PEM private key done: type DSA
    debug1: private host key: #1 type 2 DSA
    debug1: key_parse_private2: missing begin marker
    debug1: read PEM private key done: type ECDSA
    debug1: private host key: #2 type 3 ECDSA
    debug1: private host key: #3 type 4 ED25519
    debug1: rexec_argv[0]='/usr/sbin/sshd'
    debug1: rexec_argv[1]='-d'
    Set /proc/self/oom_score_adj from -800 to -1000

Trying to see if home directory permissions had to be smaller: I tried to change the home directory permissions because I thought that the permissions might not allowed for the .ssh directory to work. I used the following command:
```
chmod 755 ~/
```
but that did nothing at all when I restarted my terminal with sudo service ssh restart and then when I logged back into another terminal it still prompted me with a password.
Trying to disable Password I have tried to disable the password and not logging out of my secession so I can change it if it doesn't work. I did this by going into the
```
/etc/ssh/sshd_config 
```
but when I went on to a new terminal screen I get the following error:
```
Disconnected: No supported authentication methods avaliable(server sent: publickey
```

The /var/log/auth.log messages that I had when trying to log in with password disabled so the system would try and use ssh keys was this:

    May  1 09:02:00 ramnode sshd[16905]: error: Received disconnect from 64.121.77.168: 14: No supported authentication methods available [preauth]
    May  1 09:02:13 ramnode sudo: superjohnny : TTY=pts/1 ; PWD=/home/superjohnny ; USER=root ; COMMAND=/usr/bin/vi /var/log/auth.log
    May  1 09:02:13 ramnode sudo: pam_unix(sudo:session): session opened for user root by superjohnny(uid=0)

THERE IS NO REASON TO SHOUT. We have **bold** and *italics* for emphasis. — Anthon, Apr 24 '16 at 14:43
It is still most likely that your `.authorizedkeys` file is not correct. Don't you have the command `ssh-copy-id` on your client (windows) box to copy the id? Have you logged into the server (with password) and ran `wc ~/.ssh/authorized_keys` (output should be 1)? — Anthon, Apr 24 '16 at 14:48
And if you don't have `ssh-copy-id`, you can use `scp id_rsa.pub user@server:~/.ssh/authorized_keys` (assuming you don't already have other public ids in there) — Anthon, Apr 24 '16 at 14:52
Ok, I will delete my authorized key file and try again with your method — questions, Apr 24 '16 at 14:57
You have at least wrong permissions on `.ssh/authorized_keys` **file** and `.ssh` folder. It should be `0600` and `0700` respectively. Also checking the verbose log of server, will give you the hint what is wrong. — Jakuje, Apr 24 '16 at 14:58
@JohnnyInno1 No 700 on `.ssh` (as that is a directory) and 600 on the `authorized_keys` file in that directory — Anthon, Apr 24 '16 at 15:06
Ok, it I've added those permissions and it still doesn't work, I have also tried your method @Anthon but it says it doesn't exist even though I literally have the files... the output error is in my post sorry. — questions, Apr 24 '16 at 15:12
That the copy doesn't work is because you missed the `~` which indicates your home directory. The output from `wc` looks ok though (one line, three words). You can try to look at `/var/log/messages` on the server to see if it says something useful. Or start `ssh -v superjohnny@myip` for extra debugging — Anthon, Apr 24 '16 at 15:23
After my debugging I realized that "supposebly" every line in my etc/ssh/ssh_config has an error.. how do I fix this? — questions, Apr 24 '16 at 17:39
Looks like your /etc/ssh/ssh_config was overwritten with something else. Can you show its contents (the first 10 lines)? — ott--, Apr 24 '16 at 18:03
You are correct that your question is not a duplicate. You are wrong about the reason. A dupe is still a dupe if the underlying problem is the same, even if the Linux distro is different and even if the older question is for FreeBSD or OS X or AIX or Solaris or some other non-Linux unix. In other words, the fact that you're on Ubuntu and the other question is on Centos doesn't automatically prevent your question from being a duplicate. — cas, Apr 25 '16 at 02:12
Ok I have changed that, I also don't have errors now but when going on degugging mode my server just skips the passwords... — questions, Apr 25 '16 at 19:54
you really need to be a lot clearer about what you are trying to do and what your problem is. what is this `git bash` you keep talking about? sounds like nonsensical misunderstanding to me. what are you actually trying to do? ssh from a windows box using putty to an ubuntu box? ssh from the ubuntu box to somewhere else? what exactly does `created a file which was pretty much id_rsa.pub by using the touch command` mean? `touch` can't create key files, that's a job for `ssh-keygen` (on ubuntu) or `puttgen` (on windows). and forget that nonsense about using awk or anything to {cont} — cas, Apr 25 '16 at 23:21
{cont} put it all on one line - it **is** already on one line, it just takes a lot more more than one 80-column terminal line to display. As for your claim that `There is literally nothing i am doing wrong`, you are absolutely wrong about that. — cas, Apr 25 '16 at 23:24
Alright, I have changed it, sorry for the lack of knowledge in linux. — questions, Apr 26 '16 at 00:57
you mentioned changing `/etc/ssh/sshd_config` so i guess that means you have root access on the ubuntu server. if so, a) did you restart `sshd` after changing its config? and b) what does `/var/log/auth.log` show when you try to log in? BTW, given your description of how you created `~/.ssh/authorized_keys` it is possible you messed it up somehow - try `grep -v '^[[:space:]]*$' ~/.ssh/authorized_keys | wc -l`. That will count the number of non-empty lines in the file, which should equal the number of keys - so if you've only ever added one key to it, the result should be `1`. — cas, Apr 26 '16 at 08:12
Using sudo service ssh restart doesn't appear to do anything, when I do ~var/log/auth.log it says permission denied. Typing in the command `grep -v '^[[:space:]]*$' ~/.ssh/authorized_keys | wc -l` gives me a result of 1. — questions, Apr 26 '16 at 18:58
I've literally been just rechecking everything from my sshd config to and doing grep over and over again, I have also checked my var log, it just says that this: `Apr 25 04:54:01 ramnode CRON[1076]: pam_env(cron:session): Unable to open env file: /etc/default/locale: No such file or directory`. I have done literally everything, I have looked everywhere for the answer and I find that they jsut give the same answers, no one has really had an ssh key problem as serious as mine... — questions, Apr 30 '16 at 01:55
I have tried @Anthon's method again, the wc command now gives me another output that is in my post. — questions, Apr 30 '16 at 02:01
Have you tried putting the remote sshd into debug mode ? It may have a reason for denying the key auth. — Jeff Schaller, Apr 30 '16 at 14:43
What do you mean by "do ~var/log/auth.log"? `/var/log/auth.log` is a log file that you are supposed to look in, with e.g. `sudo less /var/log/auth.log`. — Henrik supports the community, Apr 30 '16 at 15:38
@Henrik Sorry for not being so specific, I meant I used a text editor to look at it using `sudo vi /var/log/auth.log`. — questions, Apr 30 '16 at 17:00
@JeffSchaller, My outputs for ssh debug mode are in the post, I don't really know how would I specifically debug sshd. If you have the command for it that would be nice. — questions, Apr 30 '16 at 17:15
Did you not read through http://unix.stackexchange.com/q/36540/117549 ? — Jeff Schaller, Apr 30 '16 at 17:23
You're saying you get "permission denied" when using `sudo vi`? Is there SELinux or some other (please tell us which, if there is) additional security features enabled on the server? — Henrik supports the community, Apr 30 '16 at 17:27
@Henrick that was before when I did `~var/log/auth.log`, the actual syntax of it is `var/log/auth.log` which I was not doing. If you read the thread you can see the output of what I get when using `sudo vi var/log/auth.log'.There is no other secutrity feature on my server unless you count disabling root login as one in my sshd_config — questions, Apr 30 '16 at 18:33
@JeffSchaller, I read part of it and I found out an error message in it, it method 6 in the post — questions, Apr 30 '16 at 18:38
@JeffSchaller I dug about it more and I found out the reason it was saying permission denied for all the keys was because I was not putting sudo in front of the command so now I use it like this `sudo /usr/sbin/sshd`. — questions, Apr 30 '16 at 18:42
The point of debug sshd was to gather the logs when you try to log in with a key. What happened? — Jeff Schaller, Apr 30 '16 at 21:14
I still don't see any sshd logs from your key-based authentication attempt. — Jeff Schaller, Apr 30 '16 at 23:46
I'm sorry, isn't doing `/usr/sbin/sshd -d` going into debugging mode on sshd? All my logs that I have are above on method 7 from debugging mode on sshd, sorry if I am not getting what you are saying. — questions, May 01 '16 at 01:20
I have tried to force my server to use key based authentication by disabling passwords in my `/etc/ssh/sshd_config`, is this what you were asking Jeff? The following error message I got from it is in the above post. — questions, May 01 '16 at 01:32
Your sshd output is only of sshd's startup; what does sshd say when you then try to log in? — Jeff Schaller, May 01 '16 at 11:42
I think I get what your saying, I posted a `/var/log/auth.log` message with password disabled to see if it would say anything about ssh keys, I updated method 8 with the var logs of trying to go in by "forcing" it to use ssh keys — questions, May 01 '16 at 13:03
Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/39146/discussion-between-johnnyinno1-and-jeff-schaller). — questions, May 01 '16 at 13:11

score 1 · Accepted Answer · answered May 01 '16 at 14:27

I found the answer with the help of a very good friend who was very patient with my problem. The problem was that the putty client was not set up to accept my key, I had the authorized key files and all the permissions right it's just that this one little problem was not noticed until now.

In my putty client I did not put in a private key into my secession and I originally had thought that the remote server would just look into my files and check to see if the key was there. I was wrong and my friend had told me that this would be a huge security risk and said that the private key had to be put into putty likeso:

Thank you guys for also helping too, I learned a lot along the way with this problem.

Being Prompted for Password After Already Registered Public Key On server

1 Answers1