Hello, I have create a local user on ubuntu machine. Added the user to root group. Make the PasswordAuthentication entry yes and then restarted the ssh service. Now when I am trying to run ssh from windows command prompt ssh @ : it is giving error PermissionDenied(Public Key)
Are you logging in as that user, or as root? It’s typically not allowed to log in as root; you’d need to log in as some other user and become root.
I am trying to login with the new local user.
Still not clear what you’re doing. How are you creating the Ubuntu machine? Is this for a lab, or if not, how are you doing this?
Hello Rob,
-
I have created a normal Ubuntu instance.
-
Logged in to the Ubuntu instance using keypair through putty.
-
Created a local user named test1.
-
Set the password for user test1.
-
Added the user test1 to root group.
-
Also commented out the line “PasswordAuthentication yes” in/etc/ssh/sshd_config file.
-
Restarted the ssh service.
-
Now I am trying to login to the same instance using local user test1 from my laptop command prompt with below ssh command
ssh test1@<public_ip_of_instance> -
However it is giving error test1@<public_ip_of_instance> : Permission Denied (Public Key).
-
I have used putty but instead of key, i gave directly test1 as login id but it is also giving error No support authentication
Let’s start from the beginning:
- I have created a normal Ubuntu instance.
What does that mean? Are you running a virtual system on your Windows box? Using virtualbox? AWS? GCP? A&W? Using something else? Depending on what you answer, it will affect, massively, how you communicate with that instance. From your (non) answer, I can’t even speculate as to how the Ubuntu system is networked to your Windows host. And I need to know this to answer much of any of the rest of your questions.
I’m not sure what putty’s options are – I tend to use openssh – so I can’t really tell you much about how to configure that. It sounds like you want to do a password-based auth via putty. Again, can’t tell you how to configure that. But it sounds like your configuration is probably wrong, and putty is using ssh key pairs anyway.
To answer your question
In AWS playground, I went to EC2 console and then launched an Ubuntu EC2 instance.
That instance, I am able to connect using putty through its keypair that I have provided while launching the instance.
Also in the security group, the port 22 is allowed for 0.0.0.0/0
Now I have created a local user test1 on the same EC2 instance.
When i am trying to do ssh through command prompt of my laptop to the EC2 instance using the local user, it is giving me error
- Since you. want to do a password-based login to to test1, have you tried doing the following from your original user on the EC2 instance:
ssh test1@localhost
? This should work and it should ask you for a password. If it does not, then there is a problem with the test1 user, and it won’t work via ssh from your laptop either. - It sounds like this is not a networking related issue, since it sounds like putty is actually getting a connection to the instance; but it does not appear to accept password authentication. Again, this sounds like it’s a server-side problem, on the EC2 instance.
What settings or file I should check for this.
We’re still in troubleshooting mode here. Did ssh test1@localhost (1) ask for a password and (2) successfully connect?
Let me check and confirm
Directly giving below error for localhost
ssh: connect to host localhost port 22: Connection refused
I have given the verbose option in ssh and it is the below output
C:\Users\SUDIPTA>ssh -vvv [email protected]
OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 18.234.221.19 is address
debug3: expanded UserKnownHostsFile ‘~/.ssh/known_hosts’ → ‘C:\Users\SUDIPTA/.ssh/known_hosts’
debug3: expanded UserKnownHostsFile ‘~/.ssh/known_hosts2’ → ‘C:\Users\SUDIPTA/.ssh/known_hosts2’
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: ssh_connect_direct: entering
debug1: Connecting to 18.234.221.19 [18.234.221.19] port 22.
debug1: Connection established.
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_rsa.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_rsa error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_rsa-cert.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_rsa-cert error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_dsa.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_dsa error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_dsa-cert.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_dsa-cert error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa-cert.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa-cert error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa_sk error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa_sk.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa_sk error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_ecdsa_sk type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa_sk-cert error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa_sk-cert.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_ecdsa_sk-cert error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_ecdsa_sk-cert type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519 error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519-cert.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519-cert error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519_sk error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519_sk.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519_sk error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_ed25519_sk type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519_sk-cert error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519_sk-cert.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_ed25519_sk-cert error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_ed25519_sk-cert type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_xmss.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_xmss error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/id_xmss-cert.pub error:2
debug3: failed to open file:C:/Users/SUDIPTA/.ssh/id_xmss-cert error:2
debug1: identity file C:\Users\SUDIPTA/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6p1 Ubuntu-3ubuntu13.3
debug1: compat_banner: match: OpenSSH_9.6p1 Ubuntu-3ubuntu13.3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 18.234.221.19:22 as ‘test1’
debug3: record_hostkey: found key type ED25519 in file C:\Users\SUDIPTA/.ssh/known_hosts:5
debug3: load_hostkeys_file: loaded 1 keys from 18.234.221.19
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/known_hosts2 error:2
debug1: load_hostkeys: fopen C:\Users\SUDIPTA/.ssh/known_hosts2: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-s,[email protected]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: compression: none
debug1: kex: client->server cipher: [email protected] MAC: compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:n+Vin+0zg0qBJQdCRU7YaZRHLBSUg08cLmnKWeyeZ1I
debug3: record_hostkey: found key type ED25519 in file C:\Users\SUDIPTA/.ssh/known_hosts:5
debug3: load_hostkeys_file: loaded 1 keys from 18.234.221.19
debug3: Failed to open file:C:/Users/SUDIPTA/.ssh/known_hosts2 error:2
debug1: load_hostkeys: fopen C:\Users\SUDIPTA/.ssh/known_hosts2: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts: No such file or directory
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: load_hostkeys: fopen PROGRAMDATA\ssh/ssh_known_hosts2: No such file or directory
debug1: Host ‘18.234.221.19’ is known and matches the ED25519 host key.
debug1: Found key in C:\Users\SUDIPTA/.ssh/known_hosts:5
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug3: unable to connect to pipe \\.\pipe\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\Users\SUDIPTA/.ssh/id_rsa
debug1: Will attempt key: C:\Users\SUDIPTA/.ssh/id_dsa
debug1: Will attempt key: C:\Users\SUDIPTA/.ssh/id_ecdsa
debug1: Will attempt key: C:\Users\SUDIPTA/.ssh/id_ecdsa_sk
debug1: Will attempt key: C:\Users\SUDIPTA/.ssh/id_ed25519
debug1: Will attempt key: C:\Users\SUDIPTA/.ssh/id_ed25519_sk
debug1: Will attempt key: C:\Users\SUDIPTA/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256>
debug1: kex_input_ext_info: [email protected] (unrecognised)
debug1: kex_input_ext_info: [email protected] (unrecognised)
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\Users\SUDIPTA/.ssh/id_rsa
debug3: no such identity: C:\Users\SUDIPTA/.ssh/id_rsa: No such file or directory
debug1: Trying private key: C:\Users\SUDIPTA/.ssh/id_dsa
debug3: no such identity: C:\Users\SUDIPTA/.ssh/id_dsa: No such file or directory
debug1: Trying private key: C:\Users\SUDIPTA/.ssh/id_ecdsa
debug3: no such identity: C:\Users\SUDIPTA/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: C:\Users\SUDIPTA/.ssh/id_ecdsa_sk
debug3: no such identity: C:\Users\SUDIPTA/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: C:\Users\SUDIPTA/.ssh/id_ed25519
debug3: no such identity: C:\Users\SUDIPTA/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: C:\Users\SUDIPTA/.ssh/id_ed25519_sk
debug3: no such identity: C:\Users\SUDIPTA/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: C:\Users\SUDIPTA/.ssh/id_xmss
debug3: no such identity: C:\Users\SUDIPTA/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
OK, the problem is on the instance and not on your Windows box. You might want to check to make sure that sshd is binding to localhost, given that error (check /etc/ssh/sshd_config I believe). ssh test1@localhost should work.
No reason to check from your Windows box if you cannot get sshd to talk to localhost In a dental exam, you should always start looking at the mouth end of the animal.
Additional things to try:
- Is user test1 capable of accepting an ssh connection? does it have:
- A valid home directory?
- A valid shell?
- Can you do “su - test1” successfully?
These are the directories inside test1 home directory:
→ root@ip-172-31-80-211:/home/test1# ls -a
. … .bash_logout .bashrc .profile
Yes I am able to do su test1:
Try su - test1
: I’m trying to see if the user is fully valid. The user NOT being valid would explain your problem. Hence the -
in su - test1
. I’m actually being pretty precise in what I’m asking you to do; you want to be as precise in doing this.
OK, now do “pwd” and “whoami”. I ask this because ssh test1@localhost should work if the account is fully valid. And it doesn’t. So something is up with the account. You might also do:
grep test1 /etc/passwd
to see what’s up. But if ssh test1@localhost doesn’t work, it’s very unlikely you can ssh to that account from your laptop.