Score:0

Server

Ssh login error - Permission denied (publickey,password)

rita1989

11/5/23, 6:31 PM

i just had configured a debian server and installed aapanel on it. I also changed the default port to 50001 instead of 22.

now i tried to login with ssh -p 50001 [email protected] and got this error

Permission denied (publickey,password)

here is some debug info

OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to 95.xxx.xxx.xxx [95.xxx.xxx.xxx] port 50001.
debug1: Connection established.
debug1: identity file /Users/ritaromano/.ssh/id_rsa type -1
debug1: identity file /Users/ritaromano/.ssh/id_rsa-cert type -1
debug1: identity file /Users/ritaromano/.ssh/id_dsa type -1
debug1: identity file /Users/ritaromano/.ssh/id_dsa-cert type -1
debug1: identity file /Users/ritaromano/.ssh/id_ecdsa type -1
debug1: identity file /Users/ritaromano/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/ritaromano/.ssh/id_ed25519 type -1
debug1: identity file /Users/ritaromano/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/ritaromano/.ssh/id_xmss type -1
debug1: identity file /Users/ritaromano/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 95.xxx.xxx.xxx:50001 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:mvVcRh/4Nh7J6yw0fpMFm8Las+26KMPc8liDsxeVn8Y
debug1: Host '[95.xxx.xxx.xxx]:50001' is known and matches the ECDSA host key.
debug1: Found key in /Users/ritaromano/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/ritaromano/.ssh/id_rsa
debug1: Will attempt key: /Users/ritaromano/.ssh/id_dsa
debug1: Will attempt key: /Users/ritaromano/.ssh/id_ecdsa
debug1: Will attempt key: /Users/ritaromano/.ssh/id_ed25519
debug1: Will attempt key: /Users/ritaromano/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/ritaromano/.ssh/id_rsa
debug1: Trying private key: /Users/ritaromano/.ssh/id_dsa
debug1: Trying private key: /Users/ritaromano/.ssh/id_ecdsa
debug1: Trying private key: /Users/ritaromano/.ssh/id_ed25519
debug1: Trying private key: /Users/ritaromano/.ssh/id_xmss
debug1: Next authentication method: password

how can i fix?

i already went to /etc/ssh/sshd_config, enabled PasswordAuthentication and set to yes, enabled ChallengeResponseAuthentication and set to no.

then restarted ssh with

sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd

i'm on oS bigsur

3250

1 + 3

ssh

public-key

olivierg

11/5/23, 7:31 PM

try setting PermitRootLogin to yes

rita1989

11/5/23, 8:05 PM

tried, but still same error :(

diya

11/8/23, 4:54 PM

As a server admin you don't need to rely on client-side debug messages alone, you can and really should also look at what gets logged on the server. - Additionally the **`sudo launchctl`** commands looks to me like you're ***restarting the sshd on an Apple Mac*** and not the ssh daemon running on your Debian server. What is that supposed to achieve?

Score:0

Server

Cipher808

11/8/23, 1:57 PM

Generate a keys pair on the client:

ssh-keygen -t rsa

(You can prompt a passphrase for the key or leave it blank)

copy the local file

~/.ssh/id_rsa.pub

to the remote server folder

~/./ (or simply ~ of root user, [Note: /root/ folder])

on the remote server logged in as root:

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

(I think you can't access via ssh So you need any way to do this like vnc or rescue mode and chroot or maybe you can add the key file content to root authorized_keys file via web dashboard of your provider adding the public key file content via web form to access with your key )

then login from local ssh as root

ssh -p 50001 [email protected]

If it doesn't work post here your /etc/ssh/sshd_config file content from the remote server and detail more about your login trials process and other possible relevant information or completely remove openssh-server and reinstall it again

Note: Sometimes copy pasting passwords in console flush trash to the buffer so verify that the password is typed right key per key

+ 7

rita1989

11/8/23, 8:39 PM

the problem is i can't access the server cause i always get that error when logging in. VNC gives me error too cause when i try to login i get UFW messages flooding and block my login... any other option to log and copy that file?

Cipher808

11/8/23, 11:31 PM

It depends on the possibilities you have... One possibility is to fix the firewall blocking issue, but I'm not sure why is blocking you but it could be one option if you could access trough VNC

Cipher808

11/8/23, 11:31 PM

Another option is to upload the key via provider dashboard, normally provider offer you one way to pass the ssh public keys directly to /root/authorized_keys file content. Another option may be to restart the server in rescue mode with a temporal root password and ssh access for rescue shell and once logged in via ssh with that temporal mode and ssh context you could make chroot after mount the partition in a folder (i.e /mnt) and "cat" the .pub file content >> to the root authorized_keys file.

Cipher808

11/8/23, 11:32 PM

If you are sure that the password is wich are you trying and you can't change it via provider dashboard may be you should to reinstall all (better if you have backup to restore) or open a ticket with your provider about the ufw/vnc issue or ssh password access. Note: If you can reboot in rescue mode and chroot you can first simply try to change the root password to one new and try with it without pubkey. In addition other possibilities could be possible if there is any setting that could be fixed in sshd_config file causing the issue or in the pam.d module settings

Cipher808

11/8/23, 11:32 PM

What provider do you have and/or wich kind of dashboard is using?

Cipher808

11/8/23, 11:42 PM

Have you tried to log in with a sudoer user (or not sudoer) and then if you can make sudo su to login as root?

Cipher808

11/8/23, 11:54 PM

You can look for web console access in your provider dashboard too if is there... or open ticket or reinstall. As diya said the PermitRootLogin=yes like the PasswordAuthentication=yes should be enabled in server side and after that reboot or restart the service. You could try to reboot the server if you didn't from the provider dashboard and try to login again too, is another option before reinstall. Good luck! :/

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Ssh login error - Permission denied (publickey,password)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.