I am going to try and summarize this as best I can and in as most detail as I can. I deployed my first Django site to a Ubuntu (23.04) server on Linode last night after following this Corey Schafer Python Django tutorial. Everything went well and I setup SSH as the tutorial goes over in the video about 23-25 minutes in without issue. I verified everything was working at one point. I exited the server and verified I could get back in via SSH without any issue. Continuing along I spent another hour or two and configured a bunch of other things and made sure the site was up before going to bed and exiting the server. Today I go back to connect to the server and I am met with a message Permission denied (publickey).
Knowing I added a firewall after all of this I thought great I probably locked myself out of ssh connections or something. However, after some googling I ran across this modifier ssh -vT user@IP and quickly saw that indeed it does seem to be trying to connect over ssh and a connection is made, but it is just failing for reasons which I do not fully understand.
I next tried logging in as the root user via Linodes Weblish and successfully was able to get in and tried to verify a couple of things.
• First I verified that there is a folder at the location /home/user/.ssh that contains a file with the key in it.
• Second I verified the permissions by going back through the video walk through for the ~/.ssh/ folder and the contents and ran the following two commands again. sudo chmod 700 ~/.ssh/ and sudo chmod 600 ~/.ssh/*
The result is the follow for the ssh folder in my home directory.
lewpiper@django-server:~$ la -la
total 40
drwxrwxrwx 6 lewpiper lewpiper 4096 Jun 14 06:37 .
drwxr-xr-x 3 root root 4096 Jun 14 05:22 ..
-rw------- 1 lewpiper lewpiper 100 Jun 14 05:34 .bash_history
-rw-r--r-- 1 lewpiper lewpiper 220 Jun 14 05:22 .bash_logout
-rw-r--r-- 1 lewpiper lewpiper 3771 Jun 14 05:22 .bashrc
drwx------ 4 lewpiper lewpiper 4096 Jun 14 06:09 .cache
drwxrwxr-x 3 lewpiper lewpiper 4096 Jun 14 06:37 .local
drwxr-xr-x 8 lewpiper www-data 4096 Jun 14 06:36 Portfolio
-rw-r--r-- 1 lewpiper lewpiper 807 Jun 14 05:22 .profile
drwx------ 2 lewpiper lewpiper 4096 Jun 15 06:03 .ssh
-rw-r--r-- 1 lewpiper lewpiper 0 Jun 14 05:33 .sudo_as_admin_successful
The following is the permissions for the file inside the ssh folder in the home directory.
lewpiper@django-server:~/.ssh$ ls -la
total 12
drwx------ 2 lewpiper lewpiper 4096 Jun 15 06:03 .
drwxrwxrwx 6 lewpiper lewpiper 4096 Jun 14 06:37 ..
-rw------- 1 lewpiper lewpiper 749 Jun 14 05:32 authorized_keys
• Third I setup a firewall on the server and the current connection types allowed are as follows.
lewpiper@django-server:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
• Finally I went to the /etc/ssh/sshd_config file and for now enabled PasswordAuthentication again until I can get to the bottom of the ssh issue. So for now I can login without having to use the weblish Linode offers. However after doing this I tried to restart the ssh service on the server using the following command sudo systemctl restart sshd as the tutorial says you should do when editing this file. Instead got an error Failed to restart sshd.service: Unit sshd.service not found. I recall getting this message last night as well when I was doing the setup for the server and a quick google search turned up that the naming for the service changed and so I tried sudo systemctl restart ssh and that seemed to do the trick last night but I wonder if I was incorrect in this.
Below is the sshd_config file as I have it now, but note I did change the password authentication to yes so that I could login without having to use the rsa key generated which is my issue.
LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Questions:
So my question from here is two part. One did I miss anything that I could do to better troubleshoot why this is happening or I could try? Two if there is no other recommended troubleshooting should I just try and delete my authorized_keys file on the server and secure copy it to the server? Note I am not even positive if that would work because I am not convinced that is even the issue. My hunch is there might be something I am missing or there is more to the Failed to restart sshd.service: Unit sshd.service not found. messaging I mentioned earlier. Also is there any thought to just rebooting the server? Sounds odd but maybe something like the firewall or something gets reloaded and everything is happy then.
