Score:0

Ubuntu

Reinstall SSH then cannot login root account

Hai Tien

7/21/24, 2:44 PM

I'm using Vultr VPS to create ubuntu server but after installing Install SSH Key I cannot login by ssh anymore. It shows : Permission denied, please try again.

The password key is total correct.

I'm using MacOS. I created id_rsa.pub and copied key to Vultr reinstall ssh. I have used id_rsa.pub key for bitbucket service also.

So which is the reason I cannot login with root by using ssh anymore?

Thank you so much.

I update ssh log

ssh -v root@149.28.145.90
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 149.28.145.90 [149.28.145.90] port 22.
debug1: Connection established.
debug1: identity file /Users/macOS/.ssh/id_rsa type 0
debug1: identity file /Users/macOS/.ssh/id_rsa-cert type -1
debug1: identity file /Users/macOS/.ssh/id_ecdsa type -1
debug1: identity file /Users/macOS/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/macOS/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/macOS/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/macOS/.ssh/id_ed25519 type -1
debug1: identity file /Users/macOS/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/macOS/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/macOS/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/macOS/.ssh/id_xmss type -1
debug1: identity file /Users/macOS/.ssh/id_xmss-cert type -1
debug1: identity file /Users/macOS/.ssh/id_dsa type -1
debug1: identity file /Users/macOS/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.7
debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 149.28.145.90:22 as 'root'
debug1: load_hostkeys: fopen /Users/macOS/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:/xz7YYBmz0xghGR0TZEwSmr6z9kwBk1T15YwBeRaSv4
debug1: load_hostkeys: fopen /Users/macOS/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '149.28.145.90' is known and matches the ED25519 host key.
debug1: Found key in /Users/macOS/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /Users/macOS/.ssh/id_rsa RSA SHA256:+o1B9zpeliVSvqKYfstJb2WRGW55345340z6rXUSEvWnn0fX1+G0
debug1: Will attempt key: /Users/macOS/.ssh/id_ecdsa 
debug1: Will attempt key: /Users/macOS/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /Users/macOS/.ssh/id_ed25519 
debug1: Will attempt key: /Users/macOS/.ssh/id_ed25519_sk 
debug1: Will attempt key: /Users/macOS/.ssh/id_xmss 
debug1: Will attempt key: /Users/macOS/.ssh/id_dsa 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/macOS/.ssh/id_rsa RSA SHA256:+o1B9zpeliVSvqKYtJb25445WRGW0z6344rXUSEvWnn0fX1+G0
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/macOS/.ssh/id_ecdsa
debug1: Trying private key: /Users/macOS/.ssh/id_ecdsa_sk
debug1: Trying private key: /Users/macOS/.ssh/id_ed25519
debug1: Trying private key: /Users/macOS/.ssh/id_ed25519_sk
debug1: Trying private key: /Users/macOS/.ssh/id_xmss
debug1: Trying private key: /Users/macOS/.ssh/id_dsa

Here is ssh config

PermitRootLogin yes
Include /etc/ssh/sshd_config.d/*.conf
PubkeyAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp internal-sftp
AllowGroups admin

1 + 15

ssh

20.04

Luuk

7/21/24, 2:55 PM

see: [PermitRootLogin](https://askubuntu.com/a/980018/274445)

Hai Tien

7/21/24, 3:04 PM

@Luuk thanks but I changed but no luck

Luuk

7/21/24, 3:09 PM

Please add the logging that is show when doing `ssh -v root@yourSSHhost`

Hai Tien

7/21/24, 3:32 PM

@Luuk I updated log above. thannk you for checking

Hai Tien

7/21/24, 3:34 PM

@Luuk: debug1: Authentications that can continue: publickey,password. I used both ssh key password and root password but it has same result

Luuk

7/21/24, 3:45 PM

Did you restart the service after changing the config?

Hai Tien

7/21/24, 3:48 PM

@Luuk yes. I alread restart server. I'm contacting to Vultr staff for the helps.

steeldriver

7/21/24, 4:18 PM

Where did you copy the id_rsa.pub key *to*? It would need to be appended to the `authorized_keys` file of the target user (in this case, `root`) which is usually `/root/.ssh/authorized_keys` (but might be elsewhere, depending on the server's `sshd_config`)

Luuk

7/22/24, 7:53 AM

When more help is needed you config might be helpful, Please add the output of: `grep -v '^#' /etc/ssh/sshd_config | grep .`

Hai Tien

7/22/24, 8:39 AM

@steeldriver yes. I checked and it was appended to the `authorized_keys`

Hai Tien

7/22/24, 8:43 AM

@Luuk I updated ssh config. can you take a look. thanks

Luuk

7/22/24, 9:13 AM

Because of the `Include` line the contents of `/etc/ssh/sshd_config.d/*.conf` would also be needed, so can you change that to the output of: `grep -rv '^#' ssh_config sshd_config.d/*.conf | grep -v ':$'`

Hai Tien

7/22/24, 9:59 AM

@Luuk thank you but I checked it is just empty file.

Luuk

7/22/24, 12:11 PM

I compared your config with mine. The only thing I can think of is that `root` is not a member of the group `admin`.

Hai Tien

7/22/24, 4:01 PM

@Luuk wow you are right. AllowGroups admin will prevent root login. thank you so much. Problem is solved.

Score:1

Ubuntu

Luuk

7/21/24, 4:10 PM

After Offering you should see the following, unless the key is wrong/old/invalid:

...
debug1: Offering public key: C:\\Users\\Luuk/.ssh/id_rsa RSA SHA256:4vcibbzSvFvASY6Yc**obscured**704
debug1: Server accepts key: C:\\Users\\Luuk/.ssh/id_rsa RSA SHA256:4vcibbzSvFvASY6Yc**obscured**704
debug1: Authentication succeeded (publickey).
...

+ 1

Hai Tien

7/22/24, 6:07 AM

thank you. actually I'm still unable to find out the reason of this issue.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Reinstall SSH then cannot login root account

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.