[PLUG] Fix scp issue: Permission denied (publickey)

Louis Kowolowski louisk at cryptomonkeys.org
Fri Sep 28 19:23:56 UTC 2018 

This indicates 1 or more of:
* public key is not on the destination host, for the remote user (by default, $HOME/.ssh/authorized_keys), or is incorrect format. make sure there are no extra lines, each entry should be a single (long) line.
* permissions of $HOME/.ssh or $HOME/.ssh/authorized_keys are incorrect (700 and 600 are good choices)
* ownership of $HOME/.ssh or $HOME/.ssh/authorized_keys are incorrect (should be owned by the user of $HOME)

If all of these have been verified, and there are no clues in the logs of the remote host, you can run sshd on the remote host in debug mode to get more information. Be careful with this. It will accept a single connection and then terminate (this is documented and expected behavior).


> On Sep 28, 2018, at 1:43 PM, Rich Shepard <rshepard at appl-ecosys.com> wrote:
> 
>  Trying to cp a directory from one desktop to the other using scp fails
> with a public key error. The debug1 output is not making the source of the
> failure obvious to me; I hope it does to the sysadmins here.
> 
>  I set the same passphrase on both hosts. Each host's id_ed25519.pub was
> added to the other host's /etc/.ssh/known_hosts file. Neither host has the
> other's key in ~/.ssh/authorized_keys; I thought these were added by
> open-ssh when a connection was established.
> 
>  This is the full output of the scp command entered on the destination host:
> 
> $ scp -v salmo:/opt/* /opt/
> Executing: program /usr/bin/ssh host salmo, user (unspecified), command scp -v -f /opt/*
> OpenSSH_7.2p2, OpenSSL 1.0.2h  3 May 2016
> debug1: Reading configuration data /home/rshepard/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to salmo [192.168.55.1] port <port>.
> debug1: Connection established.
> debug1: identity file /home/rshepard/.ssh/id_ed25519 type 4
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/rshepard/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2
> debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
> debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
> debug1: Authenticating to salmo:<port> as 'rshepard'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: curve25519-sha256 at libssh.org
> debug1: kex: host key algorithm: ssh-ed25519
> debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
> debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com
> MAC: <implicit> compression: none
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ssh-ed25519 SHA256:9T1sRfIPmzJvODsTIOexYiBawQAJp6fN9GS1S9zGewg
> debug1: checking without port identifier
> The authenticity of host '[salmo]:<port> ([192.168.55.1]:<port>)' can't be established.
> ED25519 key fingerprint is SHA256:9T1sRfIPmzJvODsTIOexYiBawQAJp6fN9GS1S9zGewg.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '[salmo]:<port>,[192.168.55.1]:<port>' (ED25519) to the list of known hosts.
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering ED25519 public key: /home/rshepard/.ssh/id_ed25519
> debug1: Authentications that can continue: publickey
> debug1: No more authentication methods to try.
> Permission denied (publickey).
> 
> Regards,
> 
> Rich
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

--
Louis Kowolowski                                louisk at cryptomonkeys.org
Cryptomonkeys:                                   http://www.cryptomonkeys.com/

Making life more interesting for people since 1977

More information about the PLUG mailing list