ssh access sshKey/password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi.

I know.. list is really only for fedora!  But I was hoping I might
find someone who could point me in a direction to figure out what's
going on.

This is a digitalocean/ubuntu issue for setting up/testing SSH access.

Since this is a test, I'm more than willing to grant root access to
figure this out. I've created snapshots to recreate the
droplet/instance.

thanks
======


I have a test digitalocean droplet. It was setup for ssh access.

It more or less works. I have a few test users that I can ssh into
with no issue. I also created a test user with no ssh key, to test ssh
with password.

ssh testu@1.2.3.4
 generates the "password" prompt to login, as expected.

I've tested this with a copy of "centos", as well as another ubuntu
20.04 system.

Both tests seem to work as expected.


I decided to do a copy of the initial DO droplet -- 161.35.5.174 and
to create another copy of this with the same dir/files/processes.

steps:
turn off "161.35.5.174"
Create a "snapshot" of the "161.35.5.174"
Use the "snapshot" to create another droplet with a diff IP. "161.35.5.x"

turn on 161.35.5.174
and use 161.35.5.x
so I now should have 2 valid droplets, with SSH access...


Now, at this point, I thought/assumed/hoped the user could simply
access the new droplet via SSH the same as the initial droplet.

I was sadly mistaken!

Or I have a subtle/massive user err.

my test users
root
sroot
crawl_user
*testu

Each of these have ssh keys/dirs on/in the droplets (except fo testu,
which is a simple user acct)

When I'm on the test centos, and I ssh into the 161.35.5.174, everything works..
 ssh -v sroot@161.35.5.174 works as expected...

So, it appears the "161.35.5.174" initial droplet works as expected,
which implies the "ssh" server/daemon is working, and that the
/etc/ssh/sshd_config is configured/set

The idea is to allow for "root" access -- for the test

My goal for the overall test, is to allow
 ssh access into the 161.35.5.174 droplet
   via sshKey, as well as password.

 and to do the same for the copied/created droplet

 *******
 THIS ISN'T WORKING!!!!!!!
 when I'm on the centos and I test
 ssh -vvv sroot@165.227.198.59
     to allow sshKey, as well as "password" access via ssh

the results are:
sroot@ubuntu-s-1vcpu-2gb-nyc1-01:~$ ssh -vvv testu@165.227.198.59
OpenSSH_9.3p1 Ubuntu-1ubuntu3, OpenSSL 3.0.10 1 Aug 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include
/etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 165.227.198.59 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' ->
'/home/sroot/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' ->
'/home/sroot/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 165.227.198.59 [165.227.198.59] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/sroot/.ssh/id_rsa type -1
debug1: identity file /home/sroot/.ssh/id_rsa-cert type -1
debug1: identity file /home/sroot/.ssh/id_ecdsa type -1
debug1: identity file /home/sroot/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/sroot/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/sroot/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/sroot/.ssh/id_ed25519 type -1
debug1: identity file /home/sroot/.ssh/id_ed25519-cert type -1
debug1: identity file /home/sroot/.ssh/id_ed25519_sk type -1
debug1: identity file /home/sroot/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/sroot/.ssh/id_xmss type -1
debug1: identity file /home/sroot/.ssh/id_xmss-cert type -1
debug1: identity file /home/sroot/.ssh/id_dsa type -1
debug1: identity file /home/sroot/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.3p1 Ubuntu-1ubuntu3
debug1: Remote protocol version 2.0, remote software version
OpenSSH_9.3p1 Ubuntu-1ubuntu3
debug1: compat_banner: match: OpenSSH_9.3p1 Ubuntu-1ubuntu3 pat
OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 165.227.198.59:22 as 'testu'
debug3: record_hostkey: found key type ED25519 in file
/home/sroot/.ssh/known_hosts:2
debug3: load_hostkeys_file: loaded 1 keys from 165.227.198.59
debug1: load_hostkeys: fopen /home/sroot/.ssh/known_hosts2: No such
file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file
or directory
debug3: order_hostkeyalgs: have matching best-preference key type
ssh-ed25519-cert-v01@xxxxxxxxxxx, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms:
sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms:
ssh-ed25519-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,sk-ssh-ed25519-cert-v01@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-cert-v01@xxxxxxxxxxx,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos:
chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx
debug2: ciphers stoc:
chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx
debug2: MACs ctos:
umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc:
umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@xxxxxxxxxxx,zlib
debug2: compression stoc: none,zlib@xxxxxxxxxxx,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms:
sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms:
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos:
chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx
debug2: ciphers stoc:
chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx
debug2: MACs ctos:
umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc:
umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@xxxxxxxxxxx
debug2: compression stoc: none,zlib@xxxxxxxxxxx
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: sntrup761x25519-sha512@xxxxxxxxxxx
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC:
<implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519
SHA256:FSbkPEpUcP9WKaF8Wqzdq1HoBy9UB5Lg3G2KdvJNIiM
debug3: record_hostkey: found key type ED25519 in file
/home/sroot/.ssh/known_hosts:2
debug3: load_hostkeys_file: loaded 1 keys from 165.227.198.59
debug1: load_hostkeys: fopen /home/sroot/.ssh/known_hosts2: No such
file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file
or directory
debug1: Host '165.227.198.59' is known and matches the ED25519 host key.
debug1: Found key in /home/sroot/.ssh/known_hosts:2
debug3: send packet: type 21
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug3: ssh_get_authentication_socket_path: path
'/tmp/ssh-0pg5Dmeqog/agent.41138'
debug2: get_agent_identities: ssh_agent_bind_hostkey: communication
with agent failed
debug1: get_agent_identities: ssh_fetch_identitylist: communication
with agent failed
debug1: Will attempt key: /home/sroot/.ssh/id_rsa
debug1: Will attempt key: /home/sroot/.ssh/id_ecdsa
debug1: Will attempt key: /home/sroot/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/sroot/.ssh/id_ed25519
debug1: Will attempt key: /home/sroot/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/sroot/.ssh/id_xmss
debug1: Will attempt key: /home/sroot/.ssh/id_dsa
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@xxxxxxxxxxx,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,webauthn-sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: publickey-hostbound@xxxxxxxxxxx=<0>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/sroot/.ssh/id_rsa
debug3: no such identity: /home/sroot/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/sroot/.ssh/id_ecdsa
debug3: no such identity: /home/sroot/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/sroot/.ssh/id_ecdsa_sk
debug3: no such identity: /home/sroot/.ssh/id_ecdsa_sk: No such file
or directory
debug1: Trying private key: /home/sroot/.ssh/id_ed25519
debug3: no such identity: /home/sroot/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/sroot/.ssh/id_ed25519_sk
debug3: no such identity: /home/sroot/.ssh/id_ed25519_sk: No such file
or directory
debug1: Trying private key: /home/sroot/.ssh/id_xmss
debug3: no such identity: /home/sroot/.ssh/id_xmss: No such file or directory
debug1: Trying private key: /home/sroot/.ssh/id_dsa
debug3: no such identity: /home/sroot/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
testu@165.227.198.59: Permission denied (publickey).
sroot@ubuntu-s-1vcpu-2gb-nyc1-01:~$


which doesn't implement a "password" check/process!!


in the test of the initial "testu@161.35.5.174"
.
.
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password          <<<<<<<<<<<<<<<<<<< this happened!!
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
testu@161.35.5.174's password:
.
.

it appears that the
   authmethod_lookup password
doesn't happen!!!!!!!

the issue is why!

so.. anyone have any clues as to what I can test/check?
 or what I've screwed up!!

thanks

by the way..
If I log into the "working/initial" droplet  the --161.35.5.174
 and I attempt to ssh/access the "copied" droplet --165.227.198.59

I get the same errs...
  testu@165.227.198.59: Permission denied (publickey).
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux