Geek Answers Handbook

SSH suddenly asks for a password

a common problem

I have a computer (Mac OSX 10.9.4) and a remote server (Ubuntu 14.04.1 LTS). I used ssh-keygen to create the ssh key (without a passphrase), added the public key to the .ssh/authorized_keys server, and everything was fine in the world. Then, earlier today, ssh started asking for a password again.

What could cause him

I'm really not sure what caused this - these are my best guesses:

  • I had to delete some files from my home directory on the remote server when I accidentally copied the git repository there (I didn’t do anything or something there, just copied everything and then rm them). From what I can tell from my command history, there are no ssh-related files that I deleted, just .git, .gitignore and various * .sw? files remained from vim.
  • I ran ssh-keygen -l -f ~/.ssh/authorized_keys on the remote server to see the fingerprints (I think) of the keys in this file.

Relevant Magazines

When I run ssh -v -i ~/.ssh/mykey_rsa user@serverip , I get the following:

 OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /Users/myusername/.ssh/config debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 50: Applying options for * debug1: Connecting to {ip address} [{ip address}] port 22. debug1: Connection established. debug1: identity file .ssh/mykey_rsa type 1 debug1: identity file .ssh/mykey_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* debug1: Miscellaneous failure (see text) No credentials cache file found debug1: An invalid name was supplied unknown mech-code 0 for mech 1 2 752 43 14 2 debug1: Miscellaneous failure (see text) unknown mech-code 0 for mech 1 3 6 1 5 5 14 debug1: Miscellaneous failure (see text) unknown mech-code 2 for mech 1 3 6 1 4 1 311 2 2 10 debug1: An unsupported mechanism was requested unknown mech-code 0 for mech 1 3 5 1 5 2 7 debug1: Miscellaneous failure (see text) unknown mech-code 0 for mech 1 3 6 1 5 2 5 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA {fingerprint} debug1: Host '{ip address}' is known and matches the RSA host key. debug1: Found key in /Users/myusername/.ssh/known_hosts:16 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: .ssh/otherkey_rsa debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: .ssh/mykey_rsa debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password user@serverip password:

It seems strange to me that he tried another ssh key (otherkey_rsa) before the one I told him to use (mykey_rsa), but I don’t know enough about ssh to parse this well.

Meanwhile, the remote server /var/log/auth.log gratefully says

  Aug 12 02:04:19 servername sshd [22147]: :     :/etc/ssh/ssh_host_ed25519_key  12 02:04:19 servername sshd [22147]:  :       /root >

Access rights

Local / on my computer:

 ~/ drwxr-xr-x+ 105 myusername staff 3570 Aug 11 23:14 ~/.ssh/ drwx------ 13 myusername staff 442 Aug 11 23:14 ~/.ssh/mykey_rsa.pub -rw-r--r-- 1 myusername staff 397 Aug 5 20:52 ~/.ssh/mykey_rsa -rw------- 1 myusername staff 1675 Aug 5 20:52

Remotely / on the server:

 ~/ drwxr-xr-x 8 501 staff 4096 Aug 12 02:16 ~/.ssh/ drwx------ 2 remoteuser root 4096 Aug 12 01:49 ~/.ssh/authorized_keys -rw------- 1 remoteuser root 794 Aug 12 01:44

I am really fixated on this and will be very grateful for the help! Thanks!

+7
ssh
source share
3 answers

As aecolley pointed to superuser, the answer looked in my face. The problem was the resolution, and the reason was that the user with uid 501 owned my home directory. Why do you ask? Since I accidentally (like accidentally) used rsync to copy a bunch of files from my laptop, and rsync seemed to use my laptop user ID (501, the default for OS X) for the job.

chown root . from my home directory on the server the problem is fixed.

+4
source share

Perhaps this may be useful for someone.

I had the same problem in Ubuntu: once I tried to click on the git repository and received a password prompt. The problem in my case was in the wrong permissions (root was the file manager) for the ~ / .ssh / config file.

To fix the problem, I had to change the owner of the file and then log in again.

0
source share

I just spent half an hour tearing my hair out on this issue in Yosemite. All my rights were correct, the key was in the right place, the config was correct, etc.

It happened so: I used the migration assistant to transfer some files from this computer to another, which led to the exit from the interactive user session, but actually did not restart the computer, so when I logged in and started tmux it became attached to the surviving session. Apparently, this caused him to lose some security permission to access Keychain, where my key passwords are stored, and he did not ask me. Just restarting tmux solved the problem!

0
source share

More articles:


All Articles