Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY)

  1. #1
    Join Date
    Jun 2019
    Beans
    5

    Red face Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY)

    Hi everyone,

    I've been searching for 2 days now and trying a lot of manipulations without success. I don't know what to do anymore except to post my issue here.

    Some useful informations before I start to explain :

    - My OS : Windows 10
    - VPS server : Ramnode (Ubuntu 16.04 64-bit)
    - Emulator : PuTTY (PuTTYgen for keys generations)
    - My first language is French, I apologize if my English is not correct

    OK, here is my issue :

    I firstly authenticated myself with the user "root" and my password. Then,I created a new user as "ubuntu" and I installed SSH key authentification. All was running good and I could auth. as "ubuntu" with my SSD key instead of the password.
    I used these commands one line at a time :

    Code:
    adduser ubuntu
    usermod -aG sudo ubuntu
    su ubuntu
    sudo -S true
    Then, the tutorial asked me to enter this command but it didn't apply :

    Code:
    cd && mkdir .ssh && chmod 700 .ssh && cd .ssh && sudo cp /root/.ssh/authorized_keys . && sudo chown ubuntu authorized_keys && chmod 644 authorized_keys
    I thought it didn't apply because it was reserved to Vultr (as mentioned in the tuto), and since the authentification with SSH key was already running good, I didn't pay much attention. (I precize that I also configured this on Vultr in the same way and I met no issue, everything is running good on this one.)

    Then, according to the tutorial, I edited the SSH Daemon config file to lock down the server :

    Code:
    sudo nano /etc/ssh/sshd_config
    Still according to the tutorial, I found the following lines and change them to the following settings (with removing the "#") :

    Code:
    PermitEmptyPasswords no
    PasswordAuthentication no
    ChallengeResponseAuthentication no
    PermitRootLogin prohibit-password
    UsePAM no
    After having saved the modifications, I restarted the SSH Daemon in order to apply these new settings :

    Code:
    sudo systemctl restart sshd.service
    And here is where my issue begin. After that, I've never been able to authenticate again. Neither with root, neither with ubuntu, neither with SSH key or password... Nothing works, even when editing the PuTTY configurations, I just can't access to the commands anymore.

    Here is the error message I have :

    Code:
    Server refused our key
    PuTTY Fatal Error : No supported authentification methods available (server sent: publickey)

    I think my mistake is that I haven't allowed enough permissions to my ubuntu user (because the command for Vultr didn't apply with Ramnode). And since I have locked down the server by editing the SSH Daemon config file, the root user has restricted permissions now...

    Is my diagnostic correct ? What solutions do I have ? I can give more precisions on the other commands I used if needed.

    Thanks by advance to anyone who will try to help me
    Last edited by nicky90; 1 Week Ago at 02:13 PM.

  2. #2
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,753
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY

    Can you ssh at localhost?
    ssh -vvv <user>@localhost <--- The -vvv option will give a lot of output and it might shed light on the problem. I'm betting its a permissions issue on either the .ssh directory or the authorized_keys file

  3. #3
    Join Date
    Jun 2019
    Beans
    5

    Re: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY

    Hi, thanks for your answer Yes, I'm now pretty sure it's a permissions issue on the authorized_keys file.

    I tried this :
    Code:
    login as: ssh -vvv ubuntu@localhost
    And this :
    Code:
    login as: ssh -vvv root@localhost
    But I still have this message :

    PuTTY Fatal Error : No supported authentification methods available (server sent: publickey)

  4. #4
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,753
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY

    Ok the root login method probably wont work because of your sshd_config file

    Focus on the normal user. Within the ~/.ssh directory you should have an authorized_keys file. What are the permissions on the authorized_keys files and who holds owner/group privileges?

    (usually in terms of debugging -- I first ensure I can ssh with use of a password first then move onto the use of keys -- passwords will show if there is an underlying problem with the ssh server)

  5. #5
    Join Date
    Jun 2019
    Beans
    5

    Re: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY

    Sorry but I don't understand how I could inspect the authorized_keys file if I can't even login in PuTTY ? I can't apply any command...

    But what I know is that I didn't add any key in the authorized_keys files and it's the reason why I can't login anymore. And since I have prohibited-password and lock down the server in SSH Daemon, I have no option but to connect with my key...that I didn't give permission

  6. #6
    Join Date
    Jan 2007
    Beans
    740
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY

    Does your VPS allow console login, or some other way in via a control panel? You may need to get into it that way so you can fix your SSH setup.

    Next time, test your keys before disabling passwords.

    And stay logged in to a session while opening another to test.
    Current 'buntu systems: Server 18.04.2 LTS, Mythbuntu 16.04 LTS, Ubuntu 16.04.1 LTS / Retired: 14.04 LTS, 10.04 LTS, 8.04 LTS
    Been using ubuntu since 6.04 (13 years!)

  7. #7
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    16,642
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY

    Not that it helps Windows users, but on Unix, there's a tool to push the public key to the correct location, ssh-copy-id. Makes setting up key-based ssh access 2 commands. ssh-keygen and ssh-copy-id.

    ssh is a core security tool, so it is picky about file security. Permissions for the files:
    Code:
    ~/.ssh$ ll
    total 100
    drwx------  ./
    drwx--x---  ../
    -rw-------  authorized_keys
    -rw-------  config
    -rw-------  id_ed25519
    -rw-r--r--  id_ed25519.pub
    -rw-------  id_rsa
    -rw-r--r--  id_rsa.pub
    -rw-------  known_hosts
    That is a mix of client and server files, so don't worry if your server doesn't have them all. Also note that the ~/.ssh/ directory permissions must be 700. The easy way to think of this is that only the .pub files should be read by group and others. Everything else is locked for owner access only.

    If you don't have ssh-copy-id, then moving the public key file over needs to be done in binary mode. If you copy/paste it, newlines are often added, which must be removed. Each host signature is a single line.

    Unix-to-Unix ssh is so much easier and many things "just work."
    Last edited by TheFu; 1 Week Ago at 02:41 PM.

  8. #8
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,753
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY

    @nicky90

    You don't have anymore access to the ssh server?
    I was under the impression you controlled both the client and server machine.

  9. #9
    Join Date
    Jun 2019
    Beans
    5

    Re: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY

    Hi all ! Thanks for your help, I finally manage to connect in my VPS console and to unable the password authorisations

    So I can now loggin again normally with my username or root and my password. However, the server still refuse my authentification key when I try to connect with. I used these commands to authorise my key :

    Code:
    mkdir ~/.ssh
    chmod 0700 ~/.ssh
    touch ~/.ssh/authorized_keys
    chmod 0644 ~/.ssh/authorized_keys
    
    sudo vi ~/.ssh/authorized_keys
    
    COPY/PASTE THE KEY
    
    ESC
    
    :w
    
    :q
    And it works when I set up this with another server, but not with the servers I had to manage with the console. I tried with my previous key and I tried by deleting my previous key and create/authorise a new key but neither of the two ways work...
    Last edited by nicky90; 1 Week Ago at 11:31 AM.

  10. #10
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    16,642
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Unable to authenticate in any way after editing the SSH Daemon config file (PuTTY

    Quote Originally Posted by TheFu View Post
    If you copy/paste it, newlines are often added, which must be removed. Each host signature is a single line.
    Did you see this and handle it?
    Also, please see the required permissions above, post #7, for all the files in the directory.
    Last edited by TheFu; 1 Week Ago at 12:36 PM.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •