I'm trying to SSH into my instance on EC2 but getting permission denied. Port 22 is open in the security group. I set 400 as a permission for the file which is setting that supposedly works in this case as I need only read. I can set 600 but in this case it's unnecessary.
Where should I take a look ? How can I fix this ?
ec2-user#35.178.89.23: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
verbose flag revealed:
debug1: Host '3.8.3.177' is known and matches the ECDSA host key.
debug1: Found key in /home/mark/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:rSHi+GMCUIvsF4HA0Kv5C0++sLGGiquVQ/z/OXQBPEU mark.alexa#mail.com
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/mark/.ssh/ecs.pem
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
ec2-user#3.8.3.177: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
AWS has a good Troubleshooting guide.
Some common causes are:
lack of inbound port 22 rule on Security Group
using the wrong SSH key (one that doesn't match the EC2 keypair)
using the wrong username (e.g. ec2-user when it should be ubuntu)
Please make sure that you are connecting with the correct private key (ssh -i key.pem ec2-user#hostname) and use the -v option to get verbose logging from ssh. This can help you determine if the request actually made it to the EC2 instance (so it's not a connectivity issue) or not (so it is a connectivity issue).
From the symptoms you've shared, I'd say that either /home/mark/.ssh/ecs.pem is not the private key associated with the keypair that you supplied when launching EC2, or you launched EC2 without a keypair.
You should be able to calculate a fingerprint of the PEM file using openssl rsa -in /home/mark/.ssh/ecs.pem -pubout -outform DER | openssl md5 -c and compare that to the fingerprint shown in the EC2 keypair console. If they don't match, you are using the wrong private key.
Related
Using my current MacBook, at previous companies I've been able to ssh to EC2 instances. At the new company, which has EC2 instances running Centos 6, which is running an old version of OpenSSL, (an old version of libssl) I cannot seem to ssh. I always get:
Permission denied (publickey).
So, for instance, on one server, the devops engineer installed my ssh public key, and they white listed my home IP address.
They sent me this block of text, which I put in my ~/.ssh/config file.
Host never_dev
HostName neverstaydev.com
User neverst
IdentityFile ~/.ssh/id_ed25519
Host beta
HostName 12.18.125.53
User neverst
IdentityFile ~/.ssh/id_ed25519
The only thing I changed was the name of the key, which is correct. But if I try this:
ssh -v never_dev
I get:
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/admin/.ssh/config
debug1: /Users/admin/.ssh/config line 1: Applying options for never_dev
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to neverstaydev.com port 22.
debug1: Connection established.
debug1: identity file /Users/admin/.ssh/id_ed25519 type 3
debug1: identity file /Users/admin/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to neverstaydev.com:22 as 'neverst'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:UJ9EFg/QTnxCP+/9/P8b+jSpKozY1IbaN3M5jOoz8e0
debug1: Host 'neverstaydev.com' is known and matches the RSA host key.
debug1: Found key in /Users/admin/.ssh/known_hosts:24
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /Users/admin/.ssh/id_ed25519 ED25519 SHA256:fBRwhBVpzb6ve5cDwmMS1R0UlhzSaVg9E62WW7riRZA explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/admin/.ssh/id_ed25519 ED25519 SHA256:fBRwhBVpzb6ve5cDwmMS1R0UlhzSaVg9E62WW7riRZA explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
neverst#neverstaydev.com: Permission denied (publickey).
All of the developers are sharing one account on this EC2 instance, and everyone else can log in, except me. But my IP address has been whitelisted, since, as you can see above, my machine engages in dialogue with the EC2 instance.
I've tried different permissions on the private key, both 0400 and 0600. That has no effect.
Likewise, they have AMIs based on these machines, so I spun up a new EC2 instance based on the AMI, creating a new key pair. I then tried to ssh to the new EC2 instance, using the new key pair. But still the same problem:
Permission denied (publickey)
What might cause this?
The devops engineer suggested that I do:
ssh-keygen -t rsa -b 4096 -C "neverstay-key"
Now, and then I gave them my public key, which they installed on their side, and now when I try to ssh to the server, I get:
ssh-keygen -t rsa -b 4096 -C "lawarance-futurestay-key"
When trying to ssh (from greenplum system user) one of datanode from Master gpdb host.
env - gpdb 4.3.10
Getting error
[gpadmin#mdw ~]$ ssh datanode
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[gpadmin#mdw ~]$
WE Tried
Tried on pivotal docs
https://discuss.pivotal.io/hc/en-us/articles/203777546-gpssh-exkeys-Fails-with-Error-Permission-denied-During-Local-Key-Exchange
Also, observed node not able to SSH any of data node/master host.
**Here is verbose mode -v with SSH info**
debug1: Host 'datanode01' is known and matches the ECDSA host key.
debug1: Found key in /home/gpadmin/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gpadmin/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/gpadmin/.ssh/id_dsa
debug1: Trying private key: /home/gpadmin/.ssh/id_ecdsa
debug1: Trying private key: /home/gpadmin/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
I think the problem isn't the root login as that doc suggests but rather, password authentication is disabled. Try running this on ALL nodes:
sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sudo service sshd restart
echo "gpadmin:changeme" | sudo chpasswd
Then retry gpssh-exkeys as gpadmin.
gpssh-exkey -f all_hosts
After you exchange the keys, you can disable password authentication again.
sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
The fundamental problem is that I am never seeing a prompt to enter in my SSH-Key password, SSH-Agent or no. As such, it's acting like I entered the wrong password and defaulting to pretending I have no keys.
This is happening on multiple computers. I set up my ssh keys awhile ago, and everything is great, but every so often I will do a git push (usually after restarting my computer) and I will get asked for my git origin server's password RATHER than my ssh key's password. Since my origin server does not HAVE a password, this leaves me unable to push changes.
Sometimes it resolves itself after restarting, sometimes not. Usually I do a lot of flailing guesses and one of them ends up fixing the problem, but I can't currently remember which ones work and which don't.
What is the CORRECT way to go about fixing this? What is the actual problem? Is my SSH Key locked? Is some windows process not starting correctly? Is a Path variable being eaten? I don't know a lot about windows (usually I develop on linux), so I'm extra at a loss here.
Edit: The first answer mentions ssh-agent. Some googling got me to here:
https://help.github.com/articles/working-with-ssh-key-passphrases/#platform-windows
Which explains how to set up ssh-agent to autostart and know about your keys in windows. (I didn't even know you could use bash profiles in windows).
This did not help.
My git bash now says "Identity added: /c/Users/{{ME}}/.ssh/id_rsa" It does NOT ask me for my key password, and I still cannot push to my origin server (it asks for a server password, still).
I can confirm that my ssh key does live in the place the agent is looking. I can also confirm that the key is added: ssh-add -l shows a single key, from the location my key is stored.
Edit: Setting GIT_SSH as an environment variable pointing at the executable for ssh does nothing either, but it was a long shot anyways.
Edit: ssh git#git.myhost.com outputs:
$ ssh -v git#git.myhost.lan
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Reading configuration data /c/Users/eschjen/.ssh/config
debug1: /c/Users/eschjen/.ssh/config line 1: Applying options for git.myhost
.lan
debug1: Connecting to git.myhost.lan [10.116.22.40] port 22.
debug1: Connection established.
debug1: identity file /c/Users/eschjen/.ssh/id_rsa type 1
debug1: identity file /c/Users/eschjen/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA ae:81:77:0d:1c:8e:6a:aa:a8:69:36:1b:e4:ca:33:ee
debug1: Host 'git.myhost.lan' is known and matches the RSA host key.
debug1: Found key in /c/Users/eschjen/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mi
c,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/eschjen/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mi
c,password
debug1: Next authentication method: password
git#git.myhost.lan's password:
The output screen helped me take the tack that the ssh key was being used, but rejected by the server. I found that the ssh key my server knows about does not match the ssh key my machine has, somehow, despite everything working fine less than a month ago. I re-added the ssh key I have, and was able to push my changes.
Anybody have any idea how the ssh key would be re-generated (I'm fairly sure I didn't do it explicitly) during all of this?
It's not enough to add the identity. There should be a file called config(no extension) in your C:\Users\{{username}}\.ssh directory.
You can define the key to use for a given host there like this:
Host myhost.name.com
IdentityFile ~/.ssh/my_keyfile_name
The result of correct configuration is a input request for a password:
Enter passphrase for key '/c/Users/{{username}}/.ssh/my_keyfile_name':
Edit1: You can retrieve the verbose output of ssh by adding the -v parameter. Real world example (host name replaced):
λ ssh -v igor#myhost.at
OpenSSH_6.6.1, OpenSSL 1.0.1m 19 Mar 2015
debug1: Reading configuration data /c/Users/Igor/.ssh/config
debug1: /c/Users/Igor/.ssh/config line 4: Applying options for myhost.at
debug1: Connecting to myhost.at [192.168.2.1] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Igor/.ssh/myhost-server type -1
debug1: identity file /c/Users/Igor/.ssh/myhost-server-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze5
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze5 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 67:3f:96:7b:6a:68:55:89:a8:30:a9:ed:67:ef:40:a4
debug1: Host 'myhost.at' is known and matches the RSA host key.
debug1: Found key in /c/Users/Igor/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/Igor/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /c/Users/Igor/.ssh/myhost-server
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/c/Users/Igor/.ssh/myhost-server':
I think this would help tremendously. Added comment to OP requesting this information.
you need to tell your computer to add the key again after restarting the system. Most of the time this is done with the ssh-agent
I wasted several hours trying to solve the same problem - SSH would not ask for the passphrase for my keypair even with pageant NOT running.
SSH uses different key formats (SSH-1 and SSH-2), and more importantly, refuses to read RSA keys if they are in SSH-2 format. Generating the keypair with Puttygen and then converting it to SSH-1 format to save in .ssh\id_rsa solved the problem for me.
Generate a keypair
Save it with a meaningful name (like Basement-Computer.ppk)
Export the file to OpenSSH format and save it with the name id_rsa (no extension)
Git clone will now ask for the passphrase (or at least it did for me). Google's instructions for setting up a Git repo https://cloud.google.com/source-repositories/docs/authentication#ssh neglects to mention that crucial third step.
I'm starting using Amazon EC2 service. I have installed an Amazon Linux instance, set the PEM file, opened the SSH ports and installed a GIT service.
My local environment it's Windows 8.
Through putty and WinSCP I can connect without problems. I have followed the docs and converted my PEM file to a PPK and everything works fine.
The problem is when I try to do a git push from my local machine. I always get a "permission denied (public key)" when I try to connect. I have made a ssh-add to PEM file using the git bash, generated a custom key trough the GIT Bash and added this key to the key pars at the EC2 Instance and nothing works...
If I try (using git bash) a ssh -i and specify the PEM file, I have a connection.
ssh -i c:/[PATH]/[PEM-FILE].pem ec2-user#[HOST].compute.amazonaws.com
If I try without -i, no connection.
$ ssh ec2-user#[HOST].compute.amazonaws.com
Permission denied (publickey).
Here follows the trace with -vT command:
ssh -vT ec2-user#[HOST].compute.amazonaws.com
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Connecting to [HOST].compute.amazonaws.com [54.201.
110.48] port 22.
debug1: Connection established.
debug1: identity file [PATH]/Usuario/.ssh/identity type -1
debug1: identity file [PATH]/Usuario/.ssh/id_rsa type 1
debug1: identity file [PATH]/Usuario/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[HOST].compute.amazonaws.com' is known and ma
tches the RSA host key.
debug1: Found key in [PATH]/Usuario/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: [PATH]/Usuario/.ssh/identity
debug1: Offering public key: [PATH]/Usuario/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: [PATH]/Usuario/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
So, there's a way to connect via SSH without the -i option?
After several tries, I found an article with some instructions here https://serverfault.com/questions/194567/how-do-i-tell-git-for-windows-where-to-find-my-private-rsa-key
I followed these steps: "After you have the home directory, and a .ssh folder under that, you want to open PuTTYgen and open the key (.ppk file) you have previously created. Once your key is open, you want to select Conversions -> Export OpenSSH key and save it to HOME.ssh\id_rsa. After you have the key at that location, Git bash will recognize the key and use it"
#Everton Menonca'a asnwer it great. It saved my day in fact. Just for the sake of more details, I am going to mention my case:
Load the private key (generated by EC2) in your PuTTYgen, and from it, export OpenSSH key.
Place the exported file in the home directory of all keys. In my case (windows) was C:\Users\USERNAME\.ssh
Since I have multiple remotes I am connecting to using Bash, I updated my config file (under the same directory), by adding extra entry, to be like the following:
Host bitbucket.org
IdentityFile ~/.ssh/id_rsa1
Host ec2-00-00-000-00.compute-1.amazonaws.com
IdentityFile ~/.ssh/id_rsa2
That's all
I am trying to connect with my remote linux server using cygwin+ssh but the authentication fails with no apparent reason. I have successfully setup another connnection to github successfully and I have followed the same process, this is why I am stopped here
$ ssh -v finxxx#xxx.79.xxx.29
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Connecting to xxx.79.xxx.29 [xxx.79.xxx.29] port 22.
debug1: Connection established.
debug1: identity file /home/xxxtta/.ssh/id_rsa type -1
debug1: identity file /home/xxxtta/.ssh/id_rsa-cert type -1
debug1: identity file /home/xxxtta/.ssh/id_dsa type 2
debug1: identity file /home/xxxtta/.ssh/id_dsa-cert type -1
debug1: identity file /home/xxxtta/.ssh/id_ecdsa type -1
debug1: identity file /home/xxxtta/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA c7:b2:f1:f9:76:cd:24:5a:80:91:4b:e5:ac:7e:e1:ee
debug1: Host 'xxx.79.xxx.29' is known and matches the RSA host key.
debug1: Found key in /home/xxxtta/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xxxtta/.ssh/id_rsa
debug1: Offering DSA public key: /home/xxxtta/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/xxxtta/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I have made the standard stuff but I cannot solve the problem. These are the commands I have used to generate the private/public keys. I have then copied the public key to the server
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/xxxtta/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xxxtta/.ssh/id_dsa.
Your public key has been saved in /home/xxxtta/.ssh/id_dsa.pub
thank you for your help
EDIT:
I have made the same procedure using MINGW and it works (I am able to connect). Something is definitely going wrong with cygwin in my system
Problem probably lies in user name. If you login remotely user name is case sensitive. You must write user name exactly how it was defined in Windows.
Copy id_dsa.pub to your remote server.
# scp .ssh/id_dsa.pub dude#remotemachine
On remote server:
# cat id_dsa.pub >> ~/.ssh/authorized_keys
You might try -vvv instead of -v to increase the verbosity.
Also, check that the file permissions are set properly. See Adding public key to ~/.ssh/authorized_keys does not log me in automatically