Home > Others

SSH No password logon authentication failed

Source: Internet
Author: User
Tags hmac md5 sha1
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

problem Phenomenon:

ServerA machine has produced RSA key

And the public key has been added to the ServerB machine/root/.ssh/authorized_keys

But the SSH root@135.251.208.141 machine still needs to enter the password, that is, no password authentication failed

analysis and Processing:

With ssh-v debug access, the log is as follows, but from the log can not see the cause of failure, only know that in the PublicKey authentication, the end of the reply;

At this time Baidu, there are articles mentioned can view/var/log/secure log

By looking at the ServerB machine/var/log/secure, we found the following error

8 13:31:34 wng-141 sshd[32366]: Authentication Refused:bad ownership or modes for Directory/root
8 13:31:34 wng-141 sshd[32367]: Connection closed by 135.251.218.231

This log, can be/root directory permissions are not, and then Baidu Search "authentication Refused:bad ownership or modes for Directory/root"

Finding that all users ' home directories should be 700, or cause a lot of problems, is also a problem for this reason

Finally, the execution of chmod-root resolves


[root@wng-231 ~]#/usr/bin/ssh-vvv-i/opt/aware/central/.sshkey/id_rsa-oconnecttimeout=1-o StrictHostKeyChecking= No-o Passwordauthentication=no root@135.251.208.141
OPENSSH_5.3P1, OpenSSL 1.0.0-fips 2010
Debug1:reading Configuration Data/etc/ssh/ssh_config
Debug1:applying Options for *
Debug2:ssh_connect:needpriv 0
Debug1:connecting to 135.251.208.141 [135.251.208.141] Port 22.
DEBUG2:FD 3 Setting O_nonblock
DEBUG1:FD 3 Clearing O_nonblock
Debug1:connection established.
debug3:timeout:1000 MS remain after connect
debug1:permanently_set_uid:0/0
Debug3:not a RSA1 key file/opt/aware/central/.sshkey/id_rsa.
Debug2:key_type_from_name:unknown key Type '-----BEGIN '
Debug3:key_read:missing KeyType
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug3:key_read:missing whitespace
Debug2:key_type_from_name:unknown key type '-----End '
Debug3:key_read:missing KeyType
Debug1:identity File/opt/aware/central/.sshkey/id_rsa Type 1
Debug1:remote Protocol version 2.0, Remote software version openssh_5.3
debug1:match:openssh_5.3 Pat Openssh*
debug1:enabling compatibility Mode for Protocol 2.0
Debug1:local Version string ssh-2.0-openssh_5.3
DEBUG2:FD 3 Setting O_nonblock
Debug1:ssh2_msg_kexinit sent
debug3:wrote 792 bytes for a total of 813
Debug1:ssh2_msg_kexinit received
DEBUG2:KEX_PARSE_KEXINIT:DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA256,DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA1, Diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Debug2:kex_parse_kexinit:ssh-rsa,ssh-dss
DEBUG2:KEX_PARSE_KEXINIT:AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC, blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
DEBUG2:KEX_PARSE_KEXINIT:AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC, blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
Debug2:kex_parse_kexinit:hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com, hmac-sha1-96,hmac-md5-96
Debug2:kex_parse_kexinit:hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com, hmac-sha1-96,hmac-md5-96
Debug2:kex_parse_kexinit:none,zlib@openssh.com,zlib
Debug2:kex_parse_kexinit:none,zlib@openssh.com,zlib
Debug2:kex_parse_kexinit:
Debug2:kex_parse_kexinit:
Debug2:kex_parse_kexinit:first_kex_follows 0
Debug2:kex_parse_kexinit:reserved 0
DEBUG2:KEX_PARSE_KEXINIT:DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA256,DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA1, Diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Debug2:kex_parse_kexinit:ssh-rsa,ssh-dss
DEBUG2:KEX_PARSE_KEXINIT:AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC, blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
DEBUG2:KEX_PARSE_KEXINIT:AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC, blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
Debug2:kex_parse_kexinit:hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com, hmac-sha1-96,hmac-md5-96
Debug2:kex_parse_kexinit:hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com, hmac-sha1-96,hmac-md5-96
Debug2:kex_parse_kexinit:none,zlib@openssh.com
Debug2:kex_parse_kexinit:none,zlib@openssh.com
Debug2:kex_parse_kexinit:
Debug2:kex_parse_kexinit:
Debug2:kex_parse_kexinit:first_kex_follows 0
Debug2:kex_parse_kexinit:reserved 0
Debug2:mac_setup:found HMAC-MD5
Debug1:kex:server->client aes128-ctr hmac-md5 None
Debug2:mac_setup:found HMAC-MD5
Debug1:kex:client->server aes128-ctr hmac-md5 None
Debug1:ssh2_msg_kex_dh_gex_request (1024<1024<8192) sent
Debug1:expecting Ssh2_msg_kex_dh_gex_group
Debug3:wrote bytes for a total of 837
Debug2:dh_gen_key:priv Key Bits set:120/256
Debug2:bits set:537/1024
Debug1:ssh2_msg_kex_dh_gex_init sent
Debug1:expecting ssh2_msg_kex_dh_gex_reply
Debug3:wrote 144 bytes For a total of 981
Debug3:check_host_in_hostfile:filename/root/.ssh/known_hosts
Debug3:check_host_in_hostfile:match Line 7
Debug1:host ' 135.251.208.141 ' is known and matches the RSA Host key.
Debug1:found Key In/root/.ssh/known_hosts:7
Debug2:bits set:505/1024
Debug1:ssh_rsa_verify:signature correct
Debug2:kex_derive_keys
Debug2:set_newkeys:mode 1
Debug1:ssh2_msg_newkeys sent
Debug1:expecting Ssh2_msg_newkeys
Debug3:wrote bytes for a total of 997
Debug2:set_newkeys:mode 0
Debug1:ssh2_msg_newkeys received
Debug1:ssh2_msg_service_request sent
Debug3:wrote bytes for a total of 1045
Debug2:service_accept:ssh-userauth
Debug1:ssh2_msg_service_accept received
Debug2:key:/opt/aware/central/.sshkey/id_rsa (0x7f09ff288620)
Debug3:wrote bytes for a total of 1109
Debug1:authentications that can Continue:publickey,gssapi-keyex,gssapi-with-mic,password
Debug3:start over, passed a different list Publickey,gssapi-keyex,gssapi-with-mic,password
Debug3:preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
Debug3:authmethod_lookup Gssapi-keyex
Debug3:remaining preferred:gssapi-with-mic,publickey,keyboard-interactive
Debug3:authmethod_is_enabled Gssapi-keyex
Debug1:next Authentication Method:gssapi-keyex
Debug1:no Valid Key Exchange context
Debug2:we did not send a packet, disable method
Debug3:authmethod_lookup gssapi-with-mic
Debug3:remaining preferred:publickey,keyboard-interactive
Debug3:authmethod_is_enabled gssapi-with-mic
Debug1:next Authentication Method:gssapi-with-mic
Debug3:trying to reverse map address 135.251.208.141.
Debug1:an invalid name was supplied
Cannot determine realm for numeric host address
Debug1:an invalid name was supplied
Cannot determine realm for numeric host address
Debug1:an invalid name was supplied
Debug1:an invalid name was supplied
Debug2:we did not send a packet, disable method
Debug3:authmethod_lookup PublicKey
Debug3:remaining preferred:keyboard-interactive
Debug3:authmethod_is_enabled PublicKey
Debug1:next Authentication Method:publickey
Debug1:offering Public Key:/opt/aware/central/.sshkey/id_rsa
Debug3:send_pubkey_test
Debug2:we sent a publickey packet, wait for reply
Debug3:wrote 368 bytes For a total of 1477
Debug1:authentications that can Continue:publickey,gssapi-keyex,gssapi-with-mic,password
Debug2:we did not send a packet, disable method
Debug1:no more authentication methods to try.
Permission denied (Publickey,gssapi-keyex,gssapi-with-mic,password).

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ubuntu ssh no password disable password authentication ssh failed logon event id ssh authentication cisco anyconnect authentication failed authentication failed xfinity mobile focus authentication failed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More