ssh denied access CLOSED

[tm]

I have ssh loaded on host and client. In konsole typed "ssh -l tom 192.168.XXX. (host ip address) I have no password on the host since i just want to turn it on in auto boot when necessary. It keeps asking for a password then tells me permission denied  "password ,public key etc. Where do I start  tom

[AS]

I have ssh loaded on host and client. In konsole typed "ssh -l tom 192.168.XXX. (host ip address) I have no password on the host since i just want to turn it on in auto boot when necessary. It keeps asking for a password then tells me permission denied  "password ,public key etc. Where do I start  tom

not very safe to not have a root password, however there it is your issue, because default ssh configuration doesn't allow empty passwords.

check the settings in /etc/ssh/sshd_config:

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

change as required, then restart the sshd server.

hint:
use ssh -v  or ssh -vvv while debugging ssh connections ...

AS

[tm]

this is output

tom@localhost ~]$ ssh -v tom 192.168.1.xxx
OpenSSH_5.9p2, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 49: Applying options for *
debug1: Connecting to tom [67.215.65.132] port 22.
debug1: connect to address 67.215.65.132 port 22: Connection timed out
ssh: connect to host tom port 22: Connection timed out
[tom@localhost ~]$
Lead and I will follow  .samba is already working on the host , there are times i just need to access the desktop  tom

[AS]

this is output

tom@localhost ~]$ ssh -v tom 192.168.1.xxx
OpenSSH_5.9p2, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 49: Applying options for *
debug1: Connecting to tom [67.215.65.132] port 22.
debug1: connect to address 67.215.65.132 port 22: Connection timed out
ssh: connect to host tom port 22: Connection timed out
[tom@localhost ~]$
Lead and I will follow  .samba is already working on the host , there are times i just need to access the desktop  tom

try first connecting from the server to the same server ... that will assure that the sshd is running and properly configured ...

Code: [Select]

ssh -v localhost

[tm]

root@localhost ~]# ssh -v localhost
OpenSSH_5.9p2, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
/etc/ssh/ssh_config: line 1: Bad configuration option: Lead
debug1: /etc/ssh/ssh_config line 49: Applying options for *
/etc/ssh/ssh_config: terminating, 1 bad configuration options
[root@localhost ~]#
tom

[AS]

root@localhost ~]# ssh -v localhost
OpenSSH_5.9p2, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
/etc/ssh/ssh_config: line 1: Bad configuration option: Lead
debug1: /etc/ssh/ssh_config line 49: Applying options for *
/etc/ssh/ssh_config: terminating, 1 bad configuration options
[root@localhost ~]#
tom

that's an entirely different problem, ssh client configuration on your machine ...
please, post the content of /etc/ssh/ssh_config

[Phil]

Keep It Simple Tom...

Like AS says start on the destination machine. Try ssh from it to itself, assuming you have a user called tom on that:

ssh tom@192.168.1.XXX

If it works ensure firewall lets port 22 is open on destination machine, try it from other machine.

Check the default settings are in place via PCC Control Centre, nothing fancy, just default settings.

Once it works you can up the complexity with certificate logins, and maybe if you want a graphical front end use a vncserver and vncclient on the destination machine 9a bit fiddly).

Step 1 revert to default basic settings on destination machine
Step 2 test ssh on destination machine
Step 3 test ssh on different machine (is port 22 open)

I always use ssh tom@192... or just ssh 192.168....

[tm]

config on client tom   

#   $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com

Host *
    ForwardX11 yes
    Protocol 2,1

    # If this option is set to yes then remote X11 clients will have full access
    # to the original X11 display. As virtually no X11 client supports the untrusted
    # mode correctly we set this to yes.
    ForwardX11Trusted yes

    # Send locale-related environment variables
    #SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    #SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    #SendEnv LC_IDENTIFICATION LC_ALL
    StrictHostKeyChecking no

[tm]

ssh config onhost

Lead i will foll#   $OBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication no
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com

Host *
    ForwardX11 yes
    Protocol 2,1

    # If this option is set to yes then remote X11 clients will have full access
    # to the original X11 display. As virtually no X11 client supports the untrusted
    # mode correctly we set this to yes.
    ForwardX11Trusted yes

    # Send locale-related environment variables
    #SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    #SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    #SendEnv LC_IDENTIFICATION LC_ALL
    StrictHostKeyChecking no

[AS]

ssh config onhost

Lead i will foll#   $OBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

apparently there are a few characters in your ssh_config file, that you should remove ...
edit the file, then retry ssh -v localhost on your "host machine"

[pags]

There's been no explicit mention of sshd running on the server...can this be confirmed?

Code: [Select]

netstat -anutp | grep 22
as root on the server will confirm if it is running...

[muungwana]

this is output

tom@localhost ~]$ ssh -v tom 192.168.1.xxx
OpenSSH_5.9p2, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 49: Applying options for *
debug1: Connecting to tom [67.215.65.132] port 22.
debug1: connect to address 67.215.65.132 port 22: Connection timed out
ssh: connect to host tom port 22: Connection timed out
[tom@localhost ~]$
Lead and I will follow  .samba is already working on the host , there are times i just need to access the desktop  tom

connection timed out means two possibilities, either the ssh server is not running, or its running but its behind a firewall or both.

Make sure the ssh server is running and if a firewall is running, make sure it is configured to allow ssh traffic to pass through

[pags]

this is output

tom@localhost ~]$ ssh -v tom 192.168.1.xxx
OpenSSH_5.9p2, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 49: Applying options for *
debug1: Connecting to tom [67.215.65.132] port 22.
debug1: connect to address 67.215.65.132 port 22: Connection timed out
ssh: connect to host tom port 22: Connection timed out
[tom@localhost ~]$
Lead and I will follow  .samba is already working on the host , there are times i just need to access the desktop  tom

That's what made me suggest checking if sshd is even running...

...actually, looking at it, the ssh command is incorrect, I think.  It is trying to connect to host "tom".

It should probably be:

Code: [Select]

ssh -v -l tom 192.168.1.xxx
or

Code: [Select]

ssh -v tom@192.168.1.xxx

Still, should check that the server is running...

[tm]

just got home from work all night. will look as this evening . thanks for the help guys tom

[tm]

pags first command output


tom@localhost ~]$ ssh -v -l tom 192.168.1.200
OpenSSH_5.9p2, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 49: Applying options for *
debug1: Connecting to 192.168.1.200 [192.168.1.200] port 22.
debug1: Connection established.
debug1: identity file /home/tom/.ssh/identity type -1
debug1: identity file /home/tom/.ssh/identity-cert type -1
debug1: identity file /home/tom/.ssh/id_rsa type -1
debug1: identity file /home/tom/.ssh/id_rsa-cert type -1
debug1: identity file /home/tom/.ssh/id_dsa type -1
debug1: identity file /home/tom/.ssh/id_dsa-cert type -1
debug1: identity file /home/tom/.ssh/id_ecdsa type -1
debug1: identity file /home/tom/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 4e:85:32:c6:5e:93:ba:51:f1:0d:e9:43:86:fd:86:e1
debug1: Host '192.168.1.200' is known and matches the ECDSA host key.
debug1: Found key in /home/tom/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/tom/.ssh/identity
debug1: Trying private key: /home/tom/.ssh/id_rsa
debug1: Trying private key: /home/tom/.ssh/id_dsa
debug1: Trying private key: /home/tom/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
tom@192.168.1.200's password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
tom@192.168.1.200's password:
I have no password on the server. IF I have to add one  1) how   2) will it affect my samba auto login computer    tom