ssh-copy-id - permission denied (publickey) [closed]

ssh-keys

I want to set up ssh tunnel to the mysql server which is in computer which has virtual machine. Also the tunnel has to work if the machine is restarted.

So lets say A is computer with linux software. B - virtual machine in computer A.

MySQL is in B.

C - is a virtual machine in computer A which wants to connect to MySQL in B.

Now by this article: http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/

I try to copy the public key to remote server. I guess I need to copy it to computer A. 

ssh-copy-id -i id_rsa.pub.bak [user]@[IP of A] -p [port of A]
Enter passphrase for key '/home/[user]/.ssh/id_rsa':
Permission denied (publickey).

Now I tried entering passphrase of the file id_rsa.pub.bak. It denied.

Then I see that it uses key in /home/[user]/.ssh/id_rsa which is different from the public key I am trying to copy, I mean of course private key is different, but I mean I copy public key of another private key. So I tried using passphrase of it. Also denied.

How could I debug why is passphrase denied?

Update

Based on comments I created new public file called id_rsa.pub where everything is in one line now

and run and still get error.

ssh-copy-id -i id_rsa.pub [host and port] -vvv
Enter passphrase for key '/home/[user]/.ssh/id_rsa':
Permission denied (publickey).

Update

Checked the permissions on .ssh folder and authorized_keys file in the A computer - they are 700 and 600 so as the comment say they are good.

Update

Tried setting password authentication yes on A computer and to restart the service. Restarting as by the answer did not work, it wrote sshd not recognized, so I restarted using:

sudo /etc/init.d/ssh restart

Then tried again on C machine to copy to A machine.

ssh-copy-id -i id_rsa.pub [user@host] -p [port] -v

and still the same:

Enter passphrase for key '/home/[user]/.ssh/id_rsa':
Permission denied (publickey).

If I go to copy the key manually to authorized_keys, I see that the public key is already existing, the same which I want to copy. I asked my coworker, he said he did not copy it. So I do not even understand how it can be there.

Ok, if it is there it would be good, but by staying there it does not let me connect with ssh without entering passphrase. But I was able to connect with entering passphrase. So something is clearly still wrong here. And the key which I am trying to copy is with empty passphrase. When I connected with ssh - I entered passphrase which was not empty.

The same public key cannot accept empty passphrase and and non empty passprhase, that makes sense. But then why public key which I am trying to upload is the same with the one in authorized_keys file if passphrases are different? I did not check every single character, but its unlikely that keys would be so similar that beggining and ending would be the same even when passphrase different I think.


Solution 1:

You actually need to login to copy your key, you don't have any access to the remote machine (invalid key and password authentication disabled):

Re-enable passwd authentication in /etc/ssh/sshd_config:

PasswordAuthentication yes

Then restart the service:

service sshd restart

Copy your public key:

ssh-copy-id -i ~/.ssh/id_rsa.pub USER@HOST -p PORT
[Enter user password]

Try to login again, no password should be required.

Then disable password authentication.

Solution 2:

Permission denied (publickey) is the remote SSH server saying "I only accept public keys as an authentication method, go away".

That's your main challenge: Getting onto the remote system. Once you can do that, you can upload your key:

  • Using ssh-copy-id - it will allow you to specify a different key if you're in the process of replacing your old one, for example.
  • Edit the remote user's ~/.ssh/authorized_keys to append your key manually.

Solution 3:

Found the problem finally.

Actually I did not need to copy the public key. Same public key is for both private keys - with passphrase and without passphrase. I thought I have private key without passphrase, but actually I did not. I had only .ppk without passphrase. That was miss communication. So coworker made private key without passphrase and so now I could login using ssh without passphrase. I read that having without passphrase is bad, but coworker says its ok. I needed without passphrase because I need to run shell script on reboot - I want to start autossh on computer reboot.

So kind of solution is this time - if you want to login without passphrase - check if your private key is without passphrase really.

Related

nginx split large configuration file
Ctrl + Alt + Del prior to Windows 10 logon no longer needed?
Check if user password input is valid in Powershell script
Run command in detached tmux session
ISP broadcasting all IP-packets, so I can see traffic of other clients from ISP
Enable Password Login for SSH on Amazon Linux AMI
how to secure an open PostgreSQL port
The option to "Launch slave agents via Java Web Start" is missing from new node configuration, how can I add it to the options menu?
Do HTTP reverse proxies typically enable HTTP Keep-Alive on the client side of the proxied connection and not on the server side?
How to make Firefox trust system CA certificates?
How to enable PowerTools repository in CentOS 8?
lsof - restrict output to physical files only - how?