1

i just had configured a debian server and installed aapanel on it. I also changed the default port to 50001 instead of 22.

now i tried to login with ssh -p 50001 [email protected] and got this error

Permission denied (publickey,password)

here is some debug info

OpenSSH_8.1p1, LibreSSL 2.7.3 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 47: Applying options for * debug1: Connecting to 95.xxx.xxx.xxx [95.xxx.xxx.xxx] port 50001. debug1: Connection established. debug1: identity file /Users/ritaromano/.ssh/id_rsa type -1 debug1: identity file /Users/ritaromano/.ssh/id_rsa-cert type -1 debug1: identity file /Users/ritaromano/.ssh/id_dsa type -1 debug1: identity file /Users/ritaromano/.ssh/id_dsa-cert type -1 debug1: identity file /Users/ritaromano/.ssh/id_ecdsa type -1 debug1: identity file /Users/ritaromano/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/ritaromano/.ssh/id_ed25519 type -1 debug1: identity file /Users/ritaromano/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/ritaromano/.ssh/id_xmss type -1 debug1: identity file /Users/ritaromano/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2 debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 95.xxx.xxx.xxx:50001 as 'root' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:mvVcRh/4Nh7J6yw0fpMFm8Las+26KMPc8liDsxeVn8Y debug1: Host '[95.xxx.xxx.xxx]:50001' is known and matches the ECDSA host key. debug1: Found key in /Users/ritaromano/.ssh/known_hosts:1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: Will attempt key: /Users/ritaromano/.ssh/id_rsa debug1: Will attempt key: /Users/ritaromano/.ssh/id_dsa debug1: Will attempt key: /Users/ritaromano/.ssh/id_ecdsa debug1: Will attempt key: /Users/ritaromano/.ssh/id_ed25519 debug1: Will attempt key: /Users/ritaromano/.ssh/id_xmss debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /Users/ritaromano/.ssh/id_rsa debug1: Trying private key: /Users/ritaromano/.ssh/id_dsa debug1: Trying private key: /Users/ritaromano/.ssh/id_ecdsa debug1: Trying private key: /Users/ritaromano/.ssh/id_ed25519 debug1: Trying private key: /Users/ritaromano/.ssh/id_xmss debug1: Next authentication method: password

how can i fix?

i already went to /etc/ssh/sshd_config, enabled PasswordAuthentication and set to yes, enabled ChallengeResponseAuthentication and set to no.

then restarted ssh with

sudo launchctl stop com.openssh.sshd sudo launchctl start com.openssh.sshd

i'm on oS bigsur

Improve this question
3
  • 1
    try setting PermitRootLogin to yes Commented Nov 5, 2022 at 19:31
  • tried, but still same error :( Commented Nov 5, 2022 at 20:05
  • As a server admin you don't need to rely on client-side debug messages alone, you can and really should also look at what gets logged on the server. - Additionally the sudo launchctl commands looks to me like you're restarting the sshd on an Apple Mac and not the ssh daemon running on your Debian server. What is that supposed to achieve? Commented Nov 8, 2022 at 16:54

1 Answer 1

Reset to default
1

Generate a keys pair on the client:

ssh-keygen -t rsa

(You can prompt a passphrase for the key or leave it blank)

copy the local file

~/.ssh/id_rsa.pub

to the remote server folder

~/./ (or simply ~ of root user, [Note: /root/ folder])

on the remote server logged in as root:

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

(I think you can't access via ssh So you need any way to do this like vnc or rescue mode and chroot or maybe you can add the key file content to root authorized_keys file via web dashboard of your provider adding the public key file content via web form to access with your key )

then login from local ssh as root

ssh -p 50001 [email protected]

If it doesn't work post here your /etc/ssh/sshd_config file content from the remote server and detail more about your login trials process and other possible relevant information or completely remove openssh-server and reinstall it again

Note: Sometimes copy pasting passwords in console flush trash to the buffer so verify that the password is typed right key per key

Improve this answer
7
  • the problem is i can't access the server cause i always get that error when logging in. VNC gives me error too cause when i try to login i get UFW messages flooding and block my login... any other option to log and copy that file? Commented Nov 8, 2022 at 20:39
  • It depends on the possibilities you have... One possibility is to fix the firewall blocking issue, but I'm not sure why is blocking you but it could be one option if you could access trough VNC Commented Nov 8, 2022 at 23:31
  • Another option is to upload the key via provider dashboard, normally provider offer you one way to pass the ssh public keys directly to /root/authorized_keys file content. Another option may be to restart the server in rescue mode with a temporal root password and ssh access for rescue shell and once logged in via ssh with that temporal mode and ssh context you could make chroot after mount the partition in a folder (i.e /mnt) and "cat" the .pub file content >> to the root authorized_keys file. Commented Nov 8, 2022 at 23:31
  • If you are sure that the password is wich are you trying and you can't change it via provider dashboard may be you should to reinstall all (better if you have backup to restore) or open a ticket with your provider about the ufw/vnc issue or ssh password access. Note: If you can reboot in rescue mode and chroot you can first simply try to change the root password to one new and try with it without pubkey. In addition other possibilities could be possible if there is any setting that could be fixed in sshd_config file causing the issue or in the pam.d module settings Commented Nov 8, 2022 at 23:32
  • What provider do you have and/or wich kind of dashboard is using? Commented Nov 8, 2022 at 23:32

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.