8

I have a problem configuring my SSH server to be able to log in with public key, without password.

tail -f /var/log/auth.log gives

Feb 6 14:56:06 ubuntu sshd[24654]: rexec line 26: Deprecated option RhostsAuthentication Feb 6 14:56:28 ubuntu sshd[24654]: Invalid user mpsd from ip.ip.ip.ip Feb 6 14:56:28 ubuntu sshd[24654]: input_userauth_request: invalid user mpsd [preauth] Feb 6 14:56:28 ubuntu sshd[24654]: error: Received disconnect from ip.ip.ip.ip: 14: No supported authentication methods available [preauth]

I have checked that /home/mpsd/.ssh has 700 and /home/mpsd/.ssh/authorized_keys has 600 permissions. authorized_keys contains the rsa public key generated on my remote windows machine. my sshd_config reads

Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600 ServerKeyBits 1024 SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile ~/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes RhostsRSAAuthentication no RhostsAuthentication no HostbasedAuthentication no IgnoreUserKnownHosts yes PermitEmptyPasswords yes ChallengeResponseAuthentication no PasswordAuthentication no # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM no

I don't know why the message says invalid user, since it clearly exists. Thanks for any help.

Improve this question

4 Answers 4

Reset to default
3

At the moment your sshd configuration has no authentication methods enabled, thus it's impossible for sshd to authenticate users.

By default sshd uses the local PAM setup to authenticate users. But, ssmeone who administers your system changed the default UsePAM yes to UsePAM no. Simply revert this change.

Improve this answer
1
  • Ok one step further, now I am getting: Feb 6 20:47:08 ubuntu sshd[27177]: rexec line 38: Deprecated option RhostsAuthentication Feb 6 20:47:09 ubuntu sshd[27177]: reverse mapping checking getaddrinfo for ip5f5be106.dynamic.kabel-deutschland.de [ip.ip.ip.ip] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 6 20:47:09 ubuntu sshd[27177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.91.225.6 user=mpsd ----------------------- what does that mean? Commented Feb 6, 2015 at 19:47
0

Fyi: This does not work in RHEL 7

Set this to 'yes' to enable PAM authentication, account processing, and session processing. If this is enabled, PAM authentication will be allowed through the ChallengeResponseAuthentication and PasswordAuthentication. Depending on your PAM configuration, PAM authentication via ChallengeResponseAuthentication may bypass the setting of "PermitRootLogin without-password". If you just want the PAM account and session checks to run without PAM authentication, then enable this but set PasswordAuthentication and ChallengeResponseAuthentication to 'no'. WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several problems.

Improve this answer
0

In my case this issue is caused by the UID of the user. Letting the UID greater than or equal to 1000 may resolve the problem.

Improve this answer
0

For my case this error was because I was using the wrong user which did not exist in /etc/passwd of the remote machine, so either use an existing user or create the one you want to use in the remote machine:

sudo useradd -m -s /bin/bash <username> sudo passwd <username>
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.