0

I am trying to create user on EC2, following are the steps I performed.

root$ adduser abc --disabled-password
root$ sudo su abc
abc$ mkdir /home/abc/.ssh
abc$ chmod 700 /home/abc/.ssh
abc$ touch /home/abc/.ssh/authorized_keys
abc$ chmod 600 /home/abc/.ssh/authorized_keys
abc$ cat id_rsa.pub >> /home/abc/.ssh/authorized_keys

Then tried to log into this EC2 as user, but got following error :

local$ ssh [email protected]
[email protected]: Permission denied (publickey).

Then I tried 

local$ ssh [email protected] -vvv

OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/abc/.ssh/config
debug1: /Users/abc/.ssh/config line 33: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 45.121.95.191 port 22.
debug1: Connection established.
debug1: identity file /Users/abc/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/abc/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/abc/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/abc/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/abc/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/abc/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/abc/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/abc/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 pat OpenSSH_6.6.1* compat 0x04000000
debug3: fd 5 is O_NONBLOCK
debug1: Authenticating to 45.121.95.191:22 as 'abc'
debug3: hostkeys_foreach: reading file "/Users/abc/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /Users/abc/.ssh/known_hosts:6
debug3: load_hostkeys: loaded 1 keys from 45.121.95.191
.
.
.
debug1: Host '45.121.95.191' is known and matches the ECDSA host key.
debug1: Found key in /Users/abc/.ssh/known_hosts:6
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /Users/abc/.ssh/id_rsa (0x7fa1a650aa30)
debug2: key: /Users/abc/.ssh/id_dsa (0x0)
debug2: key: /Users/abc/.ssh/id_ecdsa (0x0)
debug2: key: /Users/abc/.ssh/id_ed25519 (0x0)
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:aQVTb3WY7P8cEgl2CF5f0XOUDtDbOvgj1SMMwPNlSfg /Users/abc/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/abc/.ssh/id_dsa
debug3: no such identity: /Users/abc/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /Users/abc/.ssh/id_ecdsa
debug3: no such identity: /Users/abc/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/abc/.ssh/id_ed25519
debug3: no such identity: /Users/abc/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

Even ssh -i /Users/abc/.ssh/id_rsa [email protected] gives the same error.

I am trying to understand why user authentication not working, I am suspecting something wrong with /home/abc/.ssh/authorized_keys. someone can help ?

UPDATE :

Also this from /var/log/auth.log 

Address ${MyPublicIP} maps to ${InternetProvider}, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Connection closed by ${MyPublicIP} [preauth]
Improve this question
4
  • Since .ssh permissions are ok, probably /home/abc is not ok. Commented Aug 1, 2018 at 21:08
  • What key is this on the ec2? abc$ cat id_rsa.pub >> /home/abc/.ssh/authorized_keys? It's the .pub from the local key-pair, right? Commented Aug 1, 2018 at 22:01
  • Yes id_rsa.pub is public key from local key-pair Commented Aug 2, 2018 at 12:54
  • Did you have a look at sshd logs? It usually provides clear info on rejection cause. Commented Oct 25, 2023 at 3:24

1 Answer 1

Reset to default
0

You should debug on the server, the ssh client can't tell you much.

Look at the entry in /etc/shadow. Is the account disabled? Is the second field "*" or "!"?

Edit:
From your log it seems to be a problem with DNS verification. The DNS verification can cause more problems than it solves (as long as you don't do logins based on DNS host name, which hopefully nobody does these days).

In /etc/ssh/sshd_config, set UseDNS no. You may also need GSSAPIAuthentication no.

Improve this answer
2
  • root$ grep abc /etc/shadow abc:!:17744:0:99999:7::: Commented Aug 2, 2018 at 12:57
  • Try "UseDNS no". Commented Aug 2, 2018 at 17:22

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.