Eucalyptus

Bug #557364
Comment #6

Comment 6 for bug 557364

Revision history for this message

David Kavanagh (david-kavanagh) wrote on 2014-07-22: Re: [Bug 557364] Re: Can't ssh my instance. Permission denied (publickey)

I recommend going to <email address hidden> for help or #eucalyptus IRC
on freenode

On Tue, Jul 22, 2014 at 8:34 AM, gzfeucalyptus <email address hidden> wrote:

> hi，i am a student and i learn eucalyptus few days. i create an EMI with
> ios and launch an instance successfully, but i can't log into its. Wound
> you give me some advice ? thank you!
>
> --
> You received this bug notification because you are a member of
> Eucalyptus Maintainers, which is subscribed to Eucalyptus.
> https://bugs.launchpad.net/bugs/557364
>
> Title:
> Can't ssh my instance. Permission denied (publickey)
>
> Status in Eucalyptus:
> Incomplete
> Status in Portable OpenSSH:
> New
>
> Bug description:
> Hi all:
>
> I got running the Ubuntu Karmic Koala image from the store in my
> private cloud (I use UEC). When I try to connect it via ssh I got the
> next error: "Permission denied (public key)". If I try through putty,
> it reaches the instance and prompts me for a username, but right after
> inputting anything this message comes up "Disconnected: No supported
> authentication methods available".
>
> I have run ssh -v and this is the result:
>
> OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to myInstanceIP [myInstanceIP ] port 22.
> debug1: Connection established.
> debug1: identity file /home/cediant/.euca/mykey.priv type -1
> debug1: Remote protocol version 2.0, remote software version
> OpenSSH_5.1p1 Debian-6ubuntu2
> debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'myInstanceIP ' is known and matches the RSA host key.
> debug1: Found key in /home/cediant/.ssh/known_hosts:1
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/cediant/.euca/mykey.priv
> debug1: read PEM private key done: type RSA
> debug1: Authentications that can continue: publickey
> debug1: No more authentication methods to try.
> Permission denied (publickey).
>
> Looking on the internet I found a post saying that you won't ever be
> able to ssh your instance because it doesn't have your public key.
> Could it be tha?
>
> In case it may be relevant I also post the etc/ssh/sshd_config:
>
> # Package generated configuration file
> # See the sshd(8) manpage for details
>
> # What ports, IPs and protocols we listen for
> Port 22
> # Use these options to restrict which interfaces/protocols sshd will
> bind to
> #ListenAddress ::
> #ListenAddress 0.0.0.0
> Protocol 2
> # HostKeys for protocol version 2
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> #Privilege Separation is turned on for security
> UsePrivilegeSeparation yes
>
> # Lifetime and size of ephemeral version 1 server key
> KeyRegenerationInterval 3600
> ServerKeyBits 768
>
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
>
> # Authentication:
> LoginGraceTime 120
> PermitRootLogin yes
> StrictModes yes
>
> RSAAuthentication yes
> PubkeyAuthentication yes
> #AuthorizedKeysFile %h/.ssh/authorized_keys
>
> # Don't read the user's ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # For this to work you will also need host keys in /etc/ssh_known_hosts
> RhostsRSAAuthentication no
> # similar for protocol version 2
> HostbasedAuthentication no
> # Uncomment if you don't trust ~/.ssh/known_hosts for
> RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
>
> # To enable empty passwords, change to yes (NOT RECOMMENDED)
> PermitEmptyPasswords no
>
> # Change to yes to enable challenge-response passwords (beware issues
> with
> # some PAM modules and threads)
> ChallengeResponseAuthentication no
>
> # Change to no to disable tunnelled clear text passwords
> #PasswordAuthentication yes
>
> # Kerberos options
> #KerberosAuthentication no
> #KerberosGetAFSToken no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
>
> # GSSAPI options
> #GSSAPIAuthentication no
> #GSSAPICleanupCredentials yes
>
> X11Forwarding yes
> X11DisplayOffset 10
> PrintMotd no
> PrintLastLog yes
> TCPKeepAlive yes
> #UseLogin no
>
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
>
> # Allow client to pass locale environment variables
> AcceptEnv LANG LC_*
>
> Subsystem sftp /usr/lib/openssh/sftp-server
>
> UsePAM yes
>
>
>
> Does anything occur to you?
>
> Thanks
>
> Elena.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/eucalyptus/+bug/557364/+subscriptions
>

*_________________________*

*David Kavanagh - *Software Engineer

*Eucalyptus Systems*

www.eucalyptus.com

*_________________________*

I recommend going to euca-users@eucalyptus.com for help or #eucalyptus IRC
on freenode

On Tue, Jul 22, 2014 at 8:34 AM, gzfeucalyptus <806011278@qq.com> wrote:

> hi，i am a  student and i learn eucalyptus few days. i create an EMI with
> ios and launch an instance successfully, but i can't log into its. Wound
> you give me some advice ?  thank you!
>
> --
> You received this bug notification because you are a member of
> Eucalyptus Maintainers, which is subscribed to Eucalyptus.
> https://bugs.launchpad.net/bugs/557364
>
> Title:
>   Can't ssh my instance. Permission denied (publickey)
>
> Status in Eucalyptus:
>   Incomplete
> Status in Portable OpenSSH:
>   New
>
> Bug description:
>   Hi all:
>
>   I got running the Ubuntu Karmic Koala image from the store in my
>   private cloud (I use UEC). When I try to connect it via ssh I got the
>   next error: "Permission denied (public key)". If I try through putty,
>   it reaches the instance and prompts me for a username, but right after
>   inputting anything this message comes up "Disconnected: No supported
>   authentication methods available".
>
>   I have run ssh -v and this is the result:
>
>   OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007
>   debug1: Reading configuration data /etc/ssh/ssh_config
>   debug1: Applying options for *
>   debug1: Connecting to myInstanceIP [myInstanceIP ] port 22.
>   debug1: Connection established.
>   debug1: identity file /home/cediant/.euca/mykey.priv type -1
>   debug1: Remote protocol version 2.0, remote software version
> OpenSSH_5.1p1 Debian-6ubuntu2
>   debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH*
>   debug1: Enabling compatibility mode for protocol 2.0
>   debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2
>   debug1: SSH2_MSG_KEXINIT sent
>   debug1: SSH2_MSG_KEXINIT received
>   debug1: kex: server->client aes128-cbc hmac-md5 none
>   debug1: kex: client->server aes128-cbc hmac-md5 none
>   debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>   debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>   debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>   debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>   debug1: Host 'myInstanceIP ' is known and matches the RSA host key.
>   debug1: Found key in /home/cediant/.ssh/known_hosts:1
>   debug1: ssh_rsa_verify: signature correct
>   debug1: SSH2_MSG_NEWKEYS sent
>   debug1: expecting SSH2_MSG_NEWKEYS
>   debug1: SSH2_MSG_NEWKEYS received
>   debug1: SSH2_MSG_SERVICE_REQUEST sent
>   debug1: SSH2_MSG_SERVICE_ACCEPT received
>   debug1: Authentications that can continue: publickey
>   debug1: Next authentication method: publickey
>   debug1: Trying private key: /home/cediant/.euca/mykey.priv
>   debug1: read PEM private key done: type RSA
>   debug1: Authentications that can continue: publickey
>   debug1: No more authentication methods to try.
>   Permission denied (publickey).
>
>   Looking on the internet I found a post saying that you won't ever be
>   able to ssh your instance because it doesn't have your public key.
>   Could it be tha?
>
>   In case it may be relevant I also post the etc/ssh/sshd_config:
>
>   # Package generated configuration file
>   # See the sshd(8) manpage for details
>
>   # What ports, IPs and protocols we listen for
>   Port 22
>   # Use these options to restrict which interfaces/protocols sshd will
> bind to
>   #ListenAddress ::
>   #ListenAddress 0.0.0.0
>   Protocol 2
>   # HostKeys for protocol version 2
>   HostKey /etc/ssh/ssh_host_rsa_key
>   HostKey /etc/ssh/ssh_host_dsa_key
>   #Privilege Separation is turned on for security
>   UsePrivilegeSeparation yes
>
>   # Lifetime and size of ephemeral version 1 server key
>   KeyRegenerationInterval 3600
>   ServerKeyBits 768
>
>   # Logging
>   SyslogFacility AUTH
>   LogLevel INFO
>
>   # Authentication:
>   LoginGraceTime 120
>   PermitRootLogin yes
>   StrictModes yes
>
>   RSAAuthentication yes
>   PubkeyAuthentication yes
>   #AuthorizedKeysFile     %h/.ssh/authorized_keys
>
>   # Don't read the user's ~/.rhosts and ~/.shosts files
>   IgnoreRhosts yes
>   # For this to work you will also need host keys in /etc/ssh_known_hosts
>   RhostsRSAAuthentication no
>   # similar for protocol version 2
>   HostbasedAuthentication no
>   # Uncomment if you don't trust ~/.ssh/known_hosts for
> RhostsRSAAuthentication
>   #IgnoreUserKnownHosts yes
>
>   # To enable empty passwords, change to yes (NOT RECOMMENDED)
>   PermitEmptyPasswords no
>
>   # Change to yes to enable challenge-response passwords (beware issues
> with
>   # some PAM modules and threads)
>   ChallengeResponseAuthentication no
>
>   # Change to no to disable tunnelled clear text passwords
>   #PasswordAuthentication yes
>
>   # Kerberos options
>   #KerberosAuthentication no
>   #KerberosGetAFSToken no
>   #KerberosOrLocalPasswd yes
>   #KerberosTicketCleanup yes
>
>   # GSSAPI options
>   #GSSAPIAuthentication no
>   #GSSAPICleanupCredentials yes
>
>   X11Forwarding yes
>   X11DisplayOffset 10
>   PrintMotd no
>   PrintLastLog yes
>   TCPKeepAlive yes
>   #UseLogin no
>
>   #MaxStartups 10:30:60
>   #Banner /etc/issue.net
>
>   # Allow client to pass locale environment variables
>   AcceptEnv LANG LC_*
>
>   Subsystem sftp /usr/lib/openssh/sftp-server
>
>   UsePAM yes
>
>
>
>   Does anything occur to you?
>
>   Thanks
>
>   Elena.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/eucalyptus/+bug/557364/+subscriptions
>

*_________________________*

*David Kavanagh - *Software Engineer

*Eucalyptus Systems*

www.eucalyptus.com

*_________________________*