Cannot login with SSH USERNAME@IPADDRESS, receive "Permission denied (publickey)" despite root user working

April 13, 2018 542 views
Getting Started Initial Server Setup Security Linux Basics Ubuntu 16.04

So the issue is that I can login to my server just fine using:

ssh root@SERVER_IP_ADRESS

But when I try to login with a user I created from root:

ssh USERNAME@SERVER_IP_ADRESS

I get:

Permission denied (publickey).

The steps I went through before this.

  1. SSH generated a key
  2. Created an Ubuntu 16.04 droplet with given SSH key.
  3. SSH into server with root
  4. $ adduser user_name
  5. usermod -aG sudo user_name

At this point I switch into my newly created user and can see that it's created and that the user has been added to sudo group with:

id -Gn

it displays "user_name sudo"

I've verified that the public key is in ~/.ssh/authorized_keys of both my root and user directory.

I'll "exit exit" out of user and server. And attempt to ssh with user to no success.

Even attempting:

ssh -i PRIVATE_KEY USER_NAME@SERVER_IP_ADDRESS

results in the same "Permission denied (publickey)."

I tried to use the ssh -v command to see what may be different between root and user.

ssh -i PRIVATE_KEY USER_NAME@SERVER_IP_ADDRESS -v

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 165.227.83.215 [165.227.83.215] port 22.
debug1: Connection established.
debug1: identity file test-key-fem type 1
debug1: key_load_public: No such file or directory
debug1: identity file test-key-fem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 165.227.83.215:22 as 'kevin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:HSPEtljdgqP4d9ZmZKSYGW9iyBfhclnWAKrbnYQam9Y
debug1: Host '165.227.83.215' is known and matches the ECDSA host key.
debug1: Found key in /Users/klufkin/.ssh/known_hosts:9
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: test-key-fem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
ssh -i PRIVATE_KEY ROOT@SERVER_IP_ADDRESS -v

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 165.227.83.215 [165.227.83.215] port 22.
debug1: Connection established.
debug1: identity file test-key-fem type 1
debug1: key_load_public: No such file or directory
debug1: identity file test-key-fem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 165.227.83.215:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:HSPEtljdgqP4d9ZmZKSYGW9iyBfhclnWAKrbnYQam9Y
debug1: Host '165.227.83.215' is known and matches the ECDSA host key.
debug1: Found key in /Users/klufkin/.ssh/known_hosts:9
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: test-key-fem
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 165.227.83.215 ([165.227.83.215]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-119-generic x86_64)

The main difference I see is that when I ssh with root user I'm getting this line:

debug1: Server accepts key: pkalg ssh-rsa blen 279

I'm running this all on my Mac OSX. And have no config file in my /.ssh directory on my computer.

Please let me know if there is something I am missing or if you need more information to help me. This is all fairly new to me so it's not super clear as to how to triage this issue.

3 Answers
klufkin April 13, 2018
Accepted Answer

So I found a working answer to my problem. Based off of this thread

If I want to add a user with whom I wish to SSH login with I can run these set of commands:

adduser user (adds a new user)
gpasswd -a user sudo (gives user sudo group permissions)
mkdir /home/user/.ssh (makes a ssh directory in user directory)
cp -Rfv /root/.ssh /home/user/ (Copies key auth file from root to user)
chown -Rfv user:user /home/user/.ssh (set ssh folder/file permissions to user)

after running these commands I can login using:

ssh user@server_ip_address

Thank you @ryanpq and @fishy for pointing me in the right direction! Ended up having to level up my knowledge of file permissions.

It sounds like you covered the required steps. When you copied your public key to the authorized_keys file on the server did you ensure that it is still owned by the new user and not root? If it is owned by root, permissions may not allow it to be used for a normal user to log in.

  • No I did not.

    Is this how would I check for this?

    ls -l .ssh
    

    It returns:

    total 4
    -rw------- 1 root root 434 Apr 12 21:34 authorized_keys
    

    I've not spent much time with file ownership, but is this saying that it is owned by root like you are saying? If so what do I need to do to change it? And why would it be owned by root and not new user?

    Thanks for your help.

    Edit: So I changed the ownership of the file by calling:

    chown user_name .ssh/authorized_keys
    

    I attempted logging in with SSH and still get the Permission denied message. In fact SSHing in with root does not work now (facepalm). This is a test server, so not end of the world. Still would like to know how to address this issue.

Try:

chown user:user .ssh/authorized_keys
chmod 0600 .ssh/authorized_keys
Have another answer? Share your knowledge.