[SOLVED] SSH Into Fedora Fails

[melal]

OK, once again.

To be able to copy your public key to ssh-server from ssh-client using ssh-copy-id utility, enable temporarily password authentification, uncomment if commented line and change it to "yes" in file /etc/ssh/sshd_config at ssh-server:

Code:

PasswordAuthentication yes
systemctl restart sshd.service

After the public key will be copied from ssh-client to ssh-server you can disable ssh password authentification again, if you don't need it of course, at your ssh-server (change the line in /etc/ssh/sshd_config of ssh-server and restart it):

Code:

PasswordAuthentication no
systemctl restart sshd.service

I don't recommend to edit authorized_keys files manually anyway unless you don't understand all of the things in details. Use ssh-copy-id utility opening temporarily SSH password authentification. If you still to have any problems - delete authorized_keys file at your ssh-server for backuppc user and do from every ssh-client described by me in my previous post for every user from your ssh-client machines.

[Serophis]

Wow, did I play around a lot with settings... At any rate, noticed a footnote about PAM not being supported in Fedora, so I disabled it on both sides.

I noticed that copying&pasting keys worked from laptop to server, but not vice versa (even with and without user name in the end, and even with and without from=""). Password authentication simply does not work either, even if I type in the correct password (or lack thereof; yes I uncommented 'PermitEmptyPasswords yes' before trying). I also disabled the other authentication methods used on the laptop to get rid of the many errors when trying to ssh from server to laptop. Now my only errors (server-side only) involve publickey and password.

Anyhow, is there a way to disable any form of authentication whatsoever? It's the only way to ssh-copy-id into the laptop.

EDIT: I managed to resolve ips, so now I can just use names, yay.

[melal]

Quote:

Originally Posted by Serophis

Wow, did I play around a lot with settings... At any rate, noticed a footnote about PAM not being supported in Fedora, so I disabled it on both sides.

I noticed that copying&pasting keys worked from laptop to server, but not vice versa (even with and without user name in the end, and even with and without from=""). Password authentication simply does not work either, even if I type in the correct password (or lack thereof; yes I uncommented 'PermitEmptyPasswords yes' before trying). I also disabled the other authentication methods used on the laptop to get rid of the many errors when trying to ssh from server to laptop. Now my only errors (server-side only) involve publickey and password.

Anyhow, is there a way to disable any form of authentication whatsoever? It's the only way to ssh-copy-id into the laptop.

1. PAM auth works perfect under Fedora.
2. What does your Fedora log /var/log/secure say?
3. Please, if something is wrong with ssh give everytime verbose output:

Code:

ssh -vvvv user@host

and log information from /var/log/secure - without this information it's too difficult to say something.
4. Try to use config file from one of my working servers: sshd_config.txt

[melal]

Quote:

Originally Posted by melal

1. PAM auth works perfect under Fedora.
2. What does your Fedora log /var/log/secure say?
3. Please, if something is wrong with ssh give everytime verbose output:

Code:

ssh -vvvv user@host

and log information from /var/log/secure - without this information it's too difficult to say something.
4. Try to use config file from one of my working servers: Attachment 23657

By the way, you wrote that there are no problems if you are establishing connection for root. If you can't establish connection as regular user - the problem is in keys and other files from /home/user/.ssh (right access, files itself etc.) possible at both ssh-server and ssh-client.

[Serophis]

Below is everything. From what I could tell, the permissions on authorized_keys seems to be wrong. Alas, my head is spinning. Also, I am very thankful for the help so far. You have patience, friend!

[melal]

Quote:

Originally Posted by Serophis

Below is everything. From what I could tell, the permissions on authorized_keys seems to be wrong. Alas, my head is spinning. Also, I am very thankful for the help so far. You have patience, friend!

First of all about problems I see at the moment:

1. You have 2 lines PasswordAuthentication in sshd_config in laptop:

Code:

PasswordAuthentication no
PermitEmptyPasswords no
PasswordAuthentication no

remove one of this duplicate lines

2. Change sshd_config of your laptop as follows:

Code:

RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication yes
UsePAM yes

Pay your attention to comment in sshd_config of laptop: "WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems."

3. Your ssh -vvvv says that you are trying to connect from server to itself (to localhost = 127.0.0.1), but not to laptop (192.168.0.193), look:

Code:

debug1: Connecting to localhost [127.0.0.1] port 22

4. Your secure log from laptop says:

Code:

Authentication refused: bad ownership or modes for file /home/backuppc/.ssh/authorized_keys

I suggested already to remove this file as there is a high probability that this file has some mistakes, as you edited it manually - this file is not so simple as some guys consider. But before removing the file try to fix ownership - it must be owed by user backuppc and has 644 access rights, just do as root:

Code:

chown backuppc:backuppc /home/backuppc/.ssh/authorized_keys
chmod 644 /home/backuppc/.ssh/authorized_keys

5. Another thing I see - changed (not default) identity files location /var/lib/backuppc/.ssh/ at your server (your ssh-client with Debian, not Fedora). If this location is not what you expects, you can change it at your server in /etc/ssh/ssh_config (not the same as /etc/ssh/sshd_config !!!) by changing lines IdentityFile inside this file, for example:

Code:

IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa

if you want to have default location of your ssh identity files.

[Serophis]

You are officially my most favorite person in the world. Following your suggestions it finally works both ways! This has really been an issue for months now and I cannot begin to describe the sense of relief!

Thank you again! You, my friend, are awesome!