Fedora Linux Support Community & Resources Center
  #1  
Old 20th August 2012, 02:08 PM
Serophis Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 43
linuxfirefox
SSH Into Fedora Fails

Salutations fedorians,

I have set up Backuppc on a Debian (Lenny) server to take backups of my Fedora 17 laptop. I'm using 'rsync' through 'ssh' with passwordless key authentication. The problem seems to be that the Debian server can't connect to my laptop through ssh at all, with the error message:
Quote:
ssh: connect to host IP port 22: No route to host
When backup fails, the error on the web interface is:
Quote:
Last error is "Unable to read 4 bytes".
Even stranger is the fact that I'm fully able to ping my laptop (router too), which would indicate that nothing is wrong.

Assume that all keys are in order, because I have been very thorough there; I even had to generate host keys on Fedora - because it had none to begin with - and manually copy it to the Debian server's known_hosts file. In fact, both sides have public keys that are present on the other side's authorized_keys file (keys have even been double-checked to make sure they are the right ones in the right place).

Note that I have tried these things with the firewall turned off on both the router and Fedora. Also, connections work just fine the other way around (from backuppc@laptop to backuppc@server).

What could possibly be going on here?

Reference on setup:
http://forums.fedoraforum.org/showthread.php?t=281806
http://forums.fedoraforum.org/showthread.php?t=281428

Last edited by Serophis; 20th August 2012 at 02:11 PM.
Reply With Quote
  #2  
Old 20th August 2012, 03:22 PM
melal Offline
Registered User
 
Join Date: Aug 2012
Location: Ukraine
Posts: 15
linuxubuntufirefox
Re: SSH Into Fedora Fails

May you kindly post output of the following command running on your server:

Code:
telnet xxx.xxx.xxx.xxx 22
Where xxx.xxx.xxx.xxx - IP-address of your laptop. I assume that you are using default SSH-port - 22, if it's not true, please, change the port to your actual one.

And of course, post, please, the verbose output of ssh:

Code:
ssh -vvvv user@host
Reply With Quote
  #3  
Old 20th August 2012, 09:38 PM
droidhacker Offline
Registered User
 
Join Date: Oct 2009
Posts: 827
linuxfirefox
Re: SSH Into Fedora Fails

please post output of 'iptables --list'.
Reply With Quote
  #4  
Old 21st August 2012, 10:13 AM
Serophis Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 43
linuxfirefox
Re: SSH Into Fedora Fails

Thanks for the swift response!

Quote:
Originally Posted by melal View Post
Code:
telnet xxx.xxx.xxx.xxx 22
Code:
ssh -vvvv user@host
The first command gives me (on both root and backuppc user on the server):
Quote:
telnet: Unable to connect to remote host: No route to host
The second gives me:
Quote:
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.193 [192.168.0.193] port 22.
debug1: connect to address 192.168.0.193 port 22: No route to host
ssh: connect to host 192.168.0.193 port 22: No route to host
---------------------------------------

Quote:
Originally Posted by droidhacker View Post
please post output of 'iptables --list'.
The output on root from the laptop is:
Quote:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdns
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables is the firewall, right? The problem persists even with the firewall disabled (on both the Fedora system and router).
Reply With Quote
  #5  
Old 21st August 2012, 11:16 AM
stevea Offline
Registered User
 
Join Date: Apr 2006
Location: Ohio, USA
Posts: 8,991
linuxfirefox
Re: SSH Into Fedora Fails

You all hould review this, quickly,
http://forums.fedoraforum.org/showthread.php?t=282819

The OP question is poorly stated. It's really annoying to see something like
"can't connect to my laptop through ssh at all, with the error message ..."
Great that you quoted the exact error message - but it's just short of useless without showing the exact command that generated it.

The replies are 'shotgun' approaches - but thats all that anyone can offer without more information.


So here is the current status.

1/ The ssh command *SEEMS* to resolve to ...
ssh 192.168.0.193
which is PRESUMABLY the IP of the laptop.

2/ The proper laptop iptables is not given.
The command "iptables --list" is not the right command. It lists the rule without listing the interfaces they apply to.
So in the post above the iptables input rule "ACCEPT all -- anywhere anywhere "
would seem to accept all packets, which makes all the subsequent rules useless.
But most likely that rule only applies to the 'lo' interface. You should use the command
iptables-save
or
iptables -v --list
to get a complete dump of the tables.

In the meantime, assuming you've used the firewall tool, and the accept all is for 'lo' then
you have every tcp port blocked, and any attempt to connect to the laptop by tcp will result
in the "reject-with icmp-host-prohibited"

That firewall is NOT disabled.

3/ The message "ssh: connect to host 192.168.0.193 port 22: No route to host" means one of two things.
Either
A/ The ip address does not get ARP resolution to a MAC address in which case ping would fail)
or
B/ The server 192.168.0.193 produced an icmp reject response to the connection attempt. IOW you hit the 'reject-with icmp-host-prohibited' firewall rule.

Since you can ping, this means the firewall is blocking.

If the port was open and sshd was not listening you'd get a 'timeout' message.

Your firewall is up.
__________________
None are more hopelessly enslaved than those who falsely believe they are free.
Johann Wolfgang von Goethe

Last edited by stevea; 21st August 2012 at 11:28 AM.
Reply With Quote
  #6  
Old 21st August 2012, 11:28 AM
melal Offline
Registered User
 
Join Date: Aug 2012
Location: Ukraine
Posts: 15
linuxubuntufirefox
Re: SSH Into Fedora Fails

If you are able ping your laptop from server, there can be several reasons for ssh fails. First of all you must be sure that there are no network routing problems. The second reason I met 2-3 years ago a strange behavior of ssh-clients with client message "No route to host" if ssh-client isn't able to resolve hostname of ssh-server (even if you are trying to connect by ssh by IP-address). And of course it can be firewall problems. OK, lets start step by step. As it follows from your post your laptop has IP-address 192.168.0.193.

1. From root or sudo execute at your laptop (where ssh-server resides) and server (where ssh-client resides):

Code:
iptables -F
Try to connect afterwards from server to laptop by ssh without any "reboots".

2. Add to file /etc/sysconfig/iptables at your laptop (where ssh-server resides) after the lines:

Code:
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
this new line

Code:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Save file and restart iptables from root or sudo:

Code:
service iptables restart
Post output of

Code:
iptables -L
Try to connect afterwards from server to laptop by ssh.

3. Add at your server (where ssh-client resides) at the end of file /etc/hosts using your text editor (for example, nano or vim) line and save the file:

Code:
192.168.0.193   myproblemlaptop
Try to connect from server to laptop by ssh using defined hostname (not by IP):

Code:
ssh user@myproblemlaptop
4. From root or sudo execute at your server (where ssh-client resides) and post output:

Code:
traceroute -T -p 22 192.168.0.193
ip addr
route -n
nmap -p 22 -v -A 192.168.0.193
5. From root or sudo execute at your laptop (where ssh-server resides) and post output:

Code:
ip addr
route -n
netstat -nlpt
service sshd status
iptables -L

Last edited by melal; 21st August 2012 at 11:39 AM.
Reply With Quote
  #7  
Old 21st August 2012, 12:52 PM
Serophis Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 43
linuxfirefox
Exclamation Re: SSH Into Fedora Fails

Since this is a free support site, I don't actually expect people to read through everything in order to help me since it can quickly become too much information (but perhaps I was mistaken in that assumption). I was only trying to give what I believed to be the most relevant information and provide more if it was needed/called for. From what I can gather from stevea's post, this is bad practice, so I will try now to be as thorough as possible and give as much information as possible.

Server hardware = Seagate Blackarmor NAS 220 with two disks in (unsure) RAID1, 3TB each.
Server software = Debian (Lenny) which has been installed a custom firmware following this guide which originates from this thread on Seagate support forums. Wether it's 32-bit or 64-bit is unknown as the output of the command 'uname -m' yields "armv5tejl". The kernel version is (output from command 'uname -r') 2.6.22.18. Iptables version sidenote:I was convinced until today that the server had no firewall (part of the output of command 'iptables -F') v1.4.2. OpenSSH version (output from command 'ssh -V') is OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007. Backuppc version is 3.1.0 according to the web interface.
Server local IP = 192.168.0.194

Laptop hardware = Asus N55SF with Fedora installed on a SSD which has been fitted into a caddy.
Laptop software = Fedora 17 64-bit with the most recent updates.
Laptop local IP = 192.168.0.193

Router = D-LINK DIR-635 with Hardware Version: B3 and Firmware Version: 2.33EU

Info: All activity on the server is done through the laptop after ssh'ing to the server. This is the only way to do something server-side (assuming you can't issue commands and the like through the backuppc web interface).

The router has firewall enabled and I have not configured anything there with regards to the server and laptop. Neither have I configured iptables on either the server or laptop. Firewall settings are default.

Problem description:
When issuing the commands...:
Quote:
ssh 192.168.0.193
ssh root@192.168.0.193
ssh backuppc@192.168.0.193
... from the server as either root or backuppc user, the following error occurs:
Quote:
ssh: connect to host 192.168.0.193 port 22: No route to host
Connecting from the laptop to the server works just fine.

Hint: I am able to ping just fine both ways.

Output from command 'iptables -v --list':
From user root on the server:
Quote:
iptables v1.4.2: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
From user root on the laptop:
Quote:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
9124 10M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
4 336 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
3 180 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
204 28255 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 6344 packets, 529K bytes)
pkts bytes target prot opt in out source destination
If there is information missing please tell me what information you need and how I can retrieve it (as I most likely won't know myself).

Sidenote: I'm hoping this post is better practice than my original OP and will do justice to stevea's post as well. Also, apologies to melal if I wasted your time by not giving some of this information sooner. I'm not so sure what is relevant, but looking over it now the version numbers seem relevant, especially since I tried the command 'iptables -F' on the server which came with the following:
Quote:
iptables v1.4.2: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Last edited by Serophis; 21st August 2012 at 12:58 PM.
Reply With Quote
  #8  
Old 21st August 2012, 01:04 PM
stevea Offline
Registered User
 
Join Date: Apr 2006
Location: Ohio, USA
Posts: 8,991
linuxfirefox
Re: SSH Into Fedora Fails

melal - please read the link I gave above. You are posting a lot of dubious methods and driving the OP into unrelated or redundant issues.

Code:
iptables -F
Great that flushes all your tables (removes the active ones), which might be part of a test but is not a solution,

Quote:
2. Add to file /etc/sysconfig/iptables at your laptop (where ssh-server resides) after the lines:

Code:
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
No! Manually editing that file for a noob is not smart at all.

Quote:
this new line

Code:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
That's silly UNLESS you know what is already in that file. So far we can only guess.


Quote:
Post output of

Code:
iptables -L
I already explained why "iptables --list" or the identical "iptables -L" don't tell us what we need to know.
.

Quote:
....
The OP does NOT need to set an /etc/hosts entry nor run traceroute. That is just adds pointless side topics.
Traceroute is unecessary since ping success tells us both routes work.


Quote:
5. From root or sudo execute at your laptop (where ssh-server resides) and post output:

Code:
ip addr
route -n
netstat -nlpt
service sshd status
iptables -L
Shotgun approach - random commands. They would have been useful in post#1 as background, but we already can intuit most of the info or know it is not needed. Specifically,
ip addr - pointless, we already know the laptop IP.
route -n - a deprecated command (use "ip route" instead), and since ping works we know the routes are good. Deprecated and Not needed here.
netstat -nlpt - a useful command to know, but there is zero evidence that sshd service is a problem. It's off-topic and not based on deduction from symptoms. Note: "ss -lp" is a more modern command for this.
service sshd status - again, no evidence of any service failure is present. Not deductive thinking. LAcks justification.
iptables -L - without the -v option does not provide enough info to analyze the firewall. Ineffective.

==================


NO the above approach is not appropriate, is dangerous for system stability, misdirects effort, and is wrong in several respects.

The main problem is the firewall, and UNLESS the OP is familiar with writing iptables rules he should NOT edit any /etc/sysconfig files manually and should instead use the firewall tool.

system-config-firewall

Run that tool on the laptop.
Select the 'Trusted Services' tab.
If the green "enable" button is present select it, then hit the "apply" button ("yes "at the "are you sure" popup)
Put a checkmark next to the "SSH tcp/22" line.
Click "Apply"" and yes" to the "are you sure" popup.
Close the tool.


After this the FULL iptables dump should look about like this ...
Code:
[root@crucibulum Desktop]# iptables-save 
# Generated by iptables-save v1.4.14 on Tue Aug 21 06:26:28 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [38:2003]    (numbers will vary)
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Aug 21 06:26:28 2012

=========

Then try to connect.
Post the command and result if there are errors.
__________________
None are more hopelessly enslaved than those who falsely believe they are free.
Johann Wolfgang von Goethe
Reply With Quote
  #9  
Old 21st August 2012, 01:34 PM
Serophis Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 43
linuxfirefox
Re: SSH Into Fedora Fails

Quote:
Originally Posted by stevea View Post
system-config-firewall

Run that tool on the laptop.
Select the 'Trusted Services' tab.
If the green "enable" button is present select it, then hit the "apply" button ("yes "at the "are you sure" popup)
Put a checkmark next to the "SSH tcp/22" line.
Click "Apply"" and yes" to the "are you sure" popup.
Close the tool.


After this the FULL iptables dump should look about like this ...
[...]

=========

Then try to connect.
Post the command and result if there are errors.
Note that I have executed the command 'iptables -F' on the laptop prior to trying your post.

The "SSH tcp/22" line was already checked.

Output of 'iptables-save' command:
Quote:
# Generated by iptables-save v1.4.14 on Tue Aug 21 13:27:14 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8672:855446]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Aug 21 13:27:14 2012
When I try 'ssh 192.168.0.193' and 'ssh root@192.168.0.193' from the server to laptop now the following error appears:
Quote:
ssh: connect to host 192.168.0.193 port 22: Connection refused
I can still ping the laptop.

Could it have something to do with the firewall on the server or router? I know how to forward ports on the router.

Thank you kindly for your help.
Reply With Quote
  #10  
Old 21st August 2012, 01:51 PM
melal Offline
Registered User
 
Join Date: Aug 2012
Location: Ukraine
Posts: 15
linuxubuntufirefox
Re: SSH Into Fedora Fails

Quote:
Originally Posted by stevea View Post
melal - please read the link I gave above. You are posting a lot of dubious methods and driving the OP into unrelated or redundant issues.

Great that flushes all your tables (removes the active ones), which might be part of a test but is not a solution,

....................................
Dear stevea, nothing from given by me is "permanent" solution. I gave to Serophis step by step solution as method of search for real problem. After my instruction will be executed by Serophis completely - I'll be able to give complete "permanent" solution. All of the commands I gave aren't "dubious" as they just give possibility to find real problem and solve it with another afterwards with "permanent" methods. It's much better than just to ask user check iptables chains and no more. We don't write official Users Manual or PhD thesis here, but just solve a small problem of definite user.

---------- Post added at 02:51 PM ---------- Previous post was at 02:43 PM ----------

Quote:
Originally Posted by Serophis View Post
Note that I have executed the command 'iptables -F' on the laptop prior to trying your post.

The "SSH tcp/22" line was already checked.

Output of 'iptables-save' command:


When I try 'ssh 192.168.0.193' and 'ssh root@192.168.0.193' from the server to laptop now the following error appears:


I can still ping the laptop.

Could it have something to do with the firewall on the server or router? I know how to forward ports on the router.

Thank you kindly for your help.
Dear Serophis, as you see now:

Code:
 ssh: connect to host 192.168.0.193 port 22: Connection refused
please, post verbose output for this ssh-connection:

Code:
ssh -vvvv user@host

Last edited by melal; 21st August 2012 at 02:00 PM.
Reply With Quote
  #11  
Old 21st August 2012, 01:59 PM
Serophis Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 43
linuxfirefox
Re: SSH Into Fedora Fails

Quote:
Originally Posted by melal View Post
please, post verbose output for this ssh-connection:
Output of command (as root and backuppc server-side) 'ssh -vvvv 192.168.0.193' and 'ssh -vvvv root@192.168.0.193' and 'ssh -vvvv backuppc@192.168.0.193' is:
Code:
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.193 [192.168.0.193] port 22.
debug1: connect to address 192.168.0.193 port 22: Connection refused
ssh: connect to host 192.168.0.193 port 22: Connection refused
Thank you kindly for your help.
Reply With Quote
  #12  
Old 21st August 2012, 02:26 PM
melal Offline
Registered User
 
Join Date: Aug 2012
Location: Ukraine
Posts: 15
linuxubuntufirefox
Re: SSH Into Fedora Fails

Quote:
Originally Posted by Serophis View Post
Output of command (as root and backuppc server-side) 'ssh -vvvv 192.168.0.193' and 'ssh -vvvv root@192.168.0.193' and 'ssh -vvvv backuppc@192.168.0.193' is:
Code:
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.193 [192.168.0.193] port 22.
debug1: connect to address 192.168.0.193 port 22: Connection refused
ssh: connect to host 192.168.0.193 port 22: Connection refused
Thank you kindly for your help.
Please, check if your sshd service at laptop (Fedora) is running, execute as root:

Code:
service sshd status
or (this will give the same result)

Code:
systemctl status sshd.service
If it is not active execute as root:

Code:
service sshd start
or (which is the same as previous)

Code:
systemctl start sshd.service
and tell us what's happened.

If your sshd service will be not active you may enable it at system startup as root:

Code:
systemctl enable sshd.service

Last edited by melal; 21st August 2012 at 02:40 PM.
Reply With Quote
  #13  
Old 21st August 2012, 02:41 PM
Serophis Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 43
linuxfirefox
Re: SSH Into Fedora Fails

Quote:
Originally Posted by melal View Post
and tell us what's happened.
It works! I can't believe it was that simple! ssh from server to laptop works now, but only to root on the laptop. Keys seem to be in order on both sides (I haven't checked host keys), but when I try command 'ssh backuppc@192.168.0.193' the following error occurs:
Quote:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Hint: I'm fairly certain the backuppc user on the laptop doesn't have a password.

EDIT: Also, issuing the command 'ssh backuppc@192.168.0.194' from the laptop works flawlessly.

Last edited by Serophis; 21st August 2012 at 02:47 PM. Reason: Omitted information
Reply With Quote
  #14  
Old 21st August 2012, 03:28 PM
melal Offline
Registered User
 
Join Date: Aug 2012
Location: Ukraine
Posts: 15
linuxubuntufirefox
Re: SSH Into Fedora Fails

Quote:
Originally Posted by Serophis View Post
It works! I can't believe it was that simple! ssh from server to laptop works now, but only to root on the laptop. Keys seem to be in order on both sides (I haven't checked host keys), but when I try command 'ssh backuppc@192.168.0.193' the following error occurs:


Hint: I'm fairly certain the backuppc user on the laptop doesn't have a password.

EDIT: Also, issuing the command 'ssh backuppc@192.168.0.194' from the laptop works flawlessly.
OK, finally we can say there were 2 problems at you initially:
1. Closed port 22 in iptables firewall.
2. sshd wasn't active

To solve this 2 problems permanently you should do as root:

1. Open port 22 (SSH) using system utility, which has pseudo-graphics intuitive interface:

Code:
system-config-firewall
2. Enable sshd service at system startup:

Code:
systemctl enable sshd.service
To solve your auth problem by ssh you have to understand the whole process from user side for passwordless SSH-authentification. Lets say you have ssh-client and ssh-server computers and you want "enter" from ssh-client to ssh-server as user backuppc.

1. Check if you have system user backuppc at your ssh-server:

Code:
finger backuppc
2. If user exists, go to step 3. If there is no such a user - create it and assign password (as root):

Code:
useradd backuppc
passwd backuppc
3. Now at ssh-client check if your current user (ordinary user or root - no difference) has ssh-keys with proper access rights:

Code:
cd ~/.ssh
ls -la
Assume, you want to use RSA-cryptography for ssh-connections. You should see id_rsa with rights 400 and id_rsa.pub with 644 access rights - it's very important. If you see this private and public key files and rights are OK - just copy your public key to ssh-server:

Code:
ssh-copy-id backuppc@ssh-server
or you can give some more information for the utility about public key file:

Code:
ssh-copy-id -i ~/.ssh/id_rsa.pub backuppc@ssh-server
To be able to copy your public key to ssh-server from ssh-client using ssh-copy-id utility, enable temporarily password authentification, uncomment if commented line and change it to "yes" in file /etc/ssh/sshd_config at ssh-server:

Code:
PasswordAuthentication yes
systemctl restart sshd.service
After the public key will be copied from ssh-client to ssh-server you can disable ssh password authentification again, if you don't need it of course, at your ssh-server (change the line in /etc/ssh/sshd_config of ssh-server and restart it):

Code:
PasswordAuthentication no
systemctl restart sshd.service
4. If your user at ssh-client has no public and private keys, you can generate it, for example, using RSA-algorithm with key lenght 4096 bit:

Code:
ssh-keygen -b 4096 -t rsa -f ~/.ssh/id_rsa
More generally saying you can use any public/private key files pair with different names and from different directories. But default names, for example, for RSA key pair are id_rsa and id_rsa.pub located at home directory of user of ssh-client in subdirectory: ~/.ssh/

And finally you should understand that you need to repeat this steps for every user at ssh-client and ssh-server which you want to use for ssh-connections establishing. For example, if you have user_1, user_2 and root at ssh-client - you should repeat described above for all of the 3 users - user_1, user_2 and root at your ssh-client machine.

Last edited by melal; 21st August 2012 at 04:08 PM.
Reply With Quote
  #15  
Old 21st August 2012, 04:07 PM
Serophis Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 43
linuxfirefox
Re: SSH Into Fedora Fails

Okay, I started all over with the keys and deleted id_rsa, id_rsa.pub, known_hosts, and finally authorized_keys on both backuppc users (server and laptop).

I entered the following command and generated passwordless RSA keys on both backuppc users (server and laptop):
Code:
ssh-keygen -t rsa -C "backuppc"
From there I'm unable to ssh-copy-id due to authentication issues, so I do it manually by copy and paste the keys from id_rsa.pub through vim (both users) into their respective counterpart's authorized_keys file.

From there I encounter the same problem as described before. The laptop can ssh into backuppc@server with no password just fine. On the other side, however, this error (as described earlier) occurs after password authentication - which shouldn't even appear - fails:
Code:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
The keys are definitely in order, so I suspect there might be something wrong with the ssh configuration or something. Either that or I'm guessing the differen OpenSSH versions maybe aren't compatible.
Reply With Quote
Reply

Tags
fails, fedora, ssh

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fedora 16 gnome fails system fails on initial update reboot edeziffel Installation, Upgrades and Live Media 1 4th April 2012 07:43 PM
yum update Fedora 13 to Fedora 14 fails - wrong repositories file names infix Sagari Installation, Upgrades and Live Media 2 24th December 2010 05:36 AM
Boot up fails. Avahi-Daemon fails. flyingpengwin Using Fedora 6 26th November 2008 04:46 AM
Fedora 9 ISO fails to boot. Fedora 3 boots , whitebox VIA Technologies b24warbaby Installation, Upgrades and Live Media 10 21st November 2008 11:55 PM
notification when raid fails, or power fails? wijszman Servers & Networking 3 20th July 2005 09:33 PM


Current GMT-time: 12:23 (Monday, 24-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Damghan Travel Photos on Instagram - Shangzhi - Mandurah Photos on Instagram