SSH suddenly asking for password

 

General problem

I have my computer (Mac OSX 10.9.4) and a remote server (Ubuntu 14.04.1 LTS). I used ssh-keygen to create an ssh key (with no passphrase), added the public key to the server's .ssh/authorized_keys , and all was good in the world. Then, earlier today, ssh started asking me for a password again.

What might have caused it

I'm really not sure what caused this - these are my best guesses:

  • I did have to remove some files from my home directory on the remote server when I accidentally copied a git repository there (I didn't commit or anything from there, just copied things over and then rm 'd them). From what I can tell from my command history, there aren't ssh-relevant files that I removed, just .git, .gitignore, and various *.sw? files leftover from vim.
  • I ran ssh-keygen -l -f ~/.ssh/authorized_keys on the remote server to see the fingerprints of (I think) the keys in that file.

    • Relevant logs

    When I run ssh -v -i ~/.ssh/mykey_rsa user@serverip , I get this: 

    OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/myusername/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 50: Applying options for *
debug1: Connecting to {ip address} [{ip address}] port 22.
debug1: Connection established.
debug1: identity file .ssh/mykey_rsa type 1
debug1: identity file .ssh/mykey_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1:  Miscellaneous failure (see text)
No credentials cache file found

debug1:  An invalid name was supplied
unknown mech-code 0 for mech 1 2 752 43 14 2

debug1:  Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 5 14

debug1:  Miscellaneous failure (see text)
unknown mech-code 2 for mech 1 3 6 1 4 1 311 2 2 10

debug1:  An unsupported mechanism was requested
unknown mech-code 0 for mech 1 3 5 1 5 2 7

debug1:  Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 2 5

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA {fingerprint}
debug1: Host '{ip address}' is known and matches the RSA host key.
debug1: Found key in /Users/myusername/.ssh/known_hosts:16
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: .ssh/otherkey_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: .ssh/mykey_rsa
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
user@serverip's password:

    I find it kind of strange that it tried a different ssh key (otherkey_rsa) before the one I told it to use (mykey_rsa), but I don't know enough about ssh to parse this well.

    Meanwhile, the remote server's /var/log/auth.log helpfully says 

    Aug 12 02:04:19 servername sshd[22147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Aug 12 02:04:19 servername sshd[22147]: Authentication refused: bad ownership or modes for directory /root

    Permissions

    Local/on my computer: 

    ~/                     drwxr-xr-x+ 105 myusername staff 3570 Aug 11 23:14
~/.ssh/                drwx------   13 myusername staff  442 Aug 11 23:14
~/.ssh/mykey_rsa.pub   -rw-r--r--    1 myusername staff  397 Aug  5 20:52
~/.ssh/mykey_rsa       -rw-------    1 myusername staff 1675 Aug  5 20:52

    Remotely/on the server: 

    ~/                     drwxr-xr-x    8        501 staff 4096 Aug 12 02:16
~/.ssh/                drwx------    2 remoteuser root  4096 Aug 12 01:49
~/.ssh/authorized_keys -rw-------    1 remoteuser root   794 Aug 12 01:44

    I'm really stumped on this and would really appreciate help! Thank you!

    As aecolley pointed out on superuser, the answer was staring me in the face. The problem was with permissions, and the reason was that the user with uid 501 owned my home directory. Why, you ask? Because I'd (kind of accidentally) used rsync to copy a bunch of files there from my laptop, and rsync appears to have used my laptop's user id (501, the default on OS X) for the job.

    chown root . from my home directory on the server fixed the problem.

    Maybe it could be useful for someone.

    I had the same issue on Ubuntu: one day I tried to push to the git repo and got the password prompt. The issue in my case was in the wrong permissions (root was the fileowner) for the ~/.ssh/config file.

    To fix the issue I had to change file owner and then re-login.

    I just spent a half hour ripping my hair out at this issue on Yosemite. All my permissions were correct, the key was in the right place, config was correct, etc.

    What happened was this: I used Migration Assistant to transfer some files from this machine to another, which caused the interactive user session to log out but did not actually reboot the machine, so when I logged back in and started tmux it reattached to a surviving session. Apparently, this caused it to lose some sort of security permission to access Keychain, where my key passwords are stored, and it wouldn't re-prompt me. Simply restarting tmux solved the issue!

    链接地址: http://www.djcxy.com/p/80818.html

    上一篇: 我可以更改C#中的当前堆栈跟踪吗?

    下一篇: SSH突然要求输入密码