I'm trying to setup ssh access for a user account that I created with chef on a DigitalOcean Ubuntu 12.04 server. I had the options set in DigitalOcean to automatically copy my mac's ssh key when the droplet is created.
I can ssh in as root with no issues, but my other user fails to authenticate. this seems to be a common issue, and I checked some of the other answers, and found this command to get more info:
ssh -vvv -i id_rsa user@serverIP
The logs for the root user (which succeeds) with that command are
1: Offering RSA public key: /Users/evan/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp snip! debug3: sign_and_send_pubkey: snip! debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey).
1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/evan/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Trying private key: /Users/evan/.ssh/id_dsa debug3: no such identity: /Users/evan/.ssh/id_dsa: No such file or directory debug2: we did not send a packet, disable method debug1: No more authentication methods to try.
Which to me means that the public key is incorrect. But, if I login as the root user and go to
then I can see that my ssh key is there. I thought maybe there was an error, so I did:
cp .ssh/authorized_keys ~/home/otheraccout/.ssh/authorized_keys
But that didn't help. I don't know where else to look.
# What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key #Privilege Separation is turned on for security "sshd_config" 88L, 2508C KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication no # GS SAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding no X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM no Banner /etc/ssh_banner
drwx------ 2 deploy deploy 4096 Apr 20 06:00 .ssh -rw------- 1 deploy deploy 820 Apr 20 05:35 authorized_keys
As suggested in the comments,
Apr 21 04:59:30 localhost sshd: User deploy not allowed because account is locked Apr 21 04:59:30 localhost sshd: input_userauth_request: invalid user deploy [preauth]
I tried to do:
sudo usermod --expiredate -1 deploy