Skip to content

Instantly share code, notes, and snippets.

@tajidyakub

tajidyakub/troubleshoot-gagal-pubkey-auth-openssh-server-debian-8.md

Last active September 7, 2017 05:38
Show Gist options
  • Save tajidyakub/040a5480ec8d76d105382fdbdf384d6c to your computer and use it in GitHub Desktop.
Save tajidyakub/040a5480ec8d76d105382fdbdf384d6c to your computer and use it in GitHub Desktop.
Download ZIP
Troubleshoot konfigurasi SSH Authentication dengan metoda PublicKey gagal terkoneksi di Bareminimum installation Debian 8 64 bit
Raw
troubleshoot-gagal-pubkey-auth-openssh-server-debian-8.md

Troubleshooting kegagalan konfigurasi Pubkey Authentication di openssh-server Debian 8 64 bit

Pemeriksaan awal terkait gagal login PubkeyAuth openssh-server

Beberapa hal yang sebaiknya diperiksa terlebih dahulu sebelum melakukan troubleshooting lanjutan adalah sebagai berikut;

  • Periksa apakah error gagal login tercatat di /var/log/messages
  • Periksa apakah error terdeteksi melalui perintah systemctl status sshd

Beberapa penyebab yang mungkin terjadi

  • Client gagal mengirimkan private-key yang diminta oleh server, dalam hal ini key tidak berpasangan,apabila pemeriksaan ulang tidak dapat dilakukan silahkan generate kembali key-pair yang akan digunakan

Modifikasi direktif logging di file konfigurasi openssh-server

Pada konfigurasi default openssh-server yang terinstall pada bareminimum installation OS Debian 8 64 bit proses logging pada level INFO sehingga akan sulit untuk menemukan letak permasalahan kegagalan koneksi dengan menggunakan metoda PubkeyAuthentication. Hal ini dapat kita ubah melalui LogLevel didalam /etc/ssh/sshd_config

Menemukan letak permasalahan

Sep  1 19:48:09 sgp2-01 sshd[1027]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug1: trying public key file /root/.ssh/authorized_keys
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug1: fd 4 clearing O_NONBLOCK
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug2: user_key_allowed: check options: 'sh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEtx1LfBAjoqYq7gAfEdlaR8p7FTJq76HHjk/iS18IJWWB/e2wUtHcMfMnqkK8GcpZhOib8mqfIQLZR0BIpzhWCcGpzcJ9bW54y4sQVeY2kZe72cb/fSuPOan68a8h/25xFy4eZj4KIkjyJGolFG7Z+pcffYRF/B5zF5ifmPiAbfYYq4IwUwG6IBKHh4Z8fpISJwcjSxvYiE4Rz1vhsOsdbtfe1CYdoSLnzxRsaNKxO0kKRhsg8eInX/Jhmh3iLJH4WXfB/WUUEhwG/G1Y2ObrGUhBM/bhq9O4g0H0Ay8YhFtz59XxKYR8jhbL7Gm8sVEewGJWZ+UamIXDOe6aPtL [email protected]\n'
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug2: user_key_allowed: advance: 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEtx1LfBAjoqYq7gAfEdlaR8p7FTJq76HHjk/iS18IJWWB/e2wUtHcMfMnqkK8GcpZhOib8mqfIQLZR0BIpzhWCcGpzcJ9bW54y4sQVeY2kZe72cb/fSuPOan68a8h/25xFy4eZj4KIkjyJGolFG7Z+pcffYRF/B5zF5ifmPiAbfYYq4IwUwG6IBKHh4Z8fpISJwcjSxvYiE4Rz1vhsOsdbtfe1CYdoSLnzxRsaNKxO0kKRhsg8eInX/Jhmh3iLJH4WXfB/WUUEhwG/G1Y2ObrGUhBM/bhq9O4g0H0Ay8YhFtz59XxKYR8jhbL7Gm8sVEewGJWZ+UamIXDOe6aPtL [email protected]\n'
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug2: key not found
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug1: restore_uid: 0/0
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug1: trying public key file /root/.ssh/authorized_keys2
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug1: Could not open authorized keys '/root/.ssh/authorized_keys2': No such file or directory
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug1: restore_uid: 0/0
Sep  1 19:48:09 sgp2-01 sshd[1027]: Failed publickey for root from 103.17.198.233 port 52177 ssh2: RSA da:e8:34:66:47:80:5b:ba:ff:76:cd:2c:86:ad:89:40
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug3: mm_answer_keyallowed: key 0x7fce294cbf60 is not allowed
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug3: mm_request_send entering: type 23
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
Sep  1 19:48:09 sgp2-01 sshd[1027]: debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug1: userauth-request for user root service ssh-connection method password [preauth]
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug1: attempt 2 failures 1 [preauth]
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug2: input_userauth_request: try method password [preauth]
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug3: mm_auth_password entering [preauth]
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug3: mm_request_send entering: type 12 [preauth]
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug3: mm_request_receive_expect entering: type 13 [preauth]
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug3: mm_request_receive entering [preauth]
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug3: mm_request_receive entering
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug3: monitor_read: checking request 12
Sep  1 19:48:17 sgp2-01 sshd[1027]: debug3: PAM: sshpam_passwd_conv called with 1 messages
Sep  1 19:48:17 sgp2-01 sshd[1027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.17.198.233  user=root

RockIT:~ tj$ ssh-keygen -t rsa -b 2048 -C "sgp2-userver.win" -f ~/.ssh/sgp2-userverwin
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/tj/.ssh/sgp2-userverwin.
Your public key has been saved in /Users/tj/.ssh/sgp2-userverwin.pub.
The key fingerprint is:
SHA256:HTok60M2BRGsBRamjcpT9AtqTaalPebZooDmBQowUXc sgp2-userver.win
The key's randomart image is:
+---[RSA 2048]----+
|....*+Eo         |
| ..B..o.         |
|o o*.+. o .      |
|oo@ o .= o .     |
|oO = .= S .      |
|= = ++ . .       |
|+. = .o          |
|+ o .  .         |
| o               |
+----[SHA256]-----+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment