No users can ssh using keys into recently upgraded CentOS 7 machines

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












We have two servers that we just upgraded to CentOS 7 and ever since then, none of our keys work to ssh into them for any of our users, it always goes to passwords.

This doesn't happen with our other servers and it also didn't happen with CentOS 6 on these same machines. I've checked the permissions of the .ssh directory and the authorized file folder, which are the most common, then I found when googling this problem, but all the files in .ssh are owned by the correct users.



No other answer in google or StackExchange has helped, since they all boil down to a typo or a permissions issue. The output looks very similar/identical to the one provided in this question (Why is SSH key authentication failing for this user? (CENTOS 7)), but the solution that worked for them did not work for us, since I don't get a permissions error when using ssh-copy-id.



Anyone have any ideas or suggestions?



EDIT: More pertinent info:



  • The updated servers are running OpenSSH_7.4 whereas our other servers that people are trying to ssh from are running OpenSSH_5.3

  • Here's the ssh -vvv output (edited):
    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to servername [159.28.23.7] port 22.
    debug1: Connection established.
    debug1: identity file /home directory/username/.ssh/identity type -1
    debug1: identity file /home directory/username/.ssh/identity-cert type -1
    debug3: Not a RSA1 key file /home directory/username/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home directory/username/.ssh/id_rsa type 1
    debug1: identity file /home directory/username/.ssh/id_rsa-cert type -1
    debug1: identity file /home directory/username/.ssh/id_dsa type -1
    debug1: identity file /home directory/username/.ssh/id_dsa-cert type -1
    debug1: identity file /home directory/username/.ssh/id_ecdsa type -1
    debug1: identity file /home directory/username/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
    debug1: match: OpenSSH_7.4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug3: Wrote 864 bytes for a total of 885
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
    debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
    debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
    debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
    debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-sha1
    debug1: kex: server->client aes128-ctr hmac-sha1 none
    debug2: mac_setup: found hmac-sha1
    debug1: kex: client->server aes128-ctr hmac-sha1 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug3: Wrote 24 bytes for a total of 909
    debug2: dh_gen_key: priv key bits set: 152/320
    debug2: bits set: 1019/2048
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: Wrote 272 bytes for a total of 1181
    debug3: check_host_in_hostfile: host servername filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: host servername filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug3: check_host_in_hostfile: host 159.28.23.7 filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: host 159.28.23.7 filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'servername' is known and matches the RSA host key.
    debug1: Found key in /home directory/username/.ssh/known_hosts:1
    debug2: bits set: 1035/2048
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug3: Wrote 16 bytes for a total of 1197
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug3: Wrote 52 bytes for a total of 1249
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home directory/username/.ssh/identity ((nil))
    debug2: key: /home directory/username/.ssh/id_rsa (0x7f769e632270)
    debug2: key: /home directory/username/.ssh/id_dsa ((nil))
    debug2: key: /home directory/username/.ssh/id_ecdsa ((nil))
    debug3: Wrote 84 bytes for a total of 1333
    debug1: Authentications that can continue: publickey,password
    debug3: start over, passed a different list publickey,password
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home directory/username/.ssh/identity
    debug3: no such identity: /home directory/username/.ssh/identity
    debug1: Offering public key: /home directory/username/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug3: Wrote 628 bytes for a total of 1961
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /home directory/username/.ssh/id_dsa
    debug3: no such identity: /home directory/username/.ssh/id_dsa
    debug1: Trying private key: /home directory/username/.ssh/id_ecdsa
    debug3: no such identity: /home directory/username/.ssh/id_ecdsa
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password

EDIT 2: Also worth noting, it doesn't seem to happen with local users, only ones with their user directories in a location shared between all our servers.






centos ssh sshd







share|improve this question























  • Restore the previous /etc/ssh/sshd_config file and check logs.
    – Ipor Sircer
    Sep 16 at 23:06











  • When you run ssh-keyscan <hostname> what is the output? is it a key or null?
    – Goro
    Sep 16 at 23:09






  • 1




    SSH algorithms are evolving with time....The question could benefit of having more technical details and an ssh debug output.
    – Rui F Ribeiro
    Sep 16 at 23:13











  • @Goro The output is hostname SSH-2.0-OpenSSH_7.4 and then the server's rsa key
    – Laurence Ruberl
    Sep 17 at 0:07










  • Did you try to delete the folder .ssh, and then create it again, after then generate new rsa keys? You can run the following commands: 1) rm -rf ~/.ssh 2) mkdir ~/.ssh 3) cd ~/.ssh 4) ssh-keygen -t rsa "choose no passphrase when asked and accept the default filename of id_rsa" 5) scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys Provide your password when asked .
    – Goro
    Sep 17 at 0:13















up vote
0
down vote

favorite












We have two servers that we just upgraded to CentOS 7 and ever since then, none of our keys work to ssh into them for any of our users, it always goes to passwords.

This doesn't happen with our other servers and it also didn't happen with CentOS 6 on these same machines. I've checked the permissions of the .ssh directory and the authorized file folder, which are the most common, then I found when googling this problem, but all the files in .ssh are owned by the correct users.



No other answer in google or StackExchange has helped, since they all boil down to a typo or a permissions issue. The output looks very similar/identical to the one provided in this question (Why is SSH key authentication failing for this user? (CENTOS 7)), but the solution that worked for them did not work for us, since I don't get a permissions error when using ssh-copy-id.



Anyone have any ideas or suggestions?



EDIT: More pertinent info:



  • The updated servers are running OpenSSH_7.4 whereas our other servers that people are trying to ssh from are running OpenSSH_5.3

  • Here's the ssh -vvv output (edited):
    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to servername [159.28.23.7] port 22.
    debug1: Connection established.
    debug1: identity file /home directory/username/.ssh/identity type -1
    debug1: identity file /home directory/username/.ssh/identity-cert type -1
    debug3: Not a RSA1 key file /home directory/username/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home directory/username/.ssh/id_rsa type 1
    debug1: identity file /home directory/username/.ssh/id_rsa-cert type -1
    debug1: identity file /home directory/username/.ssh/id_dsa type -1
    debug1: identity file /home directory/username/.ssh/id_dsa-cert type -1
    debug1: identity file /home directory/username/.ssh/id_ecdsa type -1
    debug1: identity file /home directory/username/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
    debug1: match: OpenSSH_7.4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug3: Wrote 864 bytes for a total of 885
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
    debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
    debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
    debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
    debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-sha1
    debug1: kex: server->client aes128-ctr hmac-sha1 none
    debug2: mac_setup: found hmac-sha1
    debug1: kex: client->server aes128-ctr hmac-sha1 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug3: Wrote 24 bytes for a total of 909
    debug2: dh_gen_key: priv key bits set: 152/320
    debug2: bits set: 1019/2048
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: Wrote 272 bytes for a total of 1181
    debug3: check_host_in_hostfile: host servername filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: host servername filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug3: check_host_in_hostfile: host 159.28.23.7 filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: host 159.28.23.7 filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'servername' is known and matches the RSA host key.
    debug1: Found key in /home directory/username/.ssh/known_hosts:1
    debug2: bits set: 1035/2048
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug3: Wrote 16 bytes for a total of 1197
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug3: Wrote 52 bytes for a total of 1249
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home directory/username/.ssh/identity ((nil))
    debug2: key: /home directory/username/.ssh/id_rsa (0x7f769e632270)
    debug2: key: /home directory/username/.ssh/id_dsa ((nil))
    debug2: key: /home directory/username/.ssh/id_ecdsa ((nil))
    debug3: Wrote 84 bytes for a total of 1333
    debug1: Authentications that can continue: publickey,password
    debug3: start over, passed a different list publickey,password
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home directory/username/.ssh/identity
    debug3: no such identity: /home directory/username/.ssh/identity
    debug1: Offering public key: /home directory/username/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug3: Wrote 628 bytes for a total of 1961
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /home directory/username/.ssh/id_dsa
    debug3: no such identity: /home directory/username/.ssh/id_dsa
    debug1: Trying private key: /home directory/username/.ssh/id_ecdsa
    debug3: no such identity: /home directory/username/.ssh/id_ecdsa
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password

EDIT 2: Also worth noting, it doesn't seem to happen with local users, only ones with their user directories in a location shared between all our servers.






centos ssh sshd







share|improve this question























  • Restore the previous /etc/ssh/sshd_config file and check logs.
    – Ipor Sircer
    Sep 16 at 23:06











  • When you run ssh-keyscan <hostname> what is the output? is it a key or null?
    – Goro
    Sep 16 at 23:09






  • 1




    SSH algorithms are evolving with time....The question could benefit of having more technical details and an ssh debug output.
    – Rui F Ribeiro
    Sep 16 at 23:13











  • @Goro The output is hostname SSH-2.0-OpenSSH_7.4 and then the server's rsa key
    – Laurence Ruberl
    Sep 17 at 0:07










  • Did you try to delete the folder .ssh, and then create it again, after then generate new rsa keys? You can run the following commands: 1) rm -rf ~/.ssh 2) mkdir ~/.ssh 3) cd ~/.ssh 4) ssh-keygen -t rsa "choose no passphrase when asked and accept the default filename of id_rsa" 5) scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys Provide your password when asked .
    – Goro
    Sep 17 at 0:13













up vote
0
down vote

favorite









up vote
0
down vote

favorite











We have two servers that we just upgraded to CentOS 7 and ever since then, none of our keys work to ssh into them for any of our users, it always goes to passwords.

This doesn't happen with our other servers and it also didn't happen with CentOS 6 on these same machines. I've checked the permissions of the .ssh directory and the authorized file folder, which are the most common, then I found when googling this problem, but all the files in .ssh are owned by the correct users.



No other answer in google or StackExchange has helped, since they all boil down to a typo or a permissions issue. The output looks very similar/identical to the one provided in this question (Why is SSH key authentication failing for this user? (CENTOS 7)), but the solution that worked for them did not work for us, since I don't get a permissions error when using ssh-copy-id.



Anyone have any ideas or suggestions?



EDIT: More pertinent info:



  • The updated servers are running OpenSSH_7.4 whereas our other servers that people are trying to ssh from are running OpenSSH_5.3

  • Here's the ssh -vvv output (edited):
    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to servername [159.28.23.7] port 22.
    debug1: Connection established.
    debug1: identity file /home directory/username/.ssh/identity type -1
    debug1: identity file /home directory/username/.ssh/identity-cert type -1
    debug3: Not a RSA1 key file /home directory/username/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home directory/username/.ssh/id_rsa type 1
    debug1: identity file /home directory/username/.ssh/id_rsa-cert type -1
    debug1: identity file /home directory/username/.ssh/id_dsa type -1
    debug1: identity file /home directory/username/.ssh/id_dsa-cert type -1
    debug1: identity file /home directory/username/.ssh/id_ecdsa type -1
    debug1: identity file /home directory/username/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
    debug1: match: OpenSSH_7.4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug3: Wrote 864 bytes for a total of 885
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
    debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
    debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
    debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
    debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-sha1
    debug1: kex: server->client aes128-ctr hmac-sha1 none
    debug2: mac_setup: found hmac-sha1
    debug1: kex: client->server aes128-ctr hmac-sha1 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug3: Wrote 24 bytes for a total of 909
    debug2: dh_gen_key: priv key bits set: 152/320
    debug2: bits set: 1019/2048
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: Wrote 272 bytes for a total of 1181
    debug3: check_host_in_hostfile: host servername filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: host servername filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug3: check_host_in_hostfile: host 159.28.23.7 filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: host 159.28.23.7 filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'servername' is known and matches the RSA host key.
    debug1: Found key in /home directory/username/.ssh/known_hosts:1
    debug2: bits set: 1035/2048
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug3: Wrote 16 bytes for a total of 1197
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug3: Wrote 52 bytes for a total of 1249
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home directory/username/.ssh/identity ((nil))
    debug2: key: /home directory/username/.ssh/id_rsa (0x7f769e632270)
    debug2: key: /home directory/username/.ssh/id_dsa ((nil))
    debug2: key: /home directory/username/.ssh/id_ecdsa ((nil))
    debug3: Wrote 84 bytes for a total of 1333
    debug1: Authentications that can continue: publickey,password
    debug3: start over, passed a different list publickey,password
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home directory/username/.ssh/identity
    debug3: no such identity: /home directory/username/.ssh/identity
    debug1: Offering public key: /home directory/username/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug3: Wrote 628 bytes for a total of 1961
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /home directory/username/.ssh/id_dsa
    debug3: no such identity: /home directory/username/.ssh/id_dsa
    debug1: Trying private key: /home directory/username/.ssh/id_ecdsa
    debug3: no such identity: /home directory/username/.ssh/id_ecdsa
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password

EDIT 2: Also worth noting, it doesn't seem to happen with local users, only ones with their user directories in a location shared between all our servers.






centos ssh sshd







share|improve this question















We have two servers that we just upgraded to CentOS 7 and ever since then, none of our keys work to ssh into them for any of our users, it always goes to passwords.

This doesn't happen with our other servers and it also didn't happen with CentOS 6 on these same machines. I've checked the permissions of the .ssh directory and the authorized file folder, which are the most common, then I found when googling this problem, but all the files in .ssh are owned by the correct users.



No other answer in google or StackExchange has helped, since they all boil down to a typo or a permissions issue. The output looks very similar/identical to the one provided in this question (Why is SSH key authentication failing for this user? (CENTOS 7)), but the solution that worked for them did not work for us, since I don't get a permissions error when using ssh-copy-id.



Anyone have any ideas or suggestions?



EDIT: More pertinent info:



  • The updated servers are running OpenSSH_7.4 whereas our other servers that people are trying to ssh from are running OpenSSH_5.3

  • Here's the ssh -vvv output (edited):
    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to servername [159.28.23.7] port 22.
    debug1: Connection established.
    debug1: identity file /home directory/username/.ssh/identity type -1
    debug1: identity file /home directory/username/.ssh/identity-cert type -1
    debug3: Not a RSA1 key file /home directory/username/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home directory/username/.ssh/id_rsa type 1
    debug1: identity file /home directory/username/.ssh/id_rsa-cert type -1
    debug1: identity file /home directory/username/.ssh/id_dsa type -1
    debug1: identity file /home directory/username/.ssh/id_dsa-cert type -1
    debug1: identity file /home directory/username/.ssh/id_ecdsa type -1
    debug1: identity file /home directory/username/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
    debug1: match: OpenSSH_7.4 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug3: Wrote 864 bytes for a total of 885
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
    debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
    debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
    debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
    debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-sha1
    debug1: kex: server->client aes128-ctr hmac-sha1 none
    debug2: mac_setup: found hmac-sha1
    debug1: kex: client->server aes128-ctr hmac-sha1 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug3: Wrote 24 bytes for a total of 909
    debug2: dh_gen_key: priv key bits set: 152/320
    debug2: bits set: 1019/2048
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug3: Wrote 272 bytes for a total of 1181
    debug3: check_host_in_hostfile: host servername filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: host servername filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug3: check_host_in_hostfile: host 159.28.23.7 filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: host 159.28.23.7 filename /home directory/username/.ssh/known_hosts
    debug3: check_host_in_hostfile: match line 1
    debug1: Host 'servername' is known and matches the RSA host key.
    debug1: Found key in /home directory/username/.ssh/known_hosts:1
    debug2: bits set: 1035/2048
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug3: Wrote 16 bytes for a total of 1197
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug3: Wrote 52 bytes for a total of 1249
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home directory/username/.ssh/identity ((nil))
    debug2: key: /home directory/username/.ssh/id_rsa (0x7f769e632270)
    debug2: key: /home directory/username/.ssh/id_dsa ((nil))
    debug2: key: /home directory/username/.ssh/id_ecdsa ((nil))
    debug3: Wrote 84 bytes for a total of 1333
    debug1: Authentications that can continue: publickey,password
    debug3: start over, passed a different list publickey,password
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home directory/username/.ssh/identity
    debug3: no such identity: /home directory/username/.ssh/identity
    debug1: Offering public key: /home directory/username/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug3: Wrote 628 bytes for a total of 1961
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /home directory/username/.ssh/id_dsa
    debug3: no such identity: /home directory/username/.ssh/id_dsa
    debug1: Trying private key: /home directory/username/.ssh/id_ecdsa
    debug3: no such identity: /home directory/username/.ssh/id_ecdsa
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password

EDIT 2: Also worth noting, it doesn't seem to happen with local users, only ones with their user directories in a location shared between all our servers.






centos ssh sshd




centos ssh sshd






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Sep 17 at 0:42

























asked Sep 16 at 23:04









Laurence Ruberl

11




11











  • Restore the previous /etc/ssh/sshd_config file and check logs.
    – Ipor Sircer
    Sep 16 at 23:06











  • When you run ssh-keyscan <hostname> what is the output? is it a key or null?
    – Goro
    Sep 16 at 23:09






  • 1




    SSH algorithms are evolving with time....The question could benefit of having more technical details and an ssh debug output.
    – Rui F Ribeiro
    Sep 16 at 23:13











  • @Goro The output is hostname SSH-2.0-OpenSSH_7.4 and then the server's rsa key
    – Laurence Ruberl
    Sep 17 at 0:07










  • Did you try to delete the folder .ssh, and then create it again, after then generate new rsa keys? You can run the following commands: 1) rm -rf ~/.ssh 2) mkdir ~/.ssh 3) cd ~/.ssh 4) ssh-keygen -t rsa "choose no passphrase when asked and accept the default filename of id_rsa" 5) scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys Provide your password when asked .
    – Goro
    Sep 17 at 0:13

















  • Restore the previous /etc/ssh/sshd_config file and check logs.
    – Ipor Sircer
    Sep 16 at 23:06











  • When you run ssh-keyscan <hostname> what is the output? is it a key or null?
    – Goro
    Sep 16 at 23:09






  • 1




    SSH algorithms are evolving with time....The question could benefit of having more technical details and an ssh debug output.
    – Rui F Ribeiro
    Sep 16 at 23:13











  • @Goro The output is hostname SSH-2.0-OpenSSH_7.4 and then the server's rsa key
    – Laurence Ruberl
    Sep 17 at 0:07










  • Did you try to delete the folder .ssh, and then create it again, after then generate new rsa keys? You can run the following commands: 1) rm -rf ~/.ssh 2) mkdir ~/.ssh 3) cd ~/.ssh 4) ssh-keygen -t rsa "choose no passphrase when asked and accept the default filename of id_rsa" 5) scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys Provide your password when asked .
    – Goro
    Sep 17 at 0:13
















Restore the previous /etc/ssh/sshd_config file and check logs.
– Ipor Sircer
Sep 16 at 23:06





Restore the previous /etc/ssh/sshd_config file and check logs.
– Ipor Sircer
Sep 16 at 23:06













When you run ssh-keyscan <hostname> what is the output? is it a key or null?
– Goro
Sep 16 at 23:09




When you run ssh-keyscan <hostname> what is the output? is it a key or null?
– Goro
Sep 16 at 23:09




1




1




SSH algorithms are evolving with time....The question could benefit of having more technical details and an ssh debug output.
– Rui F Ribeiro
Sep 16 at 23:13





SSH algorithms are evolving with time....The question could benefit of having more technical details and an ssh debug output.
– Rui F Ribeiro
Sep 16 at 23:13













@Goro The output is hostname SSH-2.0-OpenSSH_7.4 and then the server's rsa key
– Laurence Ruberl
Sep 17 at 0:07




@Goro The output is hostname SSH-2.0-OpenSSH_7.4 and then the server's rsa key
– Laurence Ruberl
Sep 17 at 0:07












Did you try to delete the folder .ssh, and then create it again, after then generate new rsa keys? You can run the following commands: 1) rm -rf ~/.ssh 2) mkdir ~/.ssh 3) cd ~/.ssh 4) ssh-keygen -t rsa "choose no passphrase when asked and accept the default filename of id_rsa" 5) scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys Provide your password when asked .
– Goro
Sep 17 at 0:13





Did you try to delete the folder .ssh, and then create it again, after then generate new rsa keys? You can run the following commands: 1) rm -rf ~/.ssh 2) mkdir ~/.ssh 3) cd ~/.ssh 4) ssh-keygen -t rsa "choose no passphrase when asked and accept the default filename of id_rsa" 5) scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys Provide your password when asked .
– Goro
Sep 17 at 0:13
















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f469445%2fno-users-can-ssh-using-keys-into-recently-upgraded-centos-7-machines%23new-answer', 'question_page');

);

Post as a guest






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f469445%2fno-users-can-ssh-using-keys-into-recently-upgraded-centos-7-machines%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
Read more

Bahrain

Image
For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
Read more

Postfix configuration issue with fips on centos 7; mailgun relay

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
Read more