Hi folks,

I'm sure this is just another noob question, but i can't find the answer for the life of me. All the similar things i've seen are more complex problems with other software combinations.

I've installed CentOS 6.2 Basic Server. SSH seems to be working, port 22 is open according to a port scan, but i can't login remotely.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

is what i get after the third attempt. Even changed the root PW to a simple text one so i know it's correct.

I've tried PuTTY on Win7 and SSH from the shell on a CentOS VM.

Can some kind soul please point me in the right direction?


All i want to do is configure the rest of my server installation without having to get out of bed. :-/

Don't attempt to login remotely as root. It is a VeryBadIdea (Tm).

Login as a normal user and then become root from the command line.

lol, thanks Alan, point taken, and thanks for the reply. I'm still getting used to the Linux way of doing things!

I've created a new user on the server (useradd -m bob), but i'm still stuck i'm afraid. "bob"s password is accepted using SSH and it will report the last login time from when "bob" logged in to the server locally, but then i get thrown straight back to the bob@localhost prompt, no access denied or error.

Do i have to specifically enable something else too, to allow an SSH login?

Hi JustSomeGeek,

Just by chance did you install from the Live CD? I did this in testing a while back and regardless of what I tweaked I could not get ssh to connect. I installed CentOS 6.2 on the same hardware, same default options with DVD1 and ssh was up and working from the get go.

Ken

You might try running restorecon on your home directory.
Also check that your home directory and your .ssh directory have 700 permissions.

Quote:


Hi Taylor,

Nope. I used the 6.2 DVD set. Just basic server, backup and Samba. No desktop.

Thanks though!

Glenn

Quote:

Hi Gerald,

I tried restorecon and nothing complained, so i guess that's a success.

Not sure about the checking permissions yet though, i'm not that advanced.

Cheers,
Glenn

OK. It looks like the remote login is working on some level. When i entered the PW, the last login was show to be my remote client. But it still shows me the localhost prompt.

Is this just me not quite understanding SSH? Surely i should see a user@remotemachine prompt instead?

Apologies for the newbness!

Glenn

Hi Glenn,

As I was posting this I was not sure if the Live CD had a "server" option. The only reason I had used it was that it could be written to a USB drive and I did not want to dig out and connect a DVD drive to my netbook. But as to installing a server from the wrong media, allow me to relate a funny story...

Several years ago I was working for a Fortune 500 company. I had an application which I had written which was running on a Banyan Vines network. I knew we were moving to a Windows network at some time in the future so I had written the app so that I could simply change an address in a configuration file on the server and it would run on Windows. We hired a Windows "expert" from the west coast who was supposed to be a wiz at setting up Windows networks.

The "expert" installed the server, setup accounts and all that stuff. I put my app on the server and was in the process of testing it. Of course this was less than a day before the go-live date. I started getting unable to login errors. The server was on the network, I just could not login. I had some admin permissions and I started looking around once I did get logged in. There were a total of 5 users connected. When I tried to connect with a test account I would get the error. If I logged out with my account and immediately tried the test account it would usually work.

So I called "Mr. Windows". He sort of grumbled "...working on it, do not try to login..." Bottom line he had installed the server from the CD in the Microsoft Developer's Network pack. While we had a valid license for x thousand users the MSDN CD installed with a fixed number of 5. Had to built the server FROM SCRATCH using the "real" Win server CD. Sort of lowered our opinion of west coast Windows admins

Ken

Funny story Ken. I can sympathise with the poor guy, it would have probably been me in that situation. With that anecdote, i think you've also unwittingly solved an old mystery of mine from a couple of years ago.

I've had MS Small Business Server running at home for a few years as a MAPS subscriber. Also only 5 CALs (Client Access Licences), which is normally no problem as that's the max amount of people that would be logged on at one time.

Unless of course i offer to host a LAN party for my son's birthday when only 5 could play at once for some unknown reason. I never figured it out until now as i've had no need to open the envelope with the extra CALs in. So, thanks for that! lol

Glenn

Right. I can definately login remotely as a user. I can run a ping test etc. The localhost prompt is very confusing though. Is this normal?

I cannot SU when i am logged in and i get "incorrect password" when i try. Is there something i need to change, or am i going totally the wrong way about remote administration on Linux?

Thanks for your patience folks!

Glenn

Another funny MSDN story, mea culpa this time. I had a subscription because a contractor told my boss I needed one as I was going to take over support of an app he had written for us. I did not really need it, never did take over support of the app but I had the subscription. I was running Win NT 3.51 which was much better than Win 9x which everyone else in the office suffered with. One day I got a post card from MSDN telling me I was entitled to their all OS all languages CDs - just ask, no extra charge. So I did.

I ended up with 75 or more CDs with Windows in a variety of languages. I decided just for the halibut to install Win NT in Mandarin Chinese as a dual boot on my (work) PC. I had installed it enough I knew the steps by heart and there were English subtitles on some of the prompts. I got it installed and it ran. Unfortunately it was 3.50 and my English Windows was 3.51 so I hosed my regular install. That was a little difficult to explain to the boss

Ken

SOLVED!

Not sure what did it but:

I changed the IP on the server (same subnet, no conflicts. Just needed doing anyway)
This had the effect of my SSH clients (PuTTY on Win, Terminal on CentOS VM), recognising a new machine/connection and asking to confirm the key/machine id was ok.

Also, the server is set to use a UK keymap, whereas my laptop uses a US keyboard. Not sure if this has anything to do with it?

So i can now login as user and su to root for adminny stuff without having to get out of bed.

Thanks for all help & stimulation folks!

Glenn,

That sounds like a client side issue although it seems strange that it would happen on several clients all trying to talk to the same server. For what is is worth, I have had something similar when I change the OS on my text PC. I have several drives which I can swap out as needed. If I connect to the first OS thusly:

ken@taylor12:~$ ssh taylor11
The authenticity of host 'taylor11 (192.168.0.111)' can't be established.
RSA key fingerprint is 56:db:45:c0:0b:07:92:d0:33:bf:36:94:ef:4e:b1:9f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'taylor11,192.168.0.111' (RSA) to the list of known hosts.
ken@taylor11's password:
Welcome to Linux Mint 13 Maya (GNU/Linux 3.2.0-23-generic i686)

Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
Last login: Sat Jun 9 15:22:46 2012 from 192.168.0.112

Now I boot the machine on a disk with Ubuntu 12.04 and when I try to connect:

ken@taylor12:~$ ssh taylor11
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a0:1e:28:f4:71:2a:c3:ea:78:7f:1b:37:a2:48:15:4b.
Please contact your system administrator.
Add correct host key in /home/ken/.ssh/known_hosts to get rid of this message.
Offending key in /home/ken/.ssh/known_hosts:9
RSA host key for taylor11 has changed and you have requested strict checking.
Host key verification failed.

For the longest time the only way I could fix this was to blow away my .ssh/known_hosts file. Then I got an answer on another forum. I simply run this command twice:

sed -i '9d' /home/ken/.ssh/known_hosts

That in effect removes the old key and I can accept the new one when I connect to the different OS on the machine.

This might come in handy in the future if you get hold of a bad ssh key.

Ken

p.s. What I should really do is to assign a different IP address to each OS on the test machine rather than a reserved IP in my router based on the MAC address of the NIC. I could then make some entries in my host file such as

taylor11Mint 1921.168.0.121
taylor11Ubuntu 1921.168.0.122

Well, some day.

Cheers for the extra info Taylor. I'll try and remember that when it happens!

Unfortunately, other than Win7 Ultimate, i only got MAPS in english. So no chance to install anything in mandarin. Though i did once install Win2k in polish for a customer which was enlightening.

Hopefully you enjoyed showing off your mandarin NT until you realised it had become your preferred OS by default! lol

Cheers,
Glenn

Please allow me to retract the aspersions which I wrongly cast on the Live CD. SSH will work fine on an install from the Live CD provided openssh-server is installed after the initial install. I discovered this by accident after installing Ubuntu 12.04 on my wife's PC. Everything was working fine except I could not connect with SSH as I normally do to install updates. I checked and found that openssl was running. I fiddled with this and fiddled with that. I removed and reinstalled openssl-server. Still nothing. I built a VM of Ubuntu 12.04 and tried ssh localhost. It did not work.

This was getting absurd. SSH was one of the first things I ever setup on Linux, probably back on Red Hat 5.2. I was deciding if I should go to bed or pull an all nighter when it dawned on me that I needed opnenssh-server not openssl-server Installed the proper server and could of course connect.

I built a VM from the CentOS 6.2 Live CD, added openssh-server and could connect with ssh. I must have made the same mistake when I was first playing with the Live CD some weeks ago.

Ken