Can you actually ssh by providing the username
and password
? If
not, then if you can access the file ensure you have an AllowUsers
entry in /etc/ssh/sshd_config
and also that you are allowing SSH
access to the subnet at the top of that file. if you do amend the
sshd_config
remember to restart the SSH service
.
- Check in
sshd_config
if you have:
AllowUsers
DenyGroups
DenyUsers
set and if you are allowed to access the remote.
- Also it sometimes helps to reset this file
known_hosts
in then $HOME/.ssh
directory:
cat /dev/null > $HOME/.ssh/known_hosts
- Check if
denyhosts
is installed and if it's blocked your IP
address in the hosts
file.
If you mange to blacklist your own IP address by attempting to log in via SSH with the wrong credentials multiple times, then you can connect to your service using the console (Connecting to your VPS using the console / VNC) and remove the block with following:
- Stop
denyhosts
service (systemctl stop denyhosts
or /etc/init.d/denyhosts stop
)
- Remove the line with the IP from /etc/hosts.deny
- Remove the lines with the IP from
/var/lib/denyhosts/hosts*
files (note: not all files will contain the IP)
- Remove the line with the IP from
/var/lib/denyhosts/user-hosts
- Remove the lines on the
IPTABLES
’ table
- Start
denyhosts
service
- Check if you got the right
port
If that's not the problem here are the step's to create key's and copy them to the remote:
Create the key on the local system:
ssh-keygen -o -b 4096 -t rsa -C [email protected]
OR:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/vps-cloud.web-server.key -C "My web-server key"
You will be prompted to supply a passphrase (password) for your private key. I suggest that you setup a passphrase when prompted.
- -t rsa : Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or “rsa” for protocol version 2.
- -b 4096 : Specifies the number of bits in the key to create
- -f ~/.ssh/vps-cloud.web-server.key : Specifies the filename of the key file.
- -C "[email protected]" : Set a new comment.
If you want to be able to access the server from your root account, do su
and repeat the above command.
$HOME/.ssh/id_rsa
– contains your private key.
$HOME/.ssh/id_rsa.pub
– contains your public key.
Copy the key to remote:
ssh-copy-id [email protected]
OR:
sh-copy-id -i $HOME/.ssh/id_rsa.pub [email protected]
OR:
First create .ssh
directory on the remote server
ssh [email protected] "umask 077; test -d .ssh || mkdir .ssh"
cat
local id.rsa.pub
file and pipe over ssh to append the public key in remote server
cat $HOME/.ssh/id_rsa.pub | ssh [email protected] "cat >> .ssh/authorized_keys"
OR:
cat ~/.ssh/id_rsa.pub | ssh -p 22000 [email protected] "cat >> ~/.ssh/authorized_keys"
If you want to be able to only enter your key
passphrase once each session then add this to your .bashrc
file:
eval `ssh-agent`
ssh-add
then you will be asked for the passphrase on terminal/shell start and not again.