SSH still asking for password even after I have tried everything (that I know of)

Question

ssh is still asking for a password, even though I did everything by the book. I have included all output, right from the start. Any ideas?

Thanks!

Gary

1. Generating public/private rsa key pair and checking permissions on local host

Edit: => As it turned out, this was the problem. The key pair needed to be generated on the remote machine, not on the local machine, as «Mat» pointed it out in the very first comment. Please read the many comments in the solution if you need to know how we got there.

on local computer:
mms: admin$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/admin/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/admin/.ssh/id_rsa.
Your public key has been saved in /Users/admin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ekIFdhbYVGnWsRcpyhPXRPDF5LTqYI+u6l3URsIjC90 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|      o+=o.oo*+++|
|     ..+o B +oo=o|
|       ..* E.oo..|
|       .. * =..  |
|      . S. = +   |
|     . .  o *    |
|      o .  o o   |
|       o. o      |
|      .o.o..     |
+----[SHA256]-----+

mms: admin$ pwd && ls -al
/Users/admin/.ssh
total 16
drwx------   4 admin  staff   136 Dec 26 09:37 .
drwxr-xr-x+ 32 admin  staff  1088 Dec 26 08:53 ..
-rw-------   1 admin  staff  1675 Dec 26 09:37 id_rsa
-rw-r--r--   1 admin  staff   401 Dec 26 09:37 id_rsa.pub

2. Copying public key:   (from remote host, because remote host cannot be remotely accessed)

   server:.ssh ahase$ scp [email protected]:.ssh/id_rsa.pub ~/.ssh/authorized_keys The authenticity of host 'domain-of-local-computer.com (123.456.789.012)' can't be established. RSA key fingerprint is 1f:14:32:84:c4:f8:4e:25:df:2d:56:49:e6:e5:79:1d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'domain-of-local-computer.com,123.456.789.012' (RSA) to the list of known hosts. Password: id_rsa.pub 100% 401 0.4KB/s 00:00

3. Copying private key and checking permissions:

   Edit (as per suggestion)

server:.ssh ahase$ scp [email protected]:.ssh/id_rsa ~/.ssh/id_rsa
Password:
id_rsa
100% 1675     1.6KB/s   00:00    
server:.ssh ahase$ ls -al
server:.ssh ahase$ scp [email protected]:.ssh/id_rsa ~/.ssh/id_rsa
Password:
id_rsa                                                                                                        100% 1675     1.6KB/s   00:00    
server:.ssh ahase$ ls -al
total 24
drwx------   5 ahase  staff   170 26 Dez 12:07 .
drwxr-xr-x+ 18 ahase  staff   612 10 Dez 09:19 ..
-rw-------   1 ahase  staff   401 26 Dez 09:58 authorized_keys
-rw-------   1 ahase  staff  1675 26 Dez 12:07 id_rsa
-rw-r--r--   1 ahase  staff   410 26 Dez 09:58 known_hosts

4. ssh still asking for password (-vvv output) [edit after suggested changes]

   server:.ssh ahase$ ssh -vvv [email protected] OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to domain-of-local-computer.com [123.456.789.012] port 22. debug1: Connection established. debug1: identity file /Users/ahase/.ssh/identity type -1 debug3: Not a RSA1 key file /Users/ahase/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /Users/ahase/.ssh/id_rsa type -1 debug1: identity file /Users/ahase/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9 debug1: match: OpenSSH_6.9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: none,[email protected],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-sha1 debug1: kex: server->client aes128-ctr hmac-sha1 none debug2: mac_setup: found hmac-sha1 debug1: kex: client->server aes128-ctr hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 158/320 debug2: bits set: 1048/2048 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /Users/ahase/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: filename /Users/ahase/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'domain-of-local-computer.com' is known and matches the RSA host key. debug1: Found key in /Users/ahase/.ssh/known_hosts:1 debug2: bits set: 1023/2048 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/ahase/.ssh/identity (0x0) debug2: key: /Users/ahase/.ssh/id_rsa (0x0) debug2: key: /Users/ahase/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /Users/ahase/.ssh/identity debug3: no such identity: /Users/ahase/.ssh/identity debug1: Trying private key: /Users/ahase/.ssh/id_rsa debug1: read PEM private key done: type RSA debug3: sign_and_send_pubkey debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /Users/ahase/.ssh/id_dsa debug3: no such identity: /Users/ahase/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1

   Password:

   debug3: packet_send2: adding 32 (len 21 padlen 11 extra_pad 64) debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 0 debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64) debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting [email protected] debug1: Entering interactive session. debug1: client_input_global_request: rtype [email protected] want_reply 0 debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug2: channel 0: request shell confirm 1 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Last login: Sat Dec 26 12:22:40 2015 from 123.456.789.012 mms:~ admin$

I can't look into the log files (/var/log/auth.log or /var/log/daemon.log do not exist and I don't know where they are located). Local computer is a Mac running 10.10.5 and remote computer is a Mac running 10.6 (which can't be changed).

Thanks!

Answer 1

(I'm wondering if the term "[email protected]" could cause any problems. Thats the name of the local host computer in the local network. fritz.box is the router's name)

No, it is just comment.

debug1: identity file /Users/name/.ssh/id_rsa type -1

[...]
debug1: Trying private key: /Users/name/.ssh/id_rsa
debug3: no such identity: /Users/name/.ssh/id_rsa

Your client is not using the key.

To @Mat comment, on the client, you need accessible ~/.ssh/id_rsa and on the server the ~/.ssh/authorized_keys. You set it up other way round.