4

I've read dozens of posts on this on these forums, but none of them seemed to help. I can ping the RP3 but not SSH in.

I have a mac (latest OSX) and am trying to SSH into a Pi 3. The Pi is running Raspbian, and is set to a static IP address. It has SSH enabled.

There is a USB to ethernet adaptor on both the mac side, and the Pi end (the Pi's built-in ethernet port is used for something else, so I can't use that for SSH). There is an ethernet cable connecting the two ethernet adaptors: so it runs between the mac and Pi.

The Pi is connected to a monitor, keyboard, mouse, and the USB to ethernet adaptor.
The Pi network is set to static IP: 192.168.111.20/24, the rest of the settings are default. The mac has no custom network settings, and I'm using the built-in shell to ssh. The mac is also connected to the net via wifi for general internet access.

Update: Also, as way to try and rule out mac issues, I just tried SSH to the IP address with a stock windows 7 PC via Putty, and that yielded a "Connection timed out" error.

Per Jdonald's request: which ssh yields /usr/local/bin/ssh

Per Jdonald's request: ssh_config contents include theses lines: (The entire file isn't included, since that includes work-specific information)

ssh_config.erb#22 $
CanonicalizeMaxDots 1
CanonicalizeFallbackLocal yes
# Workaround for kerberos asking for a localhost ticket
Host localhost
  GSSAPIAuthentication no
  GSSAPIKeyExchange no
  UserKnownHostsFile /dev/null
Host *.*
  ForwardX11 no
  ForwardX11Trusted no
  StrictHostKeyChecking ask
Host *
  Port 22
  Protocol 2
  AddressFamily any
  CanonicalizeHostname always

  ForwardX11 no
  ForwardX11Trusted no
  StrictHostKeyChecking ask
  BatchMode no
  CheckHostIP yes
  ConnectionAttempts 1
  NumberOfPasswordPrompts 1
  EscapeChar ~
  Compression no
  PasswordAuthentication yes

  IdentityFile ~/.ssh/id_rsa
  IdentityFile ~/.ssh/localhost/id_rsa
  IdentityFile ~/.ssh/clusterhost/id_rsa
  IdentityFile ~/.ssh/id_ed25519
  IdentityFile ~/.ssh/id_ecdsa

  HostbasedAuthentication yes
  PubkeyAuthentication yes
  GSSAPIAuthentication yes
  GSSAPIDelegateCredentials yes
  GSSAPIKeyExchange yes
  GSSAPITrustDns yes
  PreferredAuthentications gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password

1) I can ping via the OSX terminal, but not SSH in. It is a long ping time.

ping 192.168.111.20

And the reply is:

64 bytes from 192.168.111.20: icmp_seq=0 ttl=56 time=162.976 ms

64 bytes from 192.168.111.20: icmp_seq=1 ttl=56 time=161.413 ms

However I can not SSH in. The username is pi, the device name is rasppi.

$ ssh pi@192.168.111.20

Permission denied (publickey).

Verbose output is at the end. I've replaced my actual username name with "name".

2) I've tried variants like

ssh-keygen -R 192.168.111.20

ssh -X pi@192.168.111.20

and 

ssh pi:@192.168.111.20

Any help or thoughts on what's going on?

P.S. Verbose ssh connection attempt output:

OpenSSH_7.2p2, OpenSSL 1.0.2l 25 May 2017

debug1: Reading configuration data /etc/ssh_config

debug1: /etc/ssh_config line 74: Applying options for *.*

debug1: /etc/ssh_config line 84: Applying options for *

debug1: Re-reading configuration after hostname canonicalisation

debug1: Reading configuration data /etc/ssh_config

debug1: /etc/ssh_config line 74: Applying options for *.*

debug1: /etc/ssh_config line 84: Applying options for *

debug1: Connecting to 192.168.111.20 [192.168.111.20] port 22.

debug1: using TCP window size of 65536 / 65536

debug1: Connection established.

debug1: key_load_private_cert: No such file or directory

debug1: key_load_private_cert: No such file or directory

debug1: key_load_private_cert: No such file or directory

debug1: key_load_private_cert: No such file or directory

debug1: key_load_private_type: No such file or directory

debug1: key_load_private_type: No such file or directory

debug1: key_load_private_type: No such file or directory

debug1: key_load_private_type: No such file or directory

debug1: key_load_cert: No such file or directory

debug1: key_load_cert: No such file or directory

debug1: key_load_cert: No such file or directory

debug1: key_load_cert: No such file or directory

debug1: key_load_public: No such file or directory

debug1: key_load_public: No such file or directory

debug1: key_load_public: No such file or directory

debug1: key_load_public: No such file or directory

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/id_rsa type -1

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/id_rsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/localhost/id_rsa type -1

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/localhost/id_rsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/clusterhost/id_rsa type -1

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/clusterhost/id_rsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/id_ed25519 type -1

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/id_ed25519-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/id_ecdsa type -1

debug1: key_load_public: No such file or directory

debug1: identity file /Users/<name>/.ssh/id_ecdsa-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_7.2

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2

debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x04000000

debug1: Authenticating to 192.168.111.20:22 as 'pi'

debug1: Miscellaneous failure (see text)

No credentials cache file found

debug1: An invalid name was supplied

unknown mech-code 0 for mech 1 2 752 43 14 2

debug1: Miscellaneous failure (see text)

unknown mech-code 0 for mech 1 3 6 1 5 5 14

debug1: Miscellaneous failure (see text)

unknown mech-code 2 for mech 1 3 6 1 4 1 311 2 2 10

debug1: An unsupported mechanism was requested

unknown mech-code 0 for mech 1 3 5 1 5 2 7

debug1: Miscellaneous failure (see text)

unknown mech-code 0 for mech 1 3 6 1 5 2 5

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: algorithm: curve25519-sha256@libssh.org

debug1: kex: host key algorithm: rsa-sha2-512

debug1: kex: server->client cipher: aes128-gcm@openssh.com MAC: 
<implicit> compression: none

debug1: kex: client->server cipher: aes128-gcm@openssh.com MAC: 
<implicit> compression: none

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ssh-rsa 
SHA256:Y+qLMT92FSBY4m3x2bkWofdK/H9W8ovhDUXA1IEYygQ

debug1: Host '192.168.111.20' is known and matches the RSA host key.

debug1: Found key in /Users/<name>/.ssh/known_hosts:2

debug1: rekey after 4294967296 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: rekey after 4294967296 blocks

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /Users/<name>/.ssh/id_rsa

debug1: Trying private key: /Users/<name>/.ssh/localhost/id_rsa

debug1: Trying private key: /Users/<name>/.ssh/clusterhost/id_rsa

debug1: Trying private key: /Users/<name>/.ssh/id_ed25519

debug1: Trying private key: /Users/<name>/.ssh/id_ecdsa

debug1: No more authentication methods to try.

Permission denied (publickey).
J B
  • 41
  • 1
  • 1
  • 3

3 Answers3

2

You can ping the RPi, so I wouldn't worry too much about connectivity. You can port scan it on TCP port 22 (or whatever port you configured ssh to listen on) to be sure if you like.

The message Permission denied (publickey) typically indicates you configured sshd on the RPi to require public key authentication, but have no private key on your client that has a match in ~/.ssh/authorized_keys on the server (your RPi). Notice the messages at the end of your log:

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/<name>/.ssh/id_rsa
debug1: Trying private key: /Users/<name>/.ssh/localhost/id_rsa
debug1: Trying private key: /Users/<name>/.ssh/clusterhost/id_rsa
debug1: Trying private key: /Users/<name>/.ssh/id_ed25519
debug1: Trying private key: /Users/<name>/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).

Did you edit your host sshd configuration to only allow public key authentication? And if so, did you copy your public key over from your client to ~/.ssh/authorized_keys on the RPi as required to use public keys before locking yourself out? Is it possible you used a different key than those listed in the log?

Another possibility is that the permissions for ~/.ssh or the files therein are incorrect. I'd expect to see messages to that effect in the log, but you might not have full verbosity turned up. You can try upping the verbosity using the ssh -vvv option if you haven't cranked it up already.

If this sounds like what happened, you can mount the microSD card on another Linux computer and mount the / partition, then copy over the file and fix permissions as needed to fix it.

If this sounds off, you'll need to post the configuration details on your RPi (/etc/ssh/sshd_config) ... if you can. Hopefully, you have physical access to the RPi's location.

bobstro
  • 3,978
  • 15
  • 27
2

I have experienced a similar issue when I could ping my Raspberry (with the Octoprint image for 3D Printer control), but could not connect via SSH.

What I tried was:

ping 192.168.1.3

(pinging raspberry worked)

ssh pi@192.168.1.3

(did not work)

On raspberry:

sudo raspi-config

(to enable ssh)

sudo systemctl enable ssh

(to enable ssh)

What fixed it in my case was:

My computer was connected to the network router via an Ethernet cable, and the Pi was connected via WiFi. I connected the computer via WiFi to the same router and it worked. Connected again via Ethernet, and it stopped working. Possibly, router or network setup issues.

I hope this helps someone to save time.

J W
  • 121
  • 3
0

On Raspbian Lite 2018-11-13 RPI2, you can enable the SSH daemon by default by creating a magic file called ssh on the boot/ partition.

On an Ubuntu host, this can be done with:

sudo touch /media/$USER/boot/ssh

See also: SSH not working with fresh install

Ciro Santilli OurBigBook.com
  • 635
  • 10
  • 20