February 22, 2015

Logging in with SSH

See some common hurdles to logging into a server over SSH.

See some common hurdles to logging into a server over SSH.### Try to Login

ssh root@104.236.90.57

Too many authentication errors for user root.

ssh -vvv root@104.236.90.57

See which keys it tries. For me, it reaches its max of 6 before failing. I don't have an ssh key setup; We want it to fall back to asking for a password.

# Don't use public key authentication
ssh -o "PubkeyAuthentication no" root@104.236.90.57

This will ask me for a password rather than attempt public key authentication.

On first login of this Debian server, I'm asked to create a new root password. This may or may not happen for you.

Create an SSH Key

Let's create an SSH key so we can login more securely. Locally on my Macintosh, I create an SSH key pair:

cd ~/.ssh
ssh-keygen -t rsa -b 4096 -C "chris@serversforhackers.com" -f id_sshex

I created a passwordless key pair here, but in production, I would always use a password. This becomes the password used to login. The password assigned to the linux user (root, in this video), is separate, and may still be needed after logging in.

On my Mac, I copied the newly created public key into my clipboard:

cat ~/.ssh/id_sshex.pub | pbcopy

Then back in the remote server, I add the public key to my user's authorized_keys file:

# Log back in if necessary
ssh -o "PubkeyAuthentication no" root@104.236.90.57

# Open authorized_keys for editind and
# paste the public key in
vim ~/.ssh/authorized_keys

Once that key is all set, you may still receive authentication errors. In my case, SSH tried my other defined keys, reaching its maximum before attempting to use my new SSH key.

# Still didn't work, as described above
ssh -i "~/.ssh/id_sshex" root@104.236.90.57

# However, this works!
ssh -o "IdentitiesOnly yes" \
    -i "/Users/fideloper/.ssh/id_sshex" root@104.236.90.57

All Topics