Permission denied (publickey).

Whenever I tried to ssh from one of my Google Cloud VMs to another, I got an error message. SSH asks me if I want to continue connecting, and when I say "yes", I get:

Permission denied (publickey).

If I just type enter (fingerprint), I get

Host key verification failed.

Here I want to show you how to resolve this.

The reason for this error message is that password logins are disabled by default, and that is a very sensible default. So we have to use host keys. A host key consists of a public and a private part. Let's create it right away. Use any VM, log in via browser-ssh and issue:

ssh-keygen -t rsa

Confirm all the defaults (even a hen could do this if you put enough corns onto the Enter key).

Let's look at your public key:

$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWo9/5gZ6Du51Rz3T7MOqgJg3aHPqw8CzVw20+DxeUh5FEGuZWQmRpToI7yH+9pR6JgqThJQ/MUyFELKKuKN4uafpOzPwclrLqv9oP+CWp3dYv020u3847eqBxotltD1L8o5D5+O1REbKKOlGQxyrs0xdYVuA3vm2UYH5aFXxs0BDlJTrKXYjjAOy6a6wliSAd5AlDGa3X6N0+pGFjURq3bF+QdqxBxPfYkbOE4ldCSbWSVPL9wkRLriyOgkHCBnBumsN6y19LFZwPVIZetzatM6RuFF/995cvtMVpKnxAvRd2jVefRaI9SSFQ9WL3Coo9cbpa0j1DuugqIElLc+oP thorsten@instance-2

This guy must now go into authorized_keys and your ssh query will be accepted whereever this file contains this public key. To put it into authorized_keys, you must find out if OS Login is enabled or not. OS Login manages (and overwrites) the authorized_keys file inside the operating system for you.

To find out if OS Login is enabled, go to the project metadata in Cloud Console:

In the following picture it is disabled:


If OS Login is disabled, log in via browser ssh to the target VM and add your key to authorized_keys:
$ cat id_rsa.pub >>~/.ssh/authorized_keys
(use copy-and-paste, terminate the input by typing CTRL_D)

If OS Login is enabled, add the key to the project's metadata, there is a tab "SSH keys":
Now it works:
thorsten@instance-2:~$ ssh 34.123.85.213
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.11.0-1022-gcp x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Sat Jun  4 22:33:39 UTC 2022

  System load:  0.0               Processes:             138
  Usage of /:   84.3% of 9.52GB   Users logged in:       1
  Memory usage: 39%               IPv4 address for ens4: 10.128.0.5
  Swap usage:   0%


369 updates can be applied immediately.
245 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable


Last login: Sat Jun  4 22:04:09 2022 from 34.122.183.250
thorsten@guacamole-2:~$




Comments

Post a Comment

Popular posts from this blog

Set up a webcam with Linux

Image
You want to use your webcam with a Linux computer? Good, then this article is for you. If you have a notebook or a laptop with an integrated webcam, this will most probably work out of the box. If you have a USB webcam, connect it to your computer. Then, you  open a console (aka terminal)  and type  cheese The "cheese" application will start up and show your webcam's output like this: A capture from a webcam in the program Cheese If this works, congratulations, you can now use your webcam with video editors, conferencing software, and so on. But: cheese may not be installed the drivers (aka kernel modules) for the webcam may not work your Linux computer may not have a graphical user interface (or you may not want it) you may want to switch between several webcams Install Cheese If you do not have the software cheese installed, you can install it by means of your distribution.  Find out your Linux distribution , open a terminal and enter: for Debian, Raspbian, Ubuntu, Kubu
Read more

PuTTY: No supported authentication methods available

Image
Today I got again this error message when trying to connect PuTTY to my VM: “No supported authentication methods available”: This time I decided to write down exactly what I do to get rid of it. Here it is: call puttygen, generate a public/private key pair: copy the blue part to the clipboard using CTRL_C save the private key as private.ppk, the public one as key.pub. Log in to your VM one last time without putty. In my case, I click on “SSH” in the browser: a shell opens up. Note the user name. Look at this shell: Last login: Mon Jun  6 09:10:40 2022 from 35.235.240.1 thorsten @guacamole-2:~$ in the above example, the user name is thorsten add the key to authorized_keys: thorsten@guacamole-2:~$ cd .ssh thorsten@guacamole-2:~/.ssh$ cat >>authorized_keys You still have the key copied to the clipboard, right? Right-click into the console to paste it. Type CTRL_D to end the input. Use vi to change rsa-key-220604 to your user name. Now start putty, enter as session thorsten@my-domain
Read more

My SAT>IP Server

Image
I bought a SAT>IP Server to bring my satellite TV into my WLAN. I want this because my satellite's connection is in another place in the room than my TV. First learning: You need a SAT>IP Server, not a SAT>IP Receiver. A SAT>IP Server receives signals from the LNB. A SAT>IP Receiver receives a connection from the SAT>IP Server and transforms it into an HDMI stream (for example). As SAT>IP Receiver you can also use the VLC software which will just display the video stream. When buying, make sure you buy a server. Second learning: The latest Kathrein EXIP 418  SAT>IP Server did not work with my setup. It needs a multi-switch between the LNB and the server. When buying, make sure you understand the setup. Mine looks like this: So I settled for a Telestar  TwinBit SAT>IP Server. Laptop To watch TV on my Windows Laptop, I download VLC and start it. Click View->Playlist. Point it to Universal Plug'n'Play, and wait 6 minutes, 47 seconds, and the ser
Read more