Team dev members can't access ssh root@[ip]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
0
down vote

favorite












Team dev members can't access ssh root@[ip].



i have asked my team-members to generate a ssh key-value pair, in order for them to access or digital ocean ubuntu droplet.



first i tried going to the authorized_keys file in the ~/.ssh directory and appending the public key manually which failed.



Afterwards i tried to get to the digital ocean admin panel (under security), where i added the public ssh key through their api. It configured the key, and there was no problems from the website. However my team members are still not able to access the droplet. It simple says access denied (public key), whenever they try to enter the server.



How can this be?



here is my sshd_config file:



# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes



server permissions ssh




share|improve this question


















  • 2




    Include the contents of the /etc/ssh/sshd_config file here as an edit to your question.. By default, root is not allowed to connect unless you configure key authentication, and if it's configured properly your users might be at fault (not configuring it in PuTTY, misnamed so it's not picked up by ssh-agent, etc.)
    – Thomas Ward♦
    Apr 24 at 20:22











  • i have allow PermitRootLogin sat to yes
    – kristof
    Apr 24 at 21:00










  • how can i solve this with the sshd_config file?
    – kristof
    Apr 24 at 21:13










  • What is the full path to the authorized_keys file that you added the public keys to?
    – dobey
    Apr 24 at 21:13










  • do i need to add the keys in the ssh agent?
    – kristof
    Apr 24 at 21:13














up vote
0
down vote

favorite












Team dev members can't access ssh root@[ip].



i have asked my team-members to generate a ssh key-value pair, in order for them to access or digital ocean ubuntu droplet.



first i tried going to the authorized_keys file in the ~/.ssh directory and appending the public key manually which failed.



Afterwards i tried to get to the digital ocean admin panel (under security), where i added the public ssh key through their api. It configured the key, and there was no problems from the website. However my team members are still not able to access the droplet. It simple says access denied (public key), whenever they try to enter the server.



How can this be?



here is my sshd_config file:



# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes



server permissions ssh




share|improve this question


















  • 2




    Include the contents of the /etc/ssh/sshd_config file here as an edit to your question.. By default, root is not allowed to connect unless you configure key authentication, and if it's configured properly your users might be at fault (not configuring it in PuTTY, misnamed so it's not picked up by ssh-agent, etc.)
    – Thomas Ward♦
    Apr 24 at 20:22











  • i have allow PermitRootLogin sat to yes
    – kristof
    Apr 24 at 21:00










  • how can i solve this with the sshd_config file?
    – kristof
    Apr 24 at 21:13










  • What is the full path to the authorized_keys file that you added the public keys to?
    – dobey
    Apr 24 at 21:13










  • do i need to add the keys in the ssh agent?
    – kristof
    Apr 24 at 21:13












up vote
0
down vote

favorite









up vote
0
down vote

favorite











Team dev members can't access ssh root@[ip].



i have asked my team-members to generate a ssh key-value pair, in order for them to access or digital ocean ubuntu droplet.



first i tried going to the authorized_keys file in the ~/.ssh directory and appending the public key manually which failed.



Afterwards i tried to get to the digital ocean admin panel (under security), where i added the public ssh key through their api. It configured the key, and there was no problems from the website. However my team members are still not able to access the droplet. It simple says access denied (public key), whenever they try to enter the server.



How can this be?



here is my sshd_config file:



# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes



server permissions ssh




share|improve this question














Team dev members can't access ssh root@[ip].



i have asked my team-members to generate a ssh key-value pair, in order for them to access or digital ocean ubuntu droplet.



first i tried going to the authorized_keys file in the ~/.ssh directory and appending the public key manually which failed.



Afterwards i tried to get to the digital ocean admin panel (under security), where i added the public ssh key through their api. It configured the key, and there was no problems from the website. However my team members are still not able to access the droplet. It simple says access denied (public key), whenever they try to enter the server.



How can this be?



here is my sshd_config file:



# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes




server permissions ssh





share|improve this question













share|improve this question




share|improve this question








edited Apr 24 at 21:02









pa4080

12k52255




12k52255










asked Apr 24 at 19:41









kristof

63




63







  • 2




    Include the contents of the /etc/ssh/sshd_config file here as an edit to your question.. By default, root is not allowed to connect unless you configure key authentication, and if it's configured properly your users might be at fault (not configuring it in PuTTY, misnamed so it's not picked up by ssh-agent, etc.)
    – Thomas Ward♦
    Apr 24 at 20:22











  • i have allow PermitRootLogin sat to yes
    – kristof
    Apr 24 at 21:00










  • how can i solve this with the sshd_config file?
    – kristof
    Apr 24 at 21:13










  • What is the full path to the authorized_keys file that you added the public keys to?
    – dobey
    Apr 24 at 21:13










  • do i need to add the keys in the ssh agent?
    – kristof
    Apr 24 at 21:13












  • 2




    Include the contents of the /etc/ssh/sshd_config file here as an edit to your question.. By default, root is not allowed to connect unless you configure key authentication, and if it's configured properly your users might be at fault (not configuring it in PuTTY, misnamed so it's not picked up by ssh-agent, etc.)
    – Thomas Ward♦
    Apr 24 at 20:22











  • i have allow PermitRootLogin sat to yes
    – kristof
    Apr 24 at 21:00










  • how can i solve this with the sshd_config file?
    – kristof
    Apr 24 at 21:13










  • What is the full path to the authorized_keys file that you added the public keys to?
    – dobey
    Apr 24 at 21:13










  • do i need to add the keys in the ssh agent?
    – kristof
    Apr 24 at 21:13







2




2




Include the contents of the /etc/ssh/sshd_config file here as an edit to your question.. By default, root is not allowed to connect unless you configure key authentication, and if it's configured properly your users might be at fault (not configuring it in PuTTY, misnamed so it's not picked up by ssh-agent, etc.)
– Thomas Ward♦
Apr 24 at 20:22





Include the contents of the /etc/ssh/sshd_config file here as an edit to your question.. By default, root is not allowed to connect unless you configure key authentication, and if it's configured properly your users might be at fault (not configuring it in PuTTY, misnamed so it's not picked up by ssh-agent, etc.)
– Thomas Ward♦
Apr 24 at 20:22













i have allow PermitRootLogin sat to yes
– kristof
Apr 24 at 21:00




i have allow PermitRootLogin sat to yes
– kristof
Apr 24 at 21:00












how can i solve this with the sshd_config file?
– kristof
Apr 24 at 21:13




how can i solve this with the sshd_config file?
– kristof
Apr 24 at 21:13












What is the full path to the authorized_keys file that you added the public keys to?
– dobey
Apr 24 at 21:13




What is the full path to the authorized_keys file that you added the public keys to?
– dobey
Apr 24 at 21:13












do i need to add the keys in the ssh agent?
– kristof
Apr 24 at 21:13




do i need to add the keys in the ssh agent?
– kristof
Apr 24 at 21:13















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1027911%2fteam-dev-members-cant-access-ssh-rootip%23new-answer', 'question_page');

);

Post as a guest






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1027911%2fteam-dev-members-cant-access-ssh-rootip%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

pylint3 and pip3 broken

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have tried sudo apt remove --purge on various packages. I get the same when I reinstall. I have also tried reinstall using aptitude. This does not work. My current workaround is to run pylint3 as root, which works, but is bad practice. pip3 $ pip3 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/_vendor/__init__.py", line 33, in vendored __import__(vendored_name, globals(), locals(), level=0) ImportError: No module named 'pip._vendor.pkg_resources' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/pip3", line 9, in <module> from pip import main File "/usr/lib/python3/dist-packages/pip/__init__.py", line 13, in <module> from pip.exceptions import InstallationError, CommandError, PipError File "/usr/lib/python3/dist-packages/pip/exceptions.py", line 6, ...
Read more

Missing snmpget and snmpwalk

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried to install it with: apt-get install net-snmp-utils but I have error message: Unable to locate package. I have also check what from SNMP is preinstalled and there is: libsnmp-base libsnmp30:amd64 snmp-mibs-downloader snmpd snmptrapd snmptrapfmt How can I install snmpget and snmpwalk ? snmp zabbix share | improve this question edited Jan 29 at 10:10 Yaron 8,552 7 18 38 asked Jan 29 at 9:51 Alfista 1 apt install snmp perhaps ? If named differently - apt cache snmp – fugitive Jan 29 at 10:00 add a comment  |  up vote 0 down vote favorite I have installed Zabbix appliance, directly preinstalled and found that there is missing snmpwalk and snmpget commands. I tried...
Read more

How to enroll fingerprints to Ubuntu 17.10 with VFS491

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I decided to switch from Windows to Ubuntu 17.10, I meet it like 8 years ago and I didn't decided to switch until now (haha). Well, my actual device is an HP Probook 4540s with a Validity fingerprint sensor (VFS491). The fingerprint sensor worked fine on Windows but I can't get it to work in Ubuntu. The device is recognized as 138a:003d but is not detected as a fingerprint scanner by some apps like Fingerprint GUI. I want to use the fingerprint scanner to log in into my user account in Ubuntu but it doesn't supports fingerprints without special software and the drivers of the fingerprint scanner are available for Windows but not for any Linux distribution. I found something on GitHub (https://github.com/eekpie/libfprint) about the integration of the VFS491 in libfprint and I think it can help but I don't know what to do with it, so that's why I need the help of the community to do it since I am...
Read more