Hi all,

I opened a support ticket and it was suggested I bring it up here. Fresh eyes, and all that.

SSH'ing into my linode has been working fine for weeks, but since this morning SSH is failing with "Permission Denied (publickey)".
BTW, the security setup is a non-root public key authentication, using the user "ubuntu".

What I've Checked
Running SSH with -v switch gives:

debug1: Host 'mydomain.org' is known and matches the RSA host key.
debug1: Found key in /Users/daviddoran/.ssh/known_hosts:14
debug1: ssh_rsa_verify: signature correct

and

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/daviddoran/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering public key: /Users/daviddoran/.ssh/ddm-assembla-key
debug1: Authentications that can continue: publickey
debug1: Offering public key: /Users/daviddoran/.ssh/authorized_keys
debug1: Authentications that can continue: publickey
debug1: Offering public key: /Users/daviddoran/.ssh/tender-prod.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/daviddoran/.ssh/identity
debug1: Trying private key: /Users/daviddoran/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).

So the SSH client has verified we're dealing with the same host, and tries to use my SSH keys (id_rsa being the correct one).
Also, when I use the AJAX console and run `keysview`the public key line matches my id_rsa.pub exactly. Also, my id_rsa and id_rsa.pub files have modification times of a few months ago, as does the server's sshd_config.

My SSHD server config is:

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
RhostsRSAAuthentication no
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#MaxStartups 10:30:60
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
AllowGroups sshusers

Interestingly, though the `keysview` command in lish shows my public key in authorized_keys I can't find this actual file on the server--not sure if this means anything. Other than that I'm all out of ideas, I can't see any pointers to where something is changed or broken.

Any, and all, help appreciated -- thank you.

keysview on the server shows you keys that are authorized to log into lish.
Not to your server..

Remeber that LISH is your console, which runs on ssh on the linode server.

whereas you want to be ssh'ing to your linode.

_________________
ServerAdmin - www.our-lan.com
"Diplomacy is the art of saying nice doggy whilst looking for a really big stick"
"In my experiece, any attempt to make any system idiot proof will only challenge God to make a better idiot"

That makes sense, now that you say it. I wasn't making the distinction between lish keys vs. standard console keys.

So, with that cleared up, I'll add a bit:

I've placed (my id_rsa.pub public key):

ssh-rsa AAAAB3NzaC1y................x0bs33RBfQ== myemail@gmail.com

In the following files:

/etc/ssh/authorized_keys
/etc/ssh/authorized_keys2
/root/.ssh/authorized_keys2
/root/.ssh/authorized_keys

I'm not 100% sure what the setup was when this _was_ working, since it was initially setup with a stackscript. But nothing has changed, to my knowledge.

The key needs to be in:

/home/username/.ssh/authorized_keys

or

/home/username/.ssh/authorized_keys2

/root/.ssh/authorized_keys is no good -- you've disallowed root logins

_________________
/ Peter

Thank Jesus (nay, thank pclissold) that solved it.

In retrospect it seems blindingly obvious, that ~/ would be /home/ubuntu/ when ubuntu@ is trying to log in. I didn't think to use /home/ubuntu since there was no .ssh folder in there.

What I'm completely baffled about is where /home/ubuntu/.ssh went? It was non existent until I created it to place authorized_keys and authorized_keys2 in there a few minutes ago. But over night my setup broke, so presumably it existed previously...

(If anyone's interested, my day-to-day interactions with the server are via an automated git-pull script in /var/www, so I don't access my home folder directly.)

Thanks all.