Ubuntu client cannot connect to ubuntu server since update but windows client can
I'm the administrator of 3 small ubuntu servers used in our scientific group and I have ubuntu 18.04 on my personal laptop.
For the past two weeks I've been unable to access the servers remotely (I'm pretty sure this occurred after an update on the servers), but other clients using Windows (Putty and WinSCP) still have normal access. I can log into the server on site but when I try remotely those are the error messages I get:
=======
On the client side (ssh -vvv hostname): (I replaced the actual server name by "hostname", the IP address by xxx.xxx.xxx.xxx, and my username by username)
-------
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/user/
debug1: /home/user/
debug1: /home/user/
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "hostname" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to hostname [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/user/
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/
debug1: Local version string SSH-2.0-
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.8p1
debug1: match: OpenSSH_7.8p1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to hostname:22 as 'sysadmin'
debug3: hostkeys_foreach: reading file "/home/
debug3: record_hostkey: found key type RSA in file /home/user/
debug3: load_hostkeys: loaded 1 keys from hostname
debug3: order_hostkeyalgs: prefer hostkeyalgs: <email address hidden>
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-
debug2: host key algorithms: <email address hidden>
debug2: ciphers ctos: <email address hidden>
debug2: ciphers stoc: <email address hidden>
debug2: MACs ctos: <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>
debug2: MACs stoc: <email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>
debug2: compression ctos: none,<email address hidden>,zlib
debug2: compression stoc: none,<email address hidden>,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: <email address hidden>,<email address hidden>
debug2: ciphers stoc: <email address hidden>,<email address hidden>
debug2: MACs ctos: <email address hidden>,<email address hidden>
debug2: MACs stoc: <email address hidden>,<email address hidden>
debug2: compression ctos: none,<email address hidden>
debug2: compression stoc: none,<email address hidden>
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: <email address hidden> compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: <email address hidden> compression: none
debug3: send packet: type 34
debug1: SSH2_MSG_
debug3: receive packet: type 31
debug1: got SSH2_MSG_
debug2: bits set: 4084/8192
debug3: send packet: type 32
debug1: SSH2_MSG_
debug3: receive packet: type 33
debug1: got SSH2_MSG_
debug1: Server host key: ssh-rsa SHA256:
debug3: hostkeys_foreach: reading file "/home/
debug3: record_hostkey: found key type RSA in file /home/user/
debug3: load_hostkeys: loaded 1 keys from hostname
debug3: hostkeys_foreach: reading file "/home/
debug3: record_hostkey: found key type RSA in file /home/user/
debug3: load_hostkeys: loaded 1 keys from xxx.xxx.xxx.xxx
debug1: Host 'hostname' is known and matches the RSA host key.
debug1: Found key in /home/user/
debug2: bits set: 4097/8192
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /home/user/
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-
debug3: authmethod_
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
sysadmin@hostname: Permission denied (publickey).
=======
On the server side (var/log/auth.log): only showed the relevant lines
-------
Oct 5 12:27:16 hostname sshd[9957]: error: Could not load host certificate "/etc/ssh/
Oct 5 12:27:16 hostname sshd[9957]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedK
Oct 5 12:27:16 hostname sshd[9957]: Connection closed by authenticating user sysadmin xxx.xxx.xxx.xxx port 54356 [preauth]
=======
My config file (on my laptop):
-------
Host *
ForwardX11 yes
Host hostname
User sysadmin
Host user
User user
ProxyJump hostname
=======
Ssh_config (on the server):
-------
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# PasswordAuthent
# HostbasedAuthen
GSSAPIAuthe
# GSSAPIDelegateC
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyCh
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_ed25519
PubkeyAccep
# Port 22
# Protocol 2
HostKeyAlgo
Ciphers <email address hidden>,<email address hidden>
KexAlgorithms curve25519-
MACs <email address hidden>,<email address hidden>
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
VerifyHostK
=======
sshd_config (on the server):
-------
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/
HostCertificate /etc/ssh/
HostKeyAlgorithms <email address hidden>,ssh-rsa
# Ciphers and keying
#RekeyLimit default none
Ciphers <email address hidden>,<email address hidden>
KexAlgorithms diffie-
MACs <email address hidden>,<email address hidden>
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthenti
PubkeyAcceptedK
AuthorizedKeysFile /etc/ssh/
#AuthorizedPrin
#AuthorizedKeys
#AuthorizedKeys
# For this to work you will also need host keys in /etc/ssh/
#HostbasedAuthe
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthen
#IgnoreUserKnow
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthent
#PermitEmptyPas
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeRespon
# Kerberos options
#KerberosAuthen
#KerberosOrLoca
#KerberosTicket
#KerberosGetAFS
# GSSAPI options
#GSSAPIAuthenti
#GSSAPICleanupC
#GSSAPIStrictAc
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeRespon
# PasswordAuthent
# PAM authentication via ChallengeRespon
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthent
# and ChallengeRespon
UsePAM yes
#AllowAgentForw
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvi
#Compression delayed
#ClientAliveInt
#ClientAliveCou
UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
DebianBanner no
# Allow client to pass locale environment variables
AcceptEnv
# override default of no subsystems
Subsystem sftp /usr/lib/
# Example of overriding settings on a per-group basis
Match Group sftp-only
AuthorizedKeysFile /etc/ssh/
ChrootDirectory /home
DisableForwarding yes
ForceCommand internal-sftp -d %u
PermitTTY no
=======
Both my private (user-key) and public key (user-key.pub) are in my .ssh/keys folder and I compared the public key with the one on the server and they match. I even regenerated the public key from the private one to make sure it wasn't corrupted.
If you need any additional information please ask and you shall receive.
Many thanks in advance for any information!
Question information
- Language:
- English Edit question
- Status:
- Expired
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply: