Sudden I can not SSH to hassbian " FAIL: Permission denied (publickey,password)"


#1

suddend i can not ssh to hassbian
i ssh by ZOC on mac os
user: pi
pass: raspberry ( i dont change password)
output error here
[SSH] Server Version OpenSSH_7.4p1 Raspbian-10+deb9u4
[SSH] Permission denied (password)
[SSH] FAIL: Permission denied (publickey,password).

When i ssh by Termial of mac os they show log

Goods-MacBook-Pro:~ goodluck$ ssh -vvv [email protected]

OpenSSH_7.9p1, LibreSSL 2.7.3

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 48: Applying options for *

debug2: resolve_canonicalize: hostname 192.168.1.8 is address

debug2: ssh_connect_direct

debug1: Connecting to 192.168.1.8 [192.168.1.8] port 22.

debug1: Connection established.

debug1: identity file /Users/goodluck/.ssh/id_rsa type 0

debug1: identity file /Users/goodluck/.ssh/id_rsa-cert type -1

debug1: identity file /Users/goodluck/.ssh/id_dsa type -1

debug1: identity file /Users/goodluck/.ssh/id_dsa-cert type -1

debug1: identity file /Users/goodluck/.ssh/id_ecdsa type -1

debug1: identity file /Users/goodluck/.ssh/id_ecdsa-cert type -1

debug1: identity file /Users/goodluck/.ssh/id_ed25519 type -1

debug1: identity file /Users/goodluck/.ssh/id_ed25519-cert type -1

debug1: identity file /Users/goodluck/.ssh/id_xmss type -1

debug1: identity file /Users/goodluck/.ssh/id_xmss-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_7.9

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Raspbian-10+deb9u4

debug1: match: OpenSSH_7.4p1 Raspbian-10+deb9u4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002

debug2: fd 3 setting O_NONBLOCK

debug1: Authenticating to 192.168.1.8:22 as 'pi'

debug3: hostkeys_foreach: reading file "/Users/goodluck/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /Users/goodluck/.ssh/known_hosts:1

debug3: load_hostkeys: loaded 1 keys from 192.168.1.8

debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug2: local client KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c

debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]

debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]

debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,[email protected],zlib

debug2: compression stoc: none,[email protected],zlib

debug2: languages ctos: 

debug2: languages stoc: 

debug2: first_kex_follows 0 

debug2: reserved 0 

debug2: peer server KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1

debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]

debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]

debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,[email protected]

debug2: compression stoc: none,[email protected]

debug2: languages ctos: 

debug2: languages stoc: 

debug2: first_kex_follows 0 

debug2: reserved 0 

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none

debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none

debug3: send packet: type 30

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:B6L44jqFi8i2w4FG9mOZuhItEjVMZWu63bLzFxjZjys

debug3: hostkeys_foreach: reading file "/Users/goodluck/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /Users/goodluck/.ssh/known_hosts:1

debug3: load_hostkeys: loaded 1 keys from 192.168.1.8

debug1: Host '192.168.1.8' is known and matches the ECDSA host key.

debug1: Found key in /Users/goodluck/.ssh/known_hosts:1

debug3: send packet: type 21

debug2: set_newkeys: mode 1

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: set_newkeys: mode 0

debug1: rekey after 134217728 blocks

debug1: Will attempt key: /Users/goodluck/.ssh/id_rsa RSA SHA256:hcfMWQBJR/OitPwFC+o5bIMaNKLz8XHVuIx2yYMrVdc

debug1: Will attempt key: /Users/goodluck/.ssh/id_dsa 

debug1: Will attempt key: /Users/goodluck/.ssh/id_ecdsa 

debug1: Will attempt key: /Users/goodluck/.ssh/id_ed25519 

debug1: Will attempt key: /Users/goodluck/.ssh/id_xmss 

debug2: pubkey_prepare: done

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password

debug3: start over, passed a different list publickey,password

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /Users/goodluck/.ssh/id_rsa RSA SHA256:hcfMWQBJR/OitPwFC+o5bIMaNKLz8XHVuIx2yYMrVdc

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password

debug1: Trying private key: /Users/goodluck/.ssh/id_dsa

debug3: no such identity: /Users/goodluck/.ssh/id_dsa: No such file or directory

debug1: Trying private key: /Users/goodluck/.ssh/id_ecdsa

debug3: no such identity: /Users/goodluck/.ssh/id_ecdsa: No such file or directory

debug1: Trying private key: /Users/goodluck/.ssh/id_ed25519

debug3: no such identity: /Users/goodluck/.ssh/id_ed25519: No such file or directory

debug1: Trying private key: /Users/goodluck/.ssh/id_xmss

debug3: no such identity: /Users/goodluck/.ssh/id_xmss: No such file or directory

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

[email protected]'s password:

debug3: send packet: type 50

debug2: we sent a password packet, wait for reply

Connection closed by 192.168.1.8 port 22

Goods-MacBook-Pro:~ goodluck$


#2

Same for me after upgrading to v.88.2. Seems my .ssh files are gone.
Need to include it into my backup script…

/ Ralf


#3

the slolution is dont ssh throught IP
I ssh throught DOMAIN DUCKDNS --> it working well


#4

This is an extremely dangerous situation. Anyone can connect to your HA instance and the first guess they will make at a password is your default password, which will give them root access to your pi.

Before you do anything you must change your password.

Then you have to consider the problem that if your internet goes down (or more specifically you lose access to the dns server) you will not be able to access your pi. People have different opinions, but I would not regard this as acceptable.

Unfortunately, I don’t have enough experience with ssh to tell what is wrong, but I suggest you do some more digging so you can access HA from an ip address, just for reliability.