Secure Shell Debugging ssh problems Private key is not accepted (OpenSSH clients debug)


By default, most of the information is hidden from the user. You can use -v switches to get a verbose log of the connection attempt, which will usually pinpoint the problem by showing why the behavior is different than you expect.

Let's assume you are connecting to the server using ssh (or other OpenSSH client like sftp or scp) and your private key is not accepted by the server and the server asks for the password (or rejects the connection):

$ ssh's password: 

Try to run the ssh with -vvv switches, which will write out all the debug messages. It will be a lot of information, but after some time, it is quite easy to understand that:

$ ssh -vvv

The most common problem is that the key is not in the expected location. You can expect similar lines to show up, complaining about missing files. Checking that your file was really read is a good start:

debug1: identity file /home/username/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_dsa-cert type -1

We can continue to the authentication part. The key might be offered, but rejected by the server, because of problem with server configuration. The log might look somehow like this:

debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: username@localhost
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password