3

I am trying to connect to SSH for the first time. But it says 

The authenticity of host '[<host>]:<port>' can't be established. ECDSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[<host>]:<port>' (ECDSA) to the list of known hosts. root@<host>: Permission denied (publickey).

Is there a breach or something?

Improve this question
9
  • 2
    what are the permissions of files in .ssh directory? And also what is the permission of .ssh directory itself Commented Feb 14, 2020 at 14:53
  • There is only one user - root. Commented Feb 14, 2020 at 15:02
  • Did you copy the public key to the server? Also, allowing root to login can pose a security risk. Commented Feb 14, 2020 at 15:06
  • 1
    Add in to the question the result of ls -ld ~/.ssh and ls -l ~/.ssh Commented Feb 14, 2020 at 15:17
  • 3
    The problem is simple: The server only allows authentication with keyfiles. You have not placed your public key on the server. Therefore, you can't authenticate. There is no breach. Commented Feb 14, 2020 at 15:24

1 Answer 1

Reset to default
2

You have two messages there.

The first is telling you that you don't yet know the fingerprint of the public key of the machine that you are connecting to. Before accepting it, check that the fingerprint is correct, by transiting via a separate secure channel (it is ok if someone else sees it, but they must not be able to replace it with their own).

The second part root@<host>: Permission denied (publickey). is a little ambiguous. But here are some things to check:

sshd (the server), is usually configured to block root login. You need to add a new user, with sudo permissions. Or a less good solution is to change the configuration of ssh, to allow root login.

Then check, that you:

  • Put your public key into ~root/.ssh/authorized_keys?
  • Set the permission so that no other groups or other can read or write to ~root/.ssh, or the files in it, but root can at least read.
  • Add your key to your agent (ssh-add).

If that does not work, then turn on verbose mode -v or -vv or -vvv, start with one, and increase as needed.

If that does not work, then look at the logs at the remote end.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.