If you are facing the issue
$ ssh user1@192.168.0.1
kex_exchange_identification: write: Connection reset by peerIt seems that the process on the SSH daemon on the Server side is dead and there is a need to restart the Server
On the Server Side
# systemctl restart sshd.serviceIf you are using a MacOS and you are planning to do a X-forwarding, you may notice an error like this. In the Pix, below, after SSH, I wanted to X-forward Firefox Browser from Rocky Linux 8
ssh -X user1@192.168.0.1
There are a few settings we need to do. Let’s fix the “Locale not supported by C library. Using the fallback ‘C’ locale”
Issue 1 – Locale not support by C library. Using the fallback ‘C’ locale
To fix it, go to Top-Left-Hand Corner of your Mac-Desktop to look for the Terminal App,
Close and Quit Terminal App and come in again. You should fix the first problem.
Issue 2 – Install XQuartz
X11 used to be included with macOS. Apple no longer includes X11 with macOS. That is why you see an error like this “Error: no DISPLAY environment variable specified.”
You have to download the XQuartz App which is an open-source effort to develop a version of the X.Org X Window System that runs on macOS. Downloading and Installing is very straight-forward and easy. I’ve captured selected screen-shots….
After installing, you may want to let is run in the background
Log-Off from Your Mac Completely to allow the settings to reinitate
Issue 3 – Fixing the libGL error: failed to load driver: swrast on Rocky Linux 8
You may find an issue similar to the one in the earlier blog. That is how you may want to fix it.
If you are having SSH issues and if you turned on high verbosity and the following output is generated
# ssh -vvv XXX.XXX.XXX.XXX.....
.....
debug1: Offering public key: debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
.....
.....
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
user1@192.168.0.1: Permission denied (publickey,gssapi-with-mic,password)According to SSH protocol (RFC 4252), these are the general authentication message codes
SSH_MSG_USERAUTH_REQUEST 50
SSH_MSG_USERAUTH_FAILURE 51
SSH_MSG_USERAUTH_SUCCESS 52
SSH_MSG_USERAUTH_BANNER 53
It means that the authentiation methods mentioned in the “Permission Denied” was not accepted. What are some of the common issues.
Type 1 (Most Common Mistake): Permission Errors on the .ssh Folder and files inside .ssh
Type 2: Incorrect Configuration Settings on the /etc/ssh/sshd_config
(Assuming you are using Password Authentication) Inside /etc/ssh/sshd_config, you should have something like
PermitRootLogin no
.....
PasswordAuthentication yes
.....
ChallengeResponseAuthentication no
.....
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
.....
UsePAM yes
Type 2: Incorrect Configuration Settings on the /etc/ssh/ssh_config
In Rocky Linux 8, everything should be commented except the last line “Include /etc/ssh/ssh_config.d/*.conf”
References:
If you encountered issues like “Permission denied, please try again.” during SSH, there are a few steps to consider.
One possibility is that you may want to took at /var/log/secure which might give some clues to the possible causes. One could be due to lock out rules for SSH. There is one interesting writeup which could shed light into this possibility. Configure lockout rules for SSH login
Another possibility is that you may want to check on the permission on your .ssh directory which may be incorrectly set. For example, you may want to consider
If you are encountering delays in entering your linux account and instead notice
/usr/bin/xauth: timeout in locking authority file /home/user1/.Xauthority
The Issue is that xauth is trying to open a lock files.
To resolve the issues, first list the file to check whether it exists
% ls -l .Xauthority*
% rm -fr .Xauthority-*
Log off and Log on again.
From Sharcnet HPC
To secure your system better by allowing selected hosts to ssh into your system as root, you will need the Match keyword found in the /etc/ssh/sshd_config
For example, to allow only 192.168.x to be able to ssh into the system, you do the following. If you are using
% vim /etc/ssh/sshd_config
PermitRootLogin no ..... ..... # Example of overriding settings on a per-user basis Match Address 192.168.*,172.21.1.1 PermitRootlogin yes
PermitRootLogin no UseDNS yes ..... ..... # Example of overriding settings on a per-user basis Match Host *.example.com,host1.idontknow.com PermitRootlogin yes
PermitRootLogin no UseDNS yes ..... ..... # Example of overriding settings on a per-user basis Match User user1 Host *.example.com PermitRootlogin yes
% systemctl restart sshd.service
I encountered this error recently when trying to X forward to another remote site.
"Warning: No xauth data; using fake authentication data for X11 forwarding."
and there was no and doesn’t display picture.
These are the steps I took to trouble-shoot
There was this post that a user explained quite well. (http://www.authsecu.com/nntp/comp-security-ssh/19540-comp-security-ssh-what-does-%22x11uselocalhost-no%22-do.htm)
When doing X forwarding, sshd listens on a TCP socket for connections from X clients. Normally, it will accept connections addressed to the loopback address only (127.0.0.1), restricting it to clients on the local host. X11UseLocalhost no means it will accept connections from anywhere.
If you are unable to have open a connection to your SSH public key could not be exchanged successfully, you may want to do the following
Remember to do the following SSH Login without Password
Evaluate that the agent is up
# eval `ssh-agent -s` Agent pid 265652
Add your SSH private key to the ssh-agent.
# ssh-add ~/.ssh/id_rsa.pub
*If you are still using “Could not open a connection to your authentication agent.”
# exec ssh-agent bash
*If You are having the issue. The default is
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for 'id_rsa.pub' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored.
# chmod 600 id_rsa.pub
If you are rebuilding the ssh keys for a user who has accidentally destroyed their files inside .ssh directory
Step 1: Generate the Private Key
# ssh-keygen -t rsa
Step 2: Generate the Public Key from Private Key
# ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
Step 3: Generate the Authorized Key
# cat .ssh/id_rsa.pub >> .ssh/authorized_keys
Step 4: Generate Config File
# touch ~/.ssh/config
StrictHostKeyChecking no
The Linux Cluster 