ssh: Permission denied (publickey). SOLVED

[mimosa]

I can't ssh into my Raspberry Pi this morning; the problem seems to be local, because the same applies to people.salixos.org:

Code: Select all

debug1: Next authentication method: publickey
debug1: Trying private key: /home/mimosa/.ssh/id_rsa
debug1: Trying private key: /home/mimosa/.ssh/id_dsa
debug1: Trying private key: /home/mimosa/.ssh/id_ecdsa
debug1: Trying private key: /home/mimosa/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).

That is just the last few lines of verbose output, in case there is anything above that shouldn't be posted publicly.

I suppose the best thing might be to delete .ssh and start again from scratch, but before doing that, I wonder if anyone else has seen or heard of anything similar?
I can't think of anything I may have done to change anything in relation to ssh. There was a brief power cut here yesterday, causing the Pi to reboot, whence my need to access it. I last did so a day or two ago without any trouble.

It does seem a little odd that ssh is (as it appears) sending my private key over the network.

[mimosa]

A separate point: as a workaround, indeed, an improvement, I tried calling the script that worked before (playing an internet radio stream with mpv) from the Pi's /etc/rc.local, and it doesn't work this way.

In the past, I have called the script by ssh'ing into the Pi, using nohup. I can't see why this should make a difference. But perhaps indeed it does?

Testing shows the script is called, but it doesn't seem to be talking to Alsa (although I added a two-minute delay to allow everything to initialise):

Code: Select all

mimosa[rootfs]$ cat home/pi/playlog 
Playing: mms://mediau.yle.fi/liveyleradio1
 (+) Audio --aid=1 --alang=eng (wmav2)
File tags:
 Title: YleRadio1hires
ALSA lib confmisc.c:1281:(snd_func_refer) Unable to find definition 'defaults.bluealsa.device'
ALSA lib conf.c:4528:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:4996:(snd_config_expand) Args evaluate error: No such file or directory
ALSA lib pcm.c:2495:(snd_pcm_open_noupdate) Unknown PCM bluealsa
[ao/alsa] Playback open error: No such file or directory
[ao] Failed to initialize audio driver 'alsa'
[ao] This audio driver/device was forced with the --audio-device option.
[ao] Try unsetting it.
Could not open/initialize audio device -> no sound.
Audio: no audio
: 00:00:00 Cache:  0s+16KB
[ffmpeg] Read data packet header failed!
[ffmpeg] Recv other type packet -5

Exiting... (Errors when loading file)

Code: Select all

mimosa[rootfs]$ cat etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

# custom
# start yle stream
/home/pi/stream.sh > /home/pi/log &
#/home/pi/stream.sh > /dev/null & 
# /custom

# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
  printf "My IP address is %s\n" "$_IP"
fi

exit 0

Here is the script itself, altered for debugging:

Code: Select all

mimosa[rootfs]$ cat home/pi/stream.sh
#!/bin/bash
SWITCH='OFF'

PLAYER='mpv '
OPTIONS='--audio-device=alsa/bluealsa --volume=50 '
STREAM='mms://mediau.yle.fi/liveyleradio1 ' 

# $SPEAKER='1D_AA_D0_C3_79_7C'

sleep 2m #allow Pi to boot if called from startup script

while (sleep 2)
do
        if [ `busctl tree org.bluez | wc -l` -lt 5 ] ; then # this tells us the speaker isn't connected, TODO find a better way
                echo "The speaker is off"
                if [ $SWITCH = 'ON' ] ; then
                        killall $PLAYER
                        SWITCH='OFF'
                fi
        else
                if [ $SWITCH = 'OFF' ] ; then
                        echo "The speaker has just been turned on"
                        killall $PLAYER
                        $PLAYER $OPTIONS $STREAM > /home/pi/playlog 2>&1 & #this and the sleep command above are the only alterations
#                       $PLAYER $OPTIONS $STREAM > /dev/null 2>&1 &
                        SWITCH='ON'
                fi
        fi

done

[galmei]

I can't think of anything I may have done to change anything in relation to ssh. There was a brief power cut here yesterday, causing the Pi to reboot, whence my need to access it.

There is good chance that due to a power failure, the file systems of the running computers have been damaged. In particular, it will have a detrimental effect if the write operations are configured to be very conservative in order to conserve flash memory and reduce the relatively slow write operations to flash memory. Whether the short power failure is the cause of the SSH problem depends on whether the running computers had suffered voltage collapses due to the short power failure, or whether the power supplies could continue to supply without voltage collapses for the short time. Before anything else is tried, all file systems should be tested on all machines.

[gapan]

Take the SD card out of the Pi and do fsck checks on the filesystems. As galmei says, it's very likely that the files have been corrupted. Got any backups?

[mimosa]

fsck has nothing to say against the Pi filesystem. It also seems worth pointing out that I normally reboot the Pi by unplugging it, like a router.

My instinct is it may be simplest to just start again with a new set of keys. If that doesn't work, I can create a new Raspbian image and go through the steps to get bluetooth to work on it, following the post I made here a few months back. And I will make a backup!

I am a bit puzzled though why my second line of attack (calling the stream script from rc.local, which would be better anyway) doesn't work. If I am not doing it wrong, that accords with the theory the powercut damaged the filesystem on the SD card.

There is also the fact that I can't ssh into people.salixos.org either. But maybe I am doing that wrong, too. My experience leaves me readier to suspect user error than hardware faults.

[gapan]

It also seems worth pointing out that I normally reboot the Pi by unplugging it, like a router.

Oh, that's a really bad idea. You should always do a proper shutdown before unplugging. RPis are notorious for corrupting the SD card with improper shutdowns.

There is also the fact that I can't ssh into people.salixos.org either. But maybe I am doing that wrong, too. My experience leaves me readier to suspect user error than hardware faults.

You mean you can't ssh to people.salixos.org from the Pi? That could also be attributed to the power cut I guess.

Can you look into the files in ~/.ssh? What are the contents, do they look OK?

[mimosa]

You should always do a proper shutdown before unplugging. RPis are notorious for corrupting the SD card with improper shutdowns.

That sounds like the explanation then. In fact I haven't done so that many times, but because I'm running it over the network, I would have to ssh into it to do so if not logged in already.

You mean you can't ssh to people.salixos.org from the Pi? That could also be attributed to the power cut I guess.

Can you look into the files in ~/.ssh? What are the contents, do they look OK?

I can't do so from my Salix installation, with the same error I am seeing when I try to ssh to the Pi. The files look ok to me but I probably need to refresh my memory about how ssh works:

Code: Select all

mimosa[~]$ sudo ls -l .ssh
Password: 
total 20
-rw-r--r-- 1 root root   24 Jun 17  2016 config
-rw------- 1 root root 1679 Jun 17  2016 id_rsa
-rw------- 1 root root  398 Jun 17  2016 id_rsa.pub
-rw------- 1 root root  365 Jun 18 09:37 known_hosts
-rwxr--r-- 1 root root  546 Jun 18 09:34 known_hosts~

[gapan]

Huh? Why are you using sudo? And why do the files in your home ~/.ssh belong to root?

[mimosa]

When I was troubleshooting this, I read somewhere the permissions should be 700 for the directory, 600 for the files. So I thought that might be the problem (however it was before) and changed them. This made no difference. But it was working fine till the other day, and as far as I remember, I haven't changed anything about these files till then, probably since 14.2 was released.

I think at this point I should try starting again from scratch (which will presumably give me the correct file ownerships and permissions by default).

[gapan]

Permissions are fine. Ownership is wrong. These files should belong to your user!