SSH error message

I was trying to harden my server following the steps outlined from Jay on the Linode Youtube channel. I followed his instructions to update the server and rebooted. After the reboot, I get an "Access Denied (PublicKey) error message when I try to SSH into the server from the Terminal. How do I go about fixing this? Trying to find instructions online and I am more confused than ever. Thanks.

Ok, have you asked Jay? I am not trying to be quip or cute, I am saying what did Jay have you doing? Unless you have a copy of your terminal session (please attach if so) and posted it here, how would anyone here KNOW what you have done, and therefore how to help fix or undo?

Do you see what I’m saying? Any help there?

@gburke are you registered for the classes? If so, there is a geat lesson on hardening your server to be seen. @vasileios is definitely the guy to ask. If you are still having issues he will help.

Hey @gburke and welcome to the forums!
Thank you for tagging me, @BigDaveAZ! I’ve been on an all-but-impossible deadline this past month, up until June 5th, hence my less frequent visits (I come here during my breaks, when I’m not eating or using the bathroom :laughing: ).

@gburke -
I don’t know what changes you may have done to the SSH, so a recap would be useful. From the message you are showing, I am thinking that you are trying to login as root. All hardening paths include disabling the root login process, so you’ll need to have a non-root user to login with. However, that user will need to copy the same SSH key up to the server (which is the same key you used for the root).

In order to do that, you will need to temporarily allow a password login via the SSH configuration. The only way you can do that is if you go to your Linode account, select your server and then hit the LISH option on the top right. Select the GLISH and login as root to make the changes.

Remember to roll the changes back (disable password logins) once done. And restart the sshd once you want to implement the changes.

Hi Vasileios, thanks for the response. I am just revisiting this issue and have been walking through the step by step process you gave us to set up the server. After searching around a bit, I tried opening up the sshd_config file and it is emtpy. Is this normal? At this point I am thinking it might be easier to delete this node and start over fresh. Any suggestions would be appreciated. Thanks!

Hey @gburke,
Nope. Having an sshd_config that is empty is not normal at all. My guess is that someone pinged your VPS and hacked it? I know of another member that landed in the same category.

If you don’t have anything important, scrap that VPS and start anew. Once you start the VPS, do all the initial security steps immediately, including the firewall.

Also, inside the sshd_config file, remove the # from the line that says Port and add in a new number, preferably from 10000 to 60000. Jot down that number as you’ll need it to connect via SSH. The only difference then will be that you will need to add the -p number in your SSH command. This means that it will look something like this:

ssh -p number username@ip_address

Also, inform the firewall of this change. This will be:

sudo firewall-cmd --permanent --remove-port=22/TCP
sudo firewall-cmd --permanent --add-port=number/TCP

Where the number is the new port you indicate on the sshd_config file.

Once that is done, perform:

sudo systemctl restart sshd
sudo firewall-cmd --reload

And that should do it.

Thanks Vasileios,

I have deleted that Linode and began a new one. Now when I try to add the Public Key by pasting it is giving me an error message of “ssh key must not be multilined.” I’ve tried to search for answers to this but coming up short. Many thanks.

1 Like

Never mind, figured it out.

1 Like

Bravo, @gburke!
The multiline error comes from when the copy/paste includes an invisible change of line (caused by an “Enter”) at the end of a line. This is usually caused by a GUI text editor when the Word Wrap option is enabled. Hence I recommend using the cat command as it produced the output as a unified chunk. :slight_smile: