Access denied. Check your SSH keys. about tmate HOT 21 CLOSED

Run ssh-keygen

from tmate.

Ok, this works like charm, thanks !

If use default key (mostly according it's filename, you still need generate it),
just run ssh-keygen and use default key filename id_rsa, id_rsa.pub,
then run tmate, ok.

If use custom key, after generate key file yourname_rsa, yourname_rsa.pub and put them in ~/.ssh/,
add below line in ~/.tmuxrc

set-option -g tmate-identity yourname_rsa

then run tmate, ok.

I suggestion add some info to 'Usage' in http://tmate.io/, may other don't know he need a default ssh key file id_rsa like me.

from tmate.

Can you run with "tmate -vvv" and attach the server log file?

from tmate.

tmate -vvv doesn't got any log, according to document, tmate auto connect to master.tmate.io, how can I get server log ?

tmate -vvv domain.com also fail:

$ tmate -vvv domain.com
unknown command: domain.com

from tmate.

Running tmate -vvv will generate a tmux-server-*.log in the current directory (* is the pid of tmate).

from tmate.

thanks, havn't notice this.

tmux-client-*.log:

got 8 from server
got 3 from server
got 4 from server

tmux-server-*.log:

http://pastebin.com/Te0jsv7W

from tmate.

[tmate] [82.196.12.126] [3] ssh_userauth_publickey_auto: Trying to authenticate with /home/fwolf/.ssh/id_rsa
[tmate] [82.196.12.126] [3] ssh_userauth_publickey_auto: Private key /home/fwolf/.ssh/id_rsa doesn't exist.
[tmate] [82.196.12.126] [3] ssh_userauth_publickey_auto: Trying to authenticate with /home/fwolf/.ssh/id_dsa
[tmate] [82.196.12.126] [3] ssh_userauth_publickey_auto: Private key /home/fwolf/.ssh/id_dsa doesn't exist.
[tmate] [82.196.12.126] [3] ssh_userauth_publickey_auto: Trying to authenticate with /home/fwolf/.ssh/identity
[tmate] [82.196.12.126] [3] ssh_userauth_publickey_auto: Private key /home/fwolf/.ssh/identity doesn't exist.
[tmate] [82.196.12.126] [2] ssh_userauth_publickey_auto: Tried every public key, none matched
[tmate] Access denied. Check your SSH keys.

Where are your ssh keys?

from tmate.

I don't know what ssh key is needed.
Visit tmate.io, there is no place to request ssh key, and:

The server ssh key signatures are hardcoded in the tmate client and are verified during the DH exchange to prevent man in the middle attacks.

btw: I do know how to auto ssh login using key.

from tmate.

I can gen ssh rsa key, but where should I put publickey ?
My ssh config looks like:

Host master.tmate.io
    ForwardX11  no
    IdentityFile ~/.ssh/fwolf_tmate_rsa

But ssh-copy-id fail:

$ ssh-copy-id -i fwolf_tmate_rsa.pub master.tmate.io
exec request failed on channel 1

from tmate.

If you want to use a custom identity (not recommended, just use your default one),
you need to add set -g tmate-identity fwolf_tmate_rsa in your tmux.conf file

from tmate.

I'm confused between below 2:

1. tmate will auto do ssh login, user need not assign key/identity file or anything else
2. User need ssh-keygen to generate key file

If 1, tmate should success ssh login
if 2, how do I config (my or default) ssh key to work with tmate ?

from tmate.

I am confused with your question. Here is what's going on:

1. Because tmate doesn't use password authentication, you need generate some SSH keys with ssh-keygen. This produce a ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub (with the default options).
2. When tmate connects to master.tmate.io, tmate will use your SSH keys to identify yourself to the tmate servers. While this feature is not useful at the moment, it will be used in the future to associate yourself to an account created on tmate.io. Exactly like github and git access with ssh.

Note: tmate doesn't use openssh, but embeds its own SSH client with libssh, so any settings you might have in your ~/.ssh/config will be ignored.
Note2: if you don't have default key files (like id_rsa.pub) and wish to use custom ones, you need to use the tmate-identity option in the tmux.conf file.

Here is what you need to do:

1. run ssh-keygen
2. press 3 times (and nothing else)
3. run tmate

from tmate.

I agree. I need to make a proper Usage section, but I'm a little short in terms of time.
Will do in the future.

Thanks :)

from tmate.

I believe they will google and find this issue and solve method :-)

from tmate.

I've got a question. tmate have worked perfectly for me since the beginning and I do have a custom SSH key (~/.ssh/d_rsa.personal).

After an upgrade of tmate through brew upgrade it stopped working. It gives me the error "Access denied. Check your SSH keys.". Setting the tmate-identity option in my tmux config works, but I didn't have to do this earlier.

What has changed?

from tmate.

It's a good question. Maybe it was working because the ssh agent was doing its magic. See #6

from tmate.

My understanding is that tmate did support passphrases through ssh-agent before and that #6 enable support for handling passphrases without using the ssh-agent. Correct?

Shouldn't ssh-agent still work even if passphrase support has been implemented as well? Also, if one need to specify the tmate-identity option, I guess it should be documented. This option will also raise an error for regular tmux sessions due to the tmate-identity option not being recognised.

from tmate.

Basically, tmate was working for you through the ssh-agent (and so tmate doesn't need to know about your identity or passphrase, etc.). For some reason, when you upgraded tmate and tried it, your ssh-agent was down, hence the confusion. With the current version of tmate, tmate tries to use the ssh-agent first, and then try the ssh key if the agent didn't work.

Per your comment, I created two issues: #11 (a proper documentation is needed) and #10 (a separate tmate.conf is required otherwise vanilla tmux will complain).

Thanks,
Nico

from tmate.

@nviennot I don't think my ssh-agent is down. ssh-add -l lists both my keys and ps aux | grep ssh-agent list /usr/bin/ssh-agent -l as being invoked. The issue still remains.

Regarding the other issues, thanks a lot for creating them! :)

from tmate.

The ssh key file must be '~/.ssh/d_rsa.personal', try rename you key and remove '.personal' part ?
This is why setting the tmate-identity option works fine.

from tmate.

@fwolf if the ssh-agent is handling the keys, it doesn't matter what they're called.

ssh-add -l result in:
2048 filtered /Users/Kevin/.ssh/id_rsa.personal (RSA)
2048 filtered /Users/Kevin/.ssh/id_rsa.work (RSA)

This has been working properly before with the same keys.

from tmate.