Permission denied (publickey) after setting with SSH with google-authenticator

[AdamKhanIT]

Hi I followed the steps from article below and now I am not able to log into my VM. I am getting Permission denied (publickey), I am using Secure Shell to log in. I am not even getting prompted to enter google authentication bar code which i scanned from my phone when I was setting it up. I have my secret key, verification code and the emergency scratch codes. Please help!

https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-14-04

Below is the message I am getting. Permission denied (publickey). NaCl plugin exited with status code 255. (R)econnect, (C)hoose another connection, or E(x)it?

Below is the full output with ssh -v MYIP

OpenSSH6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/sshconfig
debug1: /etc/ssh/sshconfig line 51: Applying options for *
debug1: Connecting to MYIP [MYIP] port 22.
debug1: Connection established.
debug1: identity file /home/deviceadmin/.ssh/idrsa type -1
debug1: identity file /home/deviceadmin/.ssh/idrsa-cert type -1
debug1: identity file /home/deviceadmin/.ssh/iddsa type -1
debug1: identity file /home/deviceadmin/.ssh/iddsa-cert type -1
debug1: identity file /home/deviceadmin/.ssh/idecdsa type -1
debug1: identity file /home/deviceadmin/.ssh/idecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH6.7p1 Debian-5
debug1: match: OpenSSH6.7p1 Debian-5 pat OpenSSH*
debug1: SSH2MSGKEXINIT sent
debug1: SSH2MSGKEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2MSGKEXECDHINIT
debug1: expecting SSH2MSGKEXECDHREPLY
debug1: Server host key: ECDSA
debug1: Host 'MYIP' is known and matches the ECDSA host key.
debug1: Found key in /home/deviceadmin/.ssh/knownhosts:28
debug1: sshecdsaverify: signature correct
debug1: SSH2MSGNEWKEYS sent
debug1: expecting SSH2MSGNEWKEYS
debug1: SSH2MSGNEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2MSGSERVICEREQUEST sent
debug1: SSH2MSGSERVICEACCEPT received
Unauthorized access to this machine is prohibited.
Disconnect IMMEDIATELY if you aren't an authorized user with a valid account.
All activities performed on this device may be logged, and violations of
this policy may result in disciplinary action, and may be reported to
law enforcement authorities.

There is no right to privacy on this device.
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/deviceadmin/.ssh/idrsa
debug1: Trying private key: /home/deviceadmin/.ssh/iddsa
debug1: Trying private key: /home/deviceadmin/.ssh/idecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).

[akerl]

You're failing on the pubkey step, not the TOTP step. Either your authorized_keys file on the server is missing your pubkey, or you're not using the right private key locally.

[ThomasHabets]

Agreed. I hope you still have a way in to the server. Step 3 in the howto you linked to does mention logging in with only the pubkey. Did you do that successfully before doing the rest of the changes in step 3?

When changing login stuff like PAM and ssh, always have a second terminal logged in and verify that new logins succeed before logging out any existing logins.

[AdamKhanIT]

Thank you guys..Yeah made a mistake not having a second terminal logged in. Lesson learned I was able to get in using the console and reverted the changed back to original state.

[ThomasHabets]

Good. Just try again and be more careful. :-)

Closing this issue.