# ssh says Permission denied. (publickey)

## linderox

I want to install sshd on my server... I started sshd , generate keys for all users,but everytime I has a message on the client

Permission denied (publickey)

I installed pure archlinux system from CD. And have the same problem on the new archlinux system 

but i have trouble with a connection to all my archlinux systems,but no trouble for outgoing ssh connections to router on all of these systems

In /var/log/auth.log there is no any line about trying to connect to the server

```

user@local ~ $ ssh archserver

Permission denied (publickey).

```

```

root@local# ssh -vvv archserver

OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to archserver [10.0.3.2] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6

debug1: match: OpenSSH_4.6 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.2

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 120/256

debug2: bits set: 497/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 4

debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 3

debug1: Host 'archserver' is known and matches the RSA host key.

debug1: Found key in /root/.ssh/known_hosts:4

debug2: bits set: 482/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /root/.ssh/id_rsa ((nil))

debug2: key: /root/.ssh/id_dsa ((nil))

debug1: Authentications that can continue: publickey

debug3: start over, passed a different list publickey

debug3: preferred publickey,keyboard-interactive

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /root/.ssh/id_rsa

debug3: no such identity: /root/.ssh/id_rsa

debug1: Trying private key: /root/.ssh/id_dsa

debug3: no such identity: /root/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug1: No more authentication methods to try.

Permission denied (publickey).

```

here /var/log/auth.log on the ssh server, but the time earlier than all of my connections....

```

Feb 27 11:22:23 localhost sshd[5039]: Received signal 15; terminating.

Feb 27 11:22:24 localhost sshd[5641]: Server listening on 0.0.0.0 port 22.

```

here is my sshd_config:

```

Port 22

Protocol 2#,1

ListenAddress 0.0.0.0

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

LoginGraceTime 600

PermitRootLogin no

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys

RhostsRSAAuthentication no

HostbasedAuthentication no

IgnoreRhosts yes

PasswordAuthentication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no

UsePAM no

AllowUsers master root

Subsystem       sftp    /usr/lib/ssh/sftp-server

```

----------

## di1bert

You'll need to set PasswordAuthentication to "yes" in your sshd_config to enable

password authentication.

Personally I prefer using DSA keys...but that's a whole other story...

HTH

-m

----------

## downer

Hi,

It seems like it is unable to find root's private keys: 

```
debug1: Next authentication method: publickey 

debug1: Trying private key: /root/.ssh/id_rsa 

debug3: no such identity: /root/.ssh/id_rsa 

debug1: Trying private key: /root/.ssh/id_dsa 

debug3: no such identity: /root/.ssh/id_dsa 

debug2: we did not send a packet, disable method 
```

Check that you have at least one of the dsa/rsa keys in place, and also that you have the matching key on the remote server in .ssh/authorized_keys.

Best of luck

//D

----------

## di1bert

If they aren't there you may need to create them using the ssh-keygen

command.

You might want to check out these

 two documents on SSH which will probably

help alot...

-m

----------

## JeliJami

the last ssh command from your first post:

```
root@local# ssh -vvv archserver
```

tries to connect as root, while the sshd_config contains

```
PermitRootLogin no
```

----------

## linderox

everybody speaks about authorized-key , but i never create it manualy, this is automatical process if there is sshd in your system

i generated keys for root....on  a client

```

ssh -vvv archserver

OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to archserver [10.0.3.2] port 22.

debug1: Connection established.

debug1: identity file /home/master/.ssh/id_rsa type -1

debug1: identity file /home/master/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6

debug1: match: OpenSSH_4.6 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.2

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 144/256

debug2: bits set: 526/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: check_host_in_hostfile: filename /home/master/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug3: check_host_in_hostfile: filename /home/master/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug1: Host 'archserver' is known and matches the RSA host key.

debug1: Found key in /home/master/.ssh/known_hosts:1

debug2: bits set: 549/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/master/.ssh/id_rsa ((nil))

debug2: key: /home/master/.ssh/id_dsa ((nil))

debug1: Authentications that can continue: publickey

debug3: start over, passed a different list publickey

debug3: preferred publickey,keyboard-interactive

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/master/.ssh/id_rsa

debug3: no such identity: /home/master/.ssh/id_rsa

debug1: Trying private key: /home/master/.ssh/id_dsa

debug3: no such identity: /home/master/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug1: No more authentication methods to try.

Permission denied (publickey).

```

no any changes in auth.log on ssh serverLast edited by linderox on Wed Feb 27, 2008 10:18 am; edited 1 time in total

----------

## downer

If you want to use PublicKey you need to add they key from either id_dsa.pub or id_rsa.pub to ~/.ssh/authorized_keys on the remote server.

This is where sshd will look for your public key to try to match it with the private key used by the client.

//D

----------

## linderox

 *JeliJami wrote:*   

> the last ssh command from your first post:
> 
> ```
> root@local# ssh -vvv archserver
> ```
> ...

 

I changed this options lots of time! no any changes! the same error

```

debug2: we did not send a packet, disable method

debug1: No more authentication methods to try.

```

 *downer wrote:*   

> If you want to use PublicKey you need to add they key from either id_dsa.pub or id_rsa.pub to ~/.ssh/authorized_keys on the remote server.
> 
> This is where sshd will look for your public key to try to match it with the private key used by the client.
> 
> //D

 

```

master@local ~ $ scp ~/.ssh/id_rsa.pub archserver:id_rsa_router.pub

Permission denied (publickey).

lost connection

```

----------

## downer

 *Quote:*   

> 
> 
> ```
> master@local ~ $ scp ~/.ssh/id_rsa.pub archserver:id_rsa_router.pub 
> 
> ...

 

yeah, that is the thing with ssh, you can't enable Public Key until you have copied the public key to the remote host unless you have another way of getting the key there (usb stick or ftp or something (only the public key tho, ftp is not encrypted and you dont want to put your private key out for all to see!)).

//D

----------

## linderox

but how to all another ppl do this?!

if i have no physical access to the clients or server?

----------

## downer

 *linderox wrote:*   

> but how to all another ppl do this?!
> 
> if i have no physical access to the clients or server?

 

this is one of the problems with SSH, especially if you have hundreds of servers and need to propagate the keys to all of them. there are probably as many solutions as there are sysadmins  :Wink: 

one way is to use password login and scp the keys, then use a script (or if you dont have many hosts - manually) to change to only use keys. another way is to use something that doesnt use ssh (ie not scp/sftp) to upload the keys. but then encryption of the transmission might be a problem.

IMO easiest is probably to use password login until you have set up the keys correctly.

//D

----------

## linderox

which program i can login with a password?

I tried password authentication gives the same error...

Some weeks ago I had successful connection with this server and without any flashdrivers, but after updating my system something happened...

maybe change something in /etc/pam.d?

----------

## downer

 *linderox wrote:*   

> which program i can login with a password?
> 
> I tried password authentication gives the same error...
> 
> Some weeks ago I had successful connection with this server and without any flashdrivers, but after updating my system something happened...
> ...

 

the normal ssh client is fine. Do you still get an error about public keys when you try to enter your password..? 

Have you enabled root login (if you're still trying to login as root)? Try disabling public key login completely and only use password, any change?

If it still doesnt work try debugging the ssh server, remember to connect on port 24 in this case:

```
sshd -ddd -p24 > /tmp/sshd.out 2>&1
```

//D

----------

## linderox

i switch off all autherntication types except password authentication

error is 

```

master@local ~ $ ssh archserver

Permission denied (password).

```

```
master@localhost () /home/master

$ sudo sshd -ddd -p24 > /tmp/sshd.out 2>&1

master@localhost () /home/master

$ cat /tmp/sshd.out

sshd re-exec requires execution with an absolute path

```

```

$ sudo cat /etc/ssh/sshd_config | grep ^[A-Za-z0-9]

Port 22

Protocol 2

ListenAddress 0.0.0.0

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

PermitRootLogin no

StrictModes yes

RSAAuthentication no

PubkeyAuthentication no

AuthorizedKeysFile      .ssh/authorized_keys

RhostsRSAAuthentication no

HostbasedAuthentication no

IgnoreUserKnownHosts yes

IgnoreRhosts yes

PasswordAuthentication yes

PermitEmptyPasswords no

ChallengeResponseAuthentication no

UsePAM yes

AllowUsers master

X11Forwarding yes

X11UseLocalhost yes

PrintMotd yes

PrintLastLog yes

MaxStartups 10

Subsystem       sftp    /usr/lib/misc/sftp-server

```

----------

## downer

 *linderox wrote:*   

> i switch off all autherntication types except password authentication
> 
> error is 
> 
> ```
> ...

 

Try to execute it with full path then. Something like 

```
/usr/sbin/sshd -ddd -p24 > /tmp/sshd.out 2>&1
```

 *Quote:*   

> 
> 
> ```
> 
> $ sudo cat /etc/ssh/sshd_config | grep ^[A-Za-z0-9]
> ...

 

Try to enable ChallengeResponseAuthentication and see if that helps. 

//D

----------

## linderox

```
$ cat /tmp/sshd.out

debug2: load_server_config: filename /etc/ssh/sshd_config

debug2: load_server_config: done config len = 647

debug2: parse_server_config: config /etc/ssh/sshd_config len 647

debug3: /etc/ssh/sshd_config:13 setting Port 22

debug3: /etc/ssh/sshd_config:14 setting Protocol 2

debug3: /etc/ssh/sshd_config:17 setting ListenAddress 0.0.0.0

debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_rsa_key

debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_dsa_key

debug3: /etc/ssh/sshd_config:38 setting PermitRootLogin no

debug3: /etc/ssh/sshd_config:39 setting StrictModes yes

debug3: /etc/ssh/sshd_config:42 setting RSAAuthentication no

debug3: /etc/ssh/sshd_config:43 setting PubkeyAuthentication no

debug3: /etc/ssh/sshd_config:44 setting AuthorizedKeysFile .ssh/authorized_keys

debug3: /etc/ssh/sshd_config:47 setting RhostsRSAAuthentication no

debug3: /etc/ssh/sshd_config:49 setting HostbasedAuthentication no

debug3: /etc/ssh/sshd_config:52 setting IgnoreUserKnownHosts yes

debug3: /etc/ssh/sshd_config:54 setting IgnoreRhosts yes

debug3: /etc/ssh/sshd_config:57 setting PasswordAuthentication yes

debug3: /etc/ssh/sshd_config:58 setting PermitEmptyPasswords no

debug3: /etc/ssh/sshd_config:61 setting ChallengeResponseAuthentication no

debug3: /etc/ssh/sshd_config:81 setting UsePAM yes

debug3: /etc/ssh/sshd_config:82 setting AllowUsers master

debug3: /etc/ssh/sshd_config:86 setting X11Forwarding yes

debug3: /etc/ssh/sshd_config:88 setting X11UseLocalhost yes

debug3: /etc/ssh/sshd_config:89 setting PrintMotd yes

debug3: /etc/ssh/sshd_config:90 setting PrintLastLog yes

debug3: /etc/ssh/sshd_config:100 setting MaxStartups 10

debug3: /etc/ssh/sshd_config:106 setting Subsystem sftp /usr/lib/misc/sftp-server

debug1: sshd version OpenSSH_4.7p1

debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.

debug1: read PEM private key done: type RSA

debug1: private host key: #0 type 1 RSA

debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.

debug1: read PEM private key done: type DSA

debug1: private host key: #1 type 2 DSA

debug1: rexec_argv[0]='/usr/sbin/sshd'

debug1: rexec_argv[1]='-ddd'

debug1: rexec_argv[2]='-p24'

debug2: fd 3 setting O_NONBLOCK

debug1: Bind to port 24 on 0.0.0.0.

Server listening on 0.0.0.0 port 24.

```

----------

## linderox

 *Quote:*   

> 
> 
> Try to enable ChallengeResponseAuthentication and see if that helps. 
> 
> //D

 

thank you! Yes, password authentication  works with this option swtich on YES[/quote]

----------

## downer

Glad I could help  :Smile: 

//D

----------

## linderox

But I want to continue ...There is another problem with sshd but on the another archlinux system.

master@localhost () /home/master

```

$ ssh -vvv bask

OpenSSH_4.7p1, OpenSSL 0.9.8g 19 Oct 2007

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug2: ssh_connect: needpriv 0

debug1: Connecting to bask [10.0.3.56] port 22.

debug1: Connection established.

debug1: identity file /home/master/.ssh/identity type -1

debug3: Not a RSA1 key file /home/master/.ssh/id_rsa.

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug3: key_read: missing keytype

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug2: key_type_from_name: unknown key type '-----END'

debug3: key_read: missing keytype

debug1: identity file /home/master/.ssh/id_rsa type 1

debug1: identity file /home/master/.ssh/id_dsa type -1

ssh_exchange_identification: Connection closed by remote host

```

changing of sshd_config file doesn't change Error

regeneration of ssh-keygen on the localhost doesn't change error

i saw in internet that it could be a problem of /etc/hosts.allow - here is my file

```

ALL : \

127.0.0.1

ALL : \

10.0.3.0/255.255.255.0

portmap:        10.0.3.1/24

lockd:          10.0.3.1/24

mountd:         10.0.3.1/24

statd:          10.0.3.1/24

rquotad:        10.0.3.1/24

sshd:           10.0.3.1/24

```

----------

## linderox

i just cleared /etc/hosts.deny and it began to work

----------

