Skip to main content

FAQ: SSH

🅐 1. Materials related to the content described in the introductory documents on operating methods provided by the Linux Documentation Project (LDP):

Both of these resources are freely available for viewing and downloading from the official LDP site.

  1. Learn Linux operations for beginners:

These materials are available for free.

  • Linux Standard Textbook
    • A free learning resource provided by LPI-Japan, covering everything from basic Linux operations to system administration.
  • Introduction to Linux (LFS101-JP)
    • A free online course provided by the Linux Foundation where you can learn the basic operations of major Linux distributions and command-line usage.

🆀 Causes and Solutions for the SSH "Permission denied (publickey)" Error

🅐 When connecting via SSH, the error Permission denied (publickey) can occur for several reasons. Go through the following checklist step by step to resolve the issue.

1. Check File and Directory Permissions

The most common cause of this error is incorrect file or directory permissions. Use the tables below to ensure your permissions are properly set.

On the Client Side (where you run the SSH command)

PathPurposeRecommended PermissionNotes
/home/USERNAME/Home directory755 or 700Ensure no write access for other users
/home/USERNAME/.ssh/SSH keys and config directory700 (drwx------)Only accessible by the owner
/home/USERNAME/.ssh/id_rsaPrivate key600 (-rw-------)Only the owner can read/write
/home/USERNAME/.ssh/id_rsa.pubPublic key644 (-rw-r--r--)Safe to share with others
/home/USERNAME/.ssh/known_hostsRecord of previously connected hosts644 or 600600 is recommended, but 644 is also fine

On the Server Side (the machine you are connecting to)

PathPurposeRecommended PermissionNotes
/home/USERNAME/Home directory755 or 700Must not be writable by others (777 is bad)
/home/USERNAME/.ssh/Stores authorized/public keys700 (drwx------)No one else should have access
/home/USERNAME/.ssh/authorized_keysContains allowed public keys600 (-rw-------)Strictly checked by sshd
/home/USERNAME/.ssh/known_hosts(Optional) Records connected hosts600 or 644Not always needed—if present, should be secure

It is mandatory that the owner of all files and directories is the user attempting to connect.

  • "Client" means the user's local computer.
  • "Server" means the RIKEN supercomputer.
  • "USERNAME" means the user's account name.
  • SSH logs can be checked in /var/log/auth.log or by using journalctl -u ssh.

The relationship between the client and server is shown in the diagram below.

2. Key Pair Mismatch

Make sure the private key on the client (id_rsa, etc.) matches the public key listed in the server's authorized_keys. SSH authentication will fail if the key pair doesn't match.

3. Check the Username

Verify that you're using the correct username (USERNAME) when attempting to connect via SSH.

🆀 When I log in to SSH, I get the error "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"

🅐 When you try to log in to the NIG supercomputer, the following message may appear and you may not be able to log in.

$ ssh gw.ddbj.nig.ac.jp
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for gw.ddbj.nig.ac.jp has changed,
and the key for the corresponding IP address 133.39.228.101
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:xkyH37QZowWjidMSCIbOZa7Vw1p46Dxt4nF9nFJG+hk.
Please contact your system administrator.
Add correct host key in /home/username/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/username/.ssh/known_hosts:X
RSA host key for gw.ddbj.nig.ac.jp has changed and you have requested strict checking.
Host key verification failed.

There are two gateway nodes of the NIG supercomputer: gw.ddbj.nig.ac.jp and gw2.ddbj.nig.ac.jp. By executing ssh-keygen -R gw.ddbj.nig.ac.jp , ssh-keygen -R gw2.ddbj.nig.ac.jp respectively, this error will disappear. Execute it on the user's computer, not on the NIG supercomputer.

When you execute it, the error will disappear, but you will be asked Are you sure you want to continue connecting (yes/no)? . Select `yes'.

This confirmation message is displayed the first time when connecting from a user's computer to the NIG supercomputer server, to make sure that the connection is to a legitimate server and not to a spoofed fake server.

It will be asked only once the first time and will not be displayed again the next time.

🆀 SSH connections frequently disconnected.

🅐 Add the following to ~/.ssh/config.

Host *
ServerAliveInterval 20
TCPKeepAlive no

For more information, click the link below.

🔗https://unix.stackexchange.com/questions/602518/ssh-connection-client-loop-send-disconnect-broken-pipe-or-connection-reset

🆀 I can login from Windows PowerShell, but not from Ubuntu Linux on WSL2 (Windows Subsystem for Linux)?

🅐 Yes, you can login.

Current Windows runs on a virtual machine from the beginning to use WSL2, and Ubuntu on WSL2 Linux runs as another virtual machine. (For example, see this link 🔗 https://www.thomasmaurer.ch/2019/06/install-wsl-2-on-windows-10/)

In other words, it operates with two completely independent virtual machines in one physical computer. The disk space is also independent, and these two virtual computers operate in a networked state on a single physical computer.

Although they look similar, PowerShell runs on a virtual machine running the Windows OS, but the screen with the Ubuntu prompt is running on a virtual machine with the Ubuntu Linux OS.

Therefore, you need to copy the private key created in PowerShell to Ubuntu Linux.

For example:

you@wsl2:~$ cp /mnt/c/Users/you/.ssh/id_rsa .ssh
you@wsl2:~$ ssh your_account@gw2.ddbj.nig.ac.jp
Enter passphrase for key '/home/you/.ssh/id_rsa':
Last login: Thu Dec 1 15:33:59 2022 from XXX.XXX.XXX.XXX
---------------------------------------------------------------------
Thank you for using NIG supercomputer system.
This is the gateway node, do not run program here.
Please use 'qlogin' to login to a interactive node.
---------------------------------------------------------------------
your_account@gw4:~ (2022-12-01 15:34:50)
$