I was using scp to transfer files from server A to B (both CentOS with WHM and their usernames are equal).
nohup scp -rpC xaa2 username@serverIPB:xaa2
I did it many times and then, suddenly, it stopped working!! I tried sending from B to A and it worked, also I am sure the password I am tiping is correct.
If I run scp -v text.txt username@mydomainB.com: I get this:
Executing: program /usr/bin/ssh host mydomainB.com, user username, command scp -v -t .
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mydomainB.com [serverIPB] port 22.
debug1: Connection established.
debug1: identity file /home/username/.ssh/identity type -1
debug1: identity file /home/username/.ssh/identity-cert type -1
debug1: identity file /home/username/.ssh/id_rsa type -1
debug1: identity file /home/username/.ssh/id_rsa-cert type -1
debug1: identity file /home/username/.ssh/id_dsa type -1
debug1: identity file /home/username/.ssh/id_dsa-cert type -1
debug1: identity file /home/username/.ssh/id_ecdsa type -1
debug1: identity file /home/username/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mydomainB.com' is known and matches the RSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_501' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /home/comdinhe/.ssh/identity
debug1: Trying private key: /home/comdinhe/.ssh/id_rsa
debug1: Trying private key: /home/comdinhe/.ssh/id_dsa
debug1: Trying private key: /home/comdinhe/.ssh/id_ecdsa
debug1: Next authentication method: password
comdinhe@comdinheiro.com's password:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
I have already read these pages:
Link 1: public key authentication fails ONLY when sshd is daemon
Link 2: ssh login successful, but scp password gives me “Permission denied”
Link 3: “Permission denied, try again” while transferring files with scp
Link 4: Transfer files using scp: permission denied
Link 5: scp copy over ssh doesn't work - permission denied error, please?
Although the problem seems similar, there is many reasons why this problem occurs. I tried:
- Executing command with sudo: same problem
- Executing
ssh -v username@mydomainB.com: same problem - username own the directory target
- there is not a file with the same name in the target directory
What bugs me the most is that it was working and stopped. ServerB is a new server, and I had already had the same issue using a serverC to send files to server B. It seems after some time it just blocks the access.
EDIT: I tried to pick logs before and after it stopped working (/var/log/secure):
Mar 18 02:26:11 localhost sshd[56154]: Accepted password for username from ServerA_IP port 42219 ssh2
Mar 18 02:26:11 localhost sshd[56154]: pam_unix(sshd:session): session opened for user username by (uid=0)
Mar 18 02:32:57 localhost sshd[56363]: Connection closed by 115.239.228.16 <---- chinese IP
Mar 18 02:34:12 localhost sshd[56161]: Received disconnect from ServerA_IP: 11: disconnected by user
Mar 18 02:34:12 localhost sshd[56154]: pam_unix(sshd:session): session closed for user username
Mar 18 03:00:20 localhost sshd[58424]: Connection closed by 115.239.228.6 <---- chinese IP
Mar 18 03:21:35 localhost sshd[58922]: Accepted password for username from ServerA_IP port 42260 ssh2
Mar 18 03:21:35 localhost sshd[58922]: pam_unix(sshd:session): session opened for user username by (uid=0)
/**** lots of brute force attack from strangers*****/
Mar 18 05:18:01 localhost sshd[64459]: Failed password for username from ServerA_IP port 42362 ssh2
Mar 18 05:18:17 localhost sshd[64459]: Failed password for username from ServerA_IP port 42362 ssh2
Mar 18 05:18:17 localhost sshd[64462]: Connection closed by ServerA_IP
Mar 18 05:20:58 localhost sshd[64641]: Failed password for username from ServerA_IP port 42370 ssh2
Mar 18 05:21:01 localhost sshd[64644]: Connection closed by ServerA_IP
Mar 18 05:21:41 localhost sshd[64654]: Failed password for username from ServerA_IP port 42371 ssh2
Mar 18 05:21:43 localhost sshd[64657]: Connection closed by ServerA_IP
scporssh? – tachomi Mar 18 '15 at 19:56/var/log, I don't know which one, check the one(s) whose modification time is updated at the time of the connection attempt). – Gilles 'SO- stop being evil' Mar 18 '15 at 23:28