Connection failed. Exhausted available authentication methods

simo picture simo · Dec 10, 2019 · Viewed 11.8k times · Source

I am trying to add deployment configuration using SFTP, however, I get this error:

Connectionx.x.x.xfailed. Exhausted available authentication methods I am using OpenSSH config and authentication agent.

I've checked ssh agent inside terminal of RubyMine, I found multiple instances running:

$ ps -ef | grep ssh-agent                                                                                                                                                                                            
  501  9724     1   0 Mon02PM ??         0:00.02 ssh-agent -s
  501 14553     1   0 Mon03PM ??         0:00.02 ssh-agent -s
  501 15132     1   0 Mon03PM ??         0:00.01 ssh-agent -s
  501 16276     1   0 Mon04PM ??         0:00.00 ssh-agent -s
  501 16759     1   0 Mon04PM ??         0:00.01 ssh-agent -s
  501 27662     1   0  6:40PM ??         0:00.01 ssh-agent -s
  501 31227     1   0 10:48AM ??         0:00.01 ssh-agent -s
  501 54740     1   0  4:03PM ??         0:00.01 ssh-agent -s
  501 64837     1   0  6:30PM ??         0:00.01 /usr/bin/ssh-agent
  501 66822     1   0  6:35PM ??         0:00.01 ssh-agent -s
  501 67155 61559   0  6:36PM ttys002    0:00.00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn ssh-agent

also, I can actually ssh into the server ssh [email protected] inside terminal in rubyMine

note: each I time I use ssh-agent, I had to start a new instance, it seems that RubyMine is un-able to access a running ssh-agent

Any idea?

Answer

Vladimir Lagunov picture Vladimir Lagunov · Dec 11, 2019

tl;dr Open a terminal in IDE (View -> Tool Windows -> Terminal) and run ssh-add -l. If you don't see the desired public key, run ssh-add in the same terminal and try to connect again. Otherwise, lets investigate deeper.


Explanation for every person who found this answer via a search:

Exhausted available authentication methods means that SSH client tried all possible authentication methods and no one succeeded. It could be a wrong password, wrong or absent public key, absent Kerberos ticket and so on, or it could be everything together in various combinations.

You may open idea.log and search for this error message. Above the message you'll see a big log message with connection options, public keys fetched from SSH agent, public keys loaded from ssh_config, path to SSH agent socket, what authentication methods were tried and server's reaction on each of them.


My thoughts for this particular case:

Roughly, SSH-agent is an in-memory key-value storage for unencrypted private keys. Like most other in-memory storages, different database processes would have different stored data and different sockets for connection.

Many launched SSH agents looks suspicious. Its possible that public key was added into some agent but IDE tried to use another SSH agent.

On unix-like systems, SSH-agent listens for new connections on a unix socket and path to that socket always should be stored in an environment variable SSH_AUTH_SOCK. So ensure that command echo $SSH_AUTH_SOCK shows path to the same socket when you run it in a common terminal, where you can successfully connect to the server using ssh tool, and in a terminal inside IDE.


UPD:

note: each I time I use ssh-agent, I had to start a new instance, it seems that RubyMine is un-able to access a running ssh-agent

Yes, IDE can't see the new SSH agent. And its hardly possible for every other application that had already started. When you start agent with a command eval $(ssh-agent), it sets environment variable SSH_AUTH_SOCK only for a current shell process but all other processes still keep the old value.

SSH agent was invented for decoding encrypted keys only once and use them many times. You wouldn't get its benefits if you had started a new SSH agent before every SSH connection.

I advice to add something like [[ -n "$SSH_AUTH_SOCK" ]] || eval $(ssh-agent) to your ~/.bashrc. It will start a single SSH-agent when you log in.