Authentication failure with SSH private Key credential

_bhishek
Tera Guru

‎11-10-2020 08:31 PM

Hi All,

I have created SSH private key credential for Discovery .SSH private key credential are working fine with User name and Password. But when I give User name and Private key only ,I am getting authentication failure message .We are using same private key in service now as we have on target server.

Could you please help me on this ,how can i troubleshoot this .

Thanks .

0 Helpfuls
  • 3,338 Views
4 REPLIES 4

Rahul Priyadars
Giga Sage
Giga Sage

‎11-10-2020 09:53 PM

Start by looking at the ecc_queue input. SSHCommand will output some credential debug input there.

 add a parameter to the probe or the ecc_queue output record, debug = true. This will pour detailed ssh debug information into the mid server's agent log

See if this helps.

https://community.servicenow.com/community?id=community_question&sys_id=f482d5e2db985450d82ffb2439961906

Regards

RP

Meghana Ch
Tera Contributor
In response to Rahul Priyadars

‎03-16-2023 04:14 AM

We are getting authentication failed error while testing the credentials of SSH private key.
Please mention clear steps to resolve this issue.

0 Helpfuls

tim_broberg
ServiceNow Employee
ServiceNow Employee
In response to Meghana Ch

‎03-16-2023 11:04 AM

Debugging cryptography issues is always a pain, because everything you can do wrong gives the same symptom: the crypto gives the wrong random output, and auth is denied. They always say "You're doing it wrong," but never tell you what it is you're doing wrong.

First, confirm that you can login with your normal ssh client, like Putty or openssh. If that fails, debug as normal, getting the account created properly, getting the public key in the right place, permissions on the files and directories, etc.

Some standard issues to look for:

  • If the key was generated with puttygen, it will need to be formatted for openssh format.
  • If it has a passphrase, you will need to include that in the passphrase field.

Places to look for more debugging information:

  • An SSHCommand to that device should show credential debug information on auth failure.
  • You can add a parameter to the MID or probe to turn on ssh debug
  • You can look in the server ssh logs to see what he's upset about, or whether he got the request at all. You probably want to set the LogLevel up higher in this case.

Hope this helps open up avenues to explore,
    - Tim.

0 Helpfuls

tim_broberg
ServiceNow Employee
ServiceNow Employee

‎11-11-2020 09:51 AM

Everything Rahul says is exactly right.

A few other tips:

  • In the credentials_debug section of the ecc_queue input that Rahul mentions, confirm that it even tried your credential.
  • When something doesn't work automated through ITOM, try doing it manually and see if you can make it work yourself.
  • Can you login to this machine with any private key from anywhere at all? If not, check permissions on the .ssh directory and authorized_keys file.
  • Can you get this private key to login to your server? To any server?
  • It's occasionally useful to enable debug on the server side and see what he's upset about when he fails your connection.

    - Tim.

0 Helpfuls