Can't connect to homestead MySQL database - Permission denied (publickey,password)

Question

I'm working with Homestead and vagrant on my local setup. My Homestead.yaml file looks like this:

---
ip: "192.168.56.56"
memory: 4096
cpus: 2
provider: virtualbox

authorize: ~/.ssh/id_rsa.pub

keys:
    - ~/.ssh/id_rsa

folders:
    - map: ~/projects
      to: /home/vagrant/projects
      type: "nfs"

sites:
    - map: volley.admin
      to: /home/vagrant/projects/volleyadmin/public
      type: laravel
      php: "7.1"

databases:
    - volleyadmin

features:
    - mysql: true
    - mariadb: false
    - postgresql: false
    - ohmyzsh: false
    - webdriver: false

services:
    - enabled:
          - "mysql"
#    - disabled:
#        - "postgresql@11-main"

#ports:
#    - send: 33060 # MySQL/MariaDB
#      to: 3306
#    - send: 4040
#      to: 4040
#    - send: 54320 # PostgreSQL
#      to: 5432
#    - send: 8025 # Mailhog
#      to: 8025
#    - send: 9600
#      to: 9600
#    - send: 27017
#      to: 27017

I did vagrant up and vagrant ssh and everything looks to work. The problem is that I can't connect to my database with Sequel Ace.

My configuration looks like this:

MySQL password: secret SSH password: secret

When I try to connect I get the following response:

Used command:  /usr/bin/ssh -v -N -S none -o ControlMaster=no -o ExitOnForwardFailure=yes -o ConnectTimeout=10 -o NumberOfPasswordPrompts=3 -o UserKnownHostsFile="/Users/nielsvroman/Library/Containers/com.sequel-ace.sequel-ace/Data/.keys/ssh_known_hosts_strict" -F /Applications/Sequel Ace.app/Contents/Resources/ssh_config -o TCPKeepAlive=no -o ServerAliveInterval=60 -o ServerAliveCountMax=1 vagrant@192.168.56.56 -L 50489:127.0.0.1:3306

OpenSSH_8.6p1, LibreSSL 3.3.5
debug1: Reading configuration data /Applications/Sequel Ace.app/Contents/Resources/ssh_config
debug1: /Applications/Sequel Ace.app/Contents/Resources/ssh_config line 1: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 192.168.56.56 [192.168.56.56] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /Users/nielsvroman/.keys/id_rsa type -1
debug1: identity file /Users/nielsvroman/.keys/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.56.56:22 as 'vagrant'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:r6W0RoVMAo3PNslyC8hel/ZlozmmV4vIpdulB7LmOEc
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.56.56' is known and matches the ED25519 host key.
debug1: Found key in /Users/nielsvroman/Library/Containers/com.sequel-ace.sequel-ace/Data/.keys/ssh_known_hosts_strict:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: Operation not permitted
debug1: Will attempt key: /Users/nielsvroman/.keys/id_rsa  explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/nielsvroman/.keys/id_rsa
no such identity: /Users/nielsvroman/.keys/id_rsa: No such file or directory
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
vagrant@192.168.56.56: Permission denied (publickey,password).
The SSH Tunnel could not authenticate with the remote host. Please check your password and ensure you still have access.

Answer 1

Your Homestead.yaml file indicates that your ssh key file is in its typical location: ~/.ssh/id_rsa. However, the debug output shows that ssh is looking in another location for the key:

debug1: Next authentication method: publickey
debug1: Trying private key: /Users/nielsvroman/.keys/id_rsa
no such identity: /Users/nielsvroman/.keys/id_rsa: No such file or directory
                                     ^^^^^ 

It's looking in ~/.keys instead of ~/.ssh. The key isn't present in that location, so ssh doesn't find it and doesn't present it to the remote system.

According to the "user command" line in your debug output, ssh is being run using a nonstandard config file, /Applications/Sequel Ace.app/Contents/Resources/ssh_config. It's likely that this file contains some configuration options which cause ssh to look in the .keys directory for key files instead of the .ssh directory.

The simple solution would be to copy your key files (id_rsa and _id_rsa.pub) from your .ssh directory into this .keys directory. The key files aren't large, and there's no real problem with having them in more than one place.

Alternately, you could edit this special ssh config file to make it look for key files in the usual place. It would be necessary to identify the configuration options that are causing ssh to look in the other directory, and change or remove them. It looks like this special config file is part some software that you installed? Changing the config file might affect how the software works, or it could create extra work for you to re-edit the file every time the software is updated.