ssh keys not working

Stythys · 2010-09-04 06:08:38

followed the wiki guide.. can't seem to get ssh keys working. just always asks for a pass.

litemotiv · 2010-09-04 07:04:25

SSH from your machine or to your machine?

kYd · 2010-09-04 11:12:37

I've always had the same problem; I've sought help from alot of forums over the past few months and still not been able to get this to work.

It's strange because it works fine on my Debian machine, but if I copy the config over to my Arch box it always asks for the password.

tcp · 2010-09-04 14:24:15

I am pretty sure you need to comment out the AuthorizedKeysFile line. It looks like it makes sense, but it doesn't work right. If you leave it commented, your keys will still go in ~/.ssh/authorized_keys

Also, make sure the .ssh directory is chmod 700 and any files in it are chmod 600 (although it may not matter if you don't have StrictModes enabled).

If you are still having problems, you can look at my config. It is set up for SSH2 only and happens to have a SSH jail set up, but the config is pretty simple. It allows only allow members of group sshcap to connect, and members of sshlim to be connect to the SFTP jail.

I recommend getting Fail2Ban or similar set up as soon as possible as well.

Last edited by tcp (2010-09-04 14:26:20)

Stythys · 2010-09-04 16:30:06

I switched out my config for yours.. still can't login. just get a 'Permission denied (publickey).' I edited out the group-only stuff, of course.

Last edited by Stythys (2010-09-04 17:04:01)

tcp · 2010-09-04 17:12:12

What does
tail /var/log/auth.log
run as root or with sudo look like?

Stythys · 2010-09-04 17:13:34

Sep 4 13:13:28 (none) sshd[22041]: Set /proc/self/oom_adj to 0
Sep 4 13:13:28 (none) sshd[22041]: Connection from 75.36.216.158 port 45393
Sep 4 13:13:29 (none) sshd[22041]: Failed publickey for chris-kun from 75.36.216.158 port 45393 ssh2

tcp · 2010-09-04 17:22:29

That's what I get too when I use the wrong SSH key.

With the user that you are trying to log in as, the contents of the authorized_keys file:
cat ~/.ssh/authorized_keys
should look like this:

ssh-rsa blahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahPK9FwU28CsSs+hAlrmpmiHmgpnAvv33I8qFRehrtADIhEURFgm2Xy7fKJPOnEWhp9yKPV/shX15fjHzhRuPrM+Jm8t/NCbIIJBIBz/js2qJrN89TnCNZkxd2uSiublahblahblahblahblahblahblahblahblahblahblahblahblahblahblahuX5CggglKnuZ9E6R7X3JY6M9tuNpGH+PdCre1Ch1k+d4qhnY9kCVh5b/+KscgwXWZ/gG1M9yGflrMKwFN6QRblahblahblahblahblahblahblahblaht comment

Make sure that it is your shorter public key with the ssh-rsa (depending on key type) and not your full private key with the BEGIN and END separators. (Don't post your private, of course). The comment is optional and is usually your name.

Stythys · 2010-09-04 17:24:31

looks fine to me. my local version should just be sitting in ~/.ssh, right?

root ssh > cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA6UAHMmmM+2uH2Xk5FZJLj2OfApP7yOnXH3mBoTAS2n5mvHsRpSdRMx/fbSLc1KgahPci7GrUXwqkb8DhPqW5Nin+HPujflx7AneLnRplLsPIQHdCjX4ryBOUOsnvOCeZoVrVVmyLJ/d8yPeoBJZ/K1rQnZv2wYWPuq3wWMp6i/M= chris-kun@imperium

tcp · 2010-09-04 17:33:33

Yea, as ~/.ssh/id_rsa

For troubleshooting, try to explicitly specify the private key to use, although you shouldn't have to if there is only one key.

ssh -i ~/.ssh/id_rsa server.com

Stythys · 2010-09-04 17:35:23

no dice

tcp · 2010-09-04 17:35:55

Also, you can make a ~/.ssh/config

With contents that look like:

Host server.com
IdentityFile ~/.ssh/id_rsa

Stythys · 2010-09-04 17:36:56

still nothing

tcp · 2010-09-04 17:39:45

We may be going down the wrong path here, but as a final try, backup your current private key, and create a new set with

ssh-keygen -t rsa -b 2048

If it's not that, I don't know what to say, except check the permissions in the .ssh directory on both client and server.

Stythys · 2010-09-04 17:42:58

nope =/

tcp · 2010-09-04 18:24:44

I don't think this has an effect on SSH, but looking at your log file, you have no hostname set.

In /etc/rc.conf
HOSTNAME="MYCOMP"

In /etc/hosts
127.0.0.1 localhost.localdomain localhost MYCOMP

Also when you changed your sshd_config, you restarted sshd right?
/etc/rc.d/sshd restart

Stythys · 2010-09-04 18:27:04

yeah I did restart sshd, and the hostname doesn't seem to have an affect, unless I need to restart something for that.

thayer · 2010-09-04 18:32:47

Just wanted to add that I found my arch computers to be doing this too for the past few weeks. I'll post any solutions I find. It looks to me like my arch machines aren't even trying to authenticate via keys, they just go straight to password authentication. Keys are working fine when connecting to bluehost, etc.

FWIW you shouldn't have to modify the ssh_config or sshd_config at all for basic key usage.

tcp · 2010-09-04 18:38:00

hostname MYCOMP
/etc/rc.d/network restart

Stythys · 2010-09-04 18:38:52

still nothing

thayer · 2010-09-04 18:58:54

For those of you who have publickey working, are you using dsa or rsa keys? My key is RSA based and it looks like the ssh daemon is skipping right over it and trying dsa.

Stythys · 2010-09-04 19:05:19

I tried using a dsa key but same error

tcp · 2010-09-04 19:06:06

I have RSA (2048bits) working. SSH2 only. Keys mandatory. openssh 5.6p1-1

Stythys · 2010-09-04 19:07:37

hm.. my openssh is only 5.5

thayer · 2010-09-04 19:26:27

I've tried both openssh 5.5 and 5.6 without success on either. At this point I'm beginning to wonder if it could be the heimdal or openssl package dependencies.

After it sends a publickey packet, the bluehost daemon responds with Server accepts key: pkalg ssh-rsa blen 277, while the arch daemon doesn't respond at all and instead tries to move on to DSA authentication.

Last edited by thayer (2010-09-04 19:49:17)

Arch Linux

#1 2010-09-04 06:08:38

ssh keys not working

#2 2010-09-04 07:04:25

Re: ssh keys not working

#3 2010-09-04 11:12:37

Re: ssh keys not working

#4 2010-09-04 14:24:15

Re: ssh keys not working

#5 2010-09-04 16:30:06

Re: ssh keys not working

#6 2010-09-04 17:12:12

Re: ssh keys not working

#7 2010-09-04 17:13:34

Re: ssh keys not working

#8 2010-09-04 17:22:29

Re: ssh keys not working

#9 2010-09-04 17:24:31

Re: ssh keys not working

#10 2010-09-04 17:33:33

Re: ssh keys not working

#11 2010-09-04 17:35:23

Re: ssh keys not working

#12 2010-09-04 17:35:55

Re: ssh keys not working

#13 2010-09-04 17:36:56

Re: ssh keys not working

#14 2010-09-04 17:39:45

Re: ssh keys not working

#15 2010-09-04 17:42:58

Re: ssh keys not working

#16 2010-09-04 18:24:44

Re: ssh keys not working

#17 2010-09-04 18:27:04

Re: ssh keys not working

#18 2010-09-04 18:32:47

Re: ssh keys not working

#19 2010-09-04 18:38:00

Re: ssh keys not working

#20 2010-09-04 18:38:52

Re: ssh keys not working

#21 2010-09-04 18:58:54

Re: ssh keys not working

#22 2010-09-04 19:05:19

Re: ssh keys not working

#23 2010-09-04 19:06:06

Re: ssh keys not working

#24 2010-09-04 19:07:37

Re: ssh keys not working

#25 2010-09-04 19:26:27

Re: ssh keys not working

Board footer