You are not logged in.
followed the wiki guide.. can't seem to get ssh keys working. just always asks for a pass.
here's my sshd_config
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
SSH from your machine or to your machine?
ᶘ ᵒᴥᵒᶅ
Offline
I've always had the same problem; I've sought help from alot of forums over the past few months and still not been able to get this to work.
It's strange because it works fine on my Debian machine, but if I copy the config over to my Arch box it always asks for the password.
Offline
I am pretty sure you need to comment out the AuthorizedKeysFile line. It looks like it makes sense, but it doesn't work right. If you leave it commented, your keys will still go in ~/.ssh/authorized_keys
Also, make sure the .ssh directory is chmod 700 and any files in it are chmod 600 (although it may not matter if you don't have StrictModes enabled).
If you are still having problems, you can look at my config. It is set up for SSH2 only and happens to have a SSH jail set up, but the config is pretty simple. It allows only allow members of group sshcap to connect, and members of sshlim to be connect to the SFTP jail.
I recommend getting Fail2Ban or similar set up as soon as possible as well.
Last edited by tcp (2010-09-04 14:26:20)
Offline
I switched out my config for yours.. still can't login. just get a 'Permission denied (publickey).' I edited out the group-only stuff, of course.
Last edited by Stythys (2010-09-04 17:04:01)
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
What does
tail /var/log/auth.log
run as root or with sudo look like?
Offline
Sep 4 13:13:28 (none) sshd[22041]: Set /proc/self/oom_adj to 0
Sep 4 13:13:28 (none) sshd[22041]: Connection from 75.36.216.158 port 45393
Sep 4 13:13:29 (none) sshd[22041]: Failed publickey for chris-kun from 75.36.216.158 port 45393 ssh2
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
That's what I get too when I use the wrong SSH key.
With the user that you are trying to log in as, the contents of the authorized_keys file:
cat ~/.ssh/authorized_keys
should look like this:
ssh-rsa blahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahblahPK9FwU28CsSs+hAlrmpmiHmgpnAvv33I8qFRehrtADIhEURFgm2Xy7fKJPOnEWhp9yKPV/shX15fjHzhRuPrM+Jm8t/NCbIIJBIBz/js2qJrN89TnCNZkxd2uSiublahblahblahblahblahblahblahblahblahblahblahblahblahblahblahuX5CggglKnuZ9E6R7X3JY6M9tuNpGH+PdCre1Ch1k+d4qhnY9kCVh5b/+KscgwXWZ/gG1M9yGflrMKwFN6QRblahblahblahblahblahblahblahblaht comment
Make sure that it is your shorter public key with the ssh-rsa (depending on key type) and not your full private key with the BEGIN and END separators. (Don't post your private, of course). The comment is optional and is usually your name.
Offline
looks fine to me. my local version should just be sitting in ~/.ssh, right?
root ssh > cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA6UAHMmmM+2uH2Xk5FZJLj2OfApP7yOnXH3mBoTAS2n5mvHsRpSdRMx/fbSLc1KgahPci7GrUXwqkb8DhPqW5Nin+HPujflx7AneLnRplLsPIQHdCjX4ryBOUOsnvOCeZoVrVVmyLJ/d8yPeoBJZ/K1rQnZv2wYWPuq3wWMp6i/M= chris-kun@imperium
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
Yea, as ~/.ssh/id_rsa
For troubleshooting, try to explicitly specify the private key to use, although you shouldn't have to if there is only one key.
ssh -i ~/.ssh/id_rsa server.com
Offline
no dice
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
Also, you can make a ~/.ssh/config
With contents that look like:
Host server.com
IdentityFile ~/.ssh/id_rsa
Offline
still nothing
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
We may be going down the wrong path here, but as a final try, backup your current private key, and create a new set with
ssh-keygen -t rsa -b 2048
If it's not that, I don't know what to say, except check the permissions in the .ssh directory on both client and server.
Offline
nope =/
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
I don't think this has an effect on SSH, but looking at your log file, you have no hostname set.
In /etc/rc.conf
HOSTNAME="MYCOMP"
In /etc/hosts
127.0.0.1 localhost.localdomain localhost MYCOMP
Also when you changed your sshd_config, you restarted sshd right?
/etc/rc.d/sshd restart
Offline
yeah I did restart sshd, and the hostname doesn't seem to have an affect, unless I need to restart something for that.
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
Just wanted to add that I found my arch computers to be doing this too for the past few weeks. I'll post any solutions I find. It looks to me like my arch machines aren't even trying to authenticate via keys, they just go straight to password authentication. Keys are working fine when connecting to bluehost, etc.
FWIW you shouldn't have to modify the ssh_config or sshd_config at all for basic key usage.
thayer williams ~ cinderwick.ca
Offline
hostname MYCOMP
/etc/rc.d/network restart
Offline
still nothing
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
For those of you who have publickey working, are you using dsa or rsa keys? My key is RSA based and it looks like the ssh daemon is skipping right over it and trying dsa.
thayer williams ~ cinderwick.ca
Offline
I tried using a dsa key but same error
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
I have RSA (2048bits) working. SSH2 only. Keys mandatory. openssh 5.6p1-1
Offline
hm.. my openssh is only 5.5
[home page] -- [code / configs]
"Once you go Arch, you must remain there for life or else Allan will track you down and break you."
-- Bregol
Offline
I've tried both openssh 5.5 and 5.6 without success on either. At this point I'm beginning to wonder if it could be the heimdal or openssl package dependencies.
After it sends a publickey packet, the bluehost daemon responds with Server accepts key: pkalg ssh-rsa blen 277, while the arch daemon doesn't respond at all and instead tries to move on to DSA authentication.
Last edited by thayer (2010-09-04 19:49:17)
thayer williams ~ cinderwick.ca
Offline