RSA key copy is not working
Hi everyone,
I must access a remote host (in port 2022) without password requirement. So I ran 'ssh-keygen' in my personal computer and copied the id_rsa.pub to the authorized_keys inside ~.ssh folder of the remote host. I also ran 'ssh-copy-id -i remote-host', but I could not login without password. How can I solve it? The login with '-v' argument prints: . . ....some bla bla bla here... . debug1: Host '[myhost]:2022' is known and matches the ECDSA host key. debug1: Found key in /home/myuser/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/medea/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /home/medea/.ssh/id_dsa debug1: Trying private key: /home/medea/.ssh/id_ecdsa debug1: Trying private key: /home/medea/.ssh/id_ed25519 debug1: Next authentication method: keyboard-interactive Password: |
Something about the public key or how it is stored on the remote host is off.
Check the permissions on the remote host for your home directory, your .ssh directory, and the authorized_keys file. No other accounts should be able to write to any of them. Also, the public key should be in the authorized_keys file there whole and unbroken on a single line. If that does not work, then try again from the beginning: Code:
ssh-keygen -f ~/.ssh/remote-host-rsa -t rsa -b 3072 RSA is kind of on the way out though. So if you do not need RSA specifically, say for hardware token compatibility, then you should be using a more advanced algorithm like Ed25519: Code:
# do once for setup |
Some things to check. The permissions on the .ssh directory and the authorized keys file are critical. They will not work if incorrect. They should be set to 700 for the .ssh directory and 600 for the authorized keys file.
Your post seems to be saying you copied the generated RAS key twice. Could you clarify? The ssh-copy-id script is used to copy the client key to the remote server, and add it to the authorized keys file. It is normal to get a prompt for a password when you copy a key to a remote ssh server. Other things to look at, is the authorized keys file in your remote /home/yourname/.ssh or is this file some place else on the remote server? |
I already verified the permissions and in the remote-host, they are 700 for .ssh folder and 600 for authorized_keys. And .ssh is inside the computer in /home/users/amandaventura(my user)/.ssh. I also tried to generate ed key and log in as Turbocapitalist suggested but it still requests my password every time. Camorri, I generated the key once and it was added twice in athorized_keys file, but now I tried to generate the keys from another computer following Turbocapitalist method, still does not work...
|
Quote:
Code:
debug1: Trying private key: /home/medea/.ssh/id_dsa Is that an oops in obfuscation here, or are you not using the same user to login that you did to generate and copy? |
/home/medea/.ssh is in my personal computer and home/users/amandaventura(is my user)/.ssh is the location in remote-host
|
I'm going to suggest you start sshd on the server in debug mode. See the man page for information. You have to stop it, assuming it is running normally. Start it with the -d option. Messages are dumped to standard out.
Then try to connect. Have a look through the output, usually the console on the server. You should get a clew to why its failing. |
Quote:
I'm guessing not, since it's looking for your local username on the remote server. Please post the exact ssh command that's failing. You can/should obfuscate the server name. |
Scasey, I used
Quote:
Quote:
|
There is another thing that I just remembered, This usual process used to work BEFORE transfer some files using rsync instead of ssh. After the upload of files, I could not log in anymore without password and I am trying to fix it. Maybe there is a correlation...it is not obvious for me...
Here is the ssh_config file # $OpenBSD: ssh_config,v 2.30 2016/02/20 23:06:23 sobrado Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Protocol 2 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # SGI StrictHostKeyChecking no UsePrivilegedPort no #ForwardX11 no |
Quote:
Then I wonder why, in your OP, it's looking for the key in /home/medea/.ssh ?? rsync can use ssh for file transfer...which "some files" were transfered? Note that ssh_config is for the clent, not the server. Is that ssh_config on the server? It wouldn't be used here. What's in sshd_config on the server? |
Quote:
Although you did indicated your were using ida_rsa/id_rsa.pub in your first post you also posted a similar command below which means that the public key in the servers authorized key file might be messed up. It might be worth deleting it and starting over. Quote:
Nevermind... |
Thank you all, I found the answer! Somehow using RSYNC for transfer changed the permission of my_user folder in remote-host!
So I used in the remote host: Quote:
If I use RSYNC again, I should remember this. |
All times are GMT -5. The time now is 11:36 PM. |