SSH-KEY not working between laptop and Rasbian?
Hi.
I am testing Raspbian by ssh on local network and internet, but I can't get it to work with SSH-KEY: Note: I have created a new user first and deleted the pi user and then did the following: Debianlaptop client: ssh-keygen -o -t rsa -b 4096 cat ~ / .ssh / id_rsa.pub Copy ssh-key: ssh-rsa GBjsdhbcv ... ... H755f client @ debianlaptop Raspbian: sudo mkdir ~ / .ssh sudo chmod 700 ~ / .ssh sudo nano ~ / .ssh / authorized_keys Paste ssh-key: ssh-rsa GBjsdhbcv ... ... H755f client @ debianlaptop chmod 600 ~ / .ssh / authorized_keys I'm wrong about something, what am I missing? Needed: - make it work with ssh-key - Ask me for the ssh-key password to be able to enter - And not with the Raspbian user's sudo password. Raspbian connects either from the local network or from the internet with the Raspbian user's sudo password. Thank you. |
The ssh-copy-id script is the easiest way to transfer the public key to the server. A web search will find lots of guides. It defaults to ida_rsa.pub, from the client where you created the keys:
ssh-copy-id user@pi If the permissions were setup correctly you should now be able to login to the pi without a password. The passphrase protects the private key. |
I don't see what you are doing wrong except for making it more complicated than necessary. I am using mint which is an offshoot of Debian, so I believe the commands are the same and I have no trouble working with any of my rps, so lets start from the begining and see if it works.
First, we make fresh keys. If this will mess up something that exists then create a new, experimental user to work with. To make the keys simply: Code:
ssh-keygen Make sure you have the appropriate user on the rpi and that you can sign in with the password with ssh. Now, if you have no ssh keys set up on the pi, do things the easy way. Change to your .ssh directory, then Code:
scp id_rsa.pub <pi hostname>:/home/<username>/.ssh/authorized_keys Code:
sudo systemctl start sshd Now, if transferring the key in one swoop to authorized_keys is a no-go for some reason there is always the long way. Code:
ssh-keygen |
Ok, I don't understand, I did everything they indicate.
Raspbian ignores the ssh-key and only logs in with the user's password, not the ssh-key password. From another PC on the internet you can enter without needing an ssh-key, but they are already added. |
First, who is 'they'?
Quote:
Here is the way sshd works on the pi. During system configuration you tell raspbian you want to secure shell for remote sessions. So, during boot sshd is started as a daemon using the configuration in the file /etc/ssh/sshd_config. In that file there are two entries you are interested in at this point: Code:
#PubkeyAuthentication yes Code:
#PasswordAuthentication yes Here is the way secure shell (sshd) works. Upon initial contact it verifies the hosts by methods invisible to the user. Then it checks to see if the client can provide an authorized public key. If so, it goes through that authentication method and, if successful allows access. Note that the client has access to the sshd daemon, not to raspbian itself. Everything is encrypted and the daemon is actually the user working in the name of the user. If the PubkeyAuthentication system fails for whatever reason then the daemon falls back to PasswordAuthentication, or some other method, if allowed. The deamon then accesses the pam system to check authentication. If allowed, then it will allow access to the client. Again, access so to the sshd daemon, not directly to raspbian. The sshd is the go-between so everything can be encrypted in transit. Now, having said all of that, I can see two possible causes of your problem. One, somehow the configuration file got changed so the PubkeyAuthentication is disabled. This I doubt but it is possible. Two, something has gone wrong with your keys or your use thereof. I would strongly urge you to remove your keys from the client and the authorized_keys from the server and start again. This is, of course, you are not using them for anything else so nothing else will be affected. If that is not true, or you are not sure, set up test users on both machines and work with them. You have three possible ways to install the authorized keys that will work. If you use michaelk's method be sure to generate the keys first. Don't use some complicated method that can introduce errors. I haven't used michaelk's method but other advice he has given has been spot on. My methods have worked for multiple raspbian installations over the years for my six pi's for me so I am fairly confident in them. Pick one and go with it. At least with them if something goes wrong we will have a chance of helping you. |
How are you actually trying to connect to the Raspberry Pi? You do need to specify the key:
Code:
ssh -i ~/.ssh/id_rsa pi@192.168.1.101 Code:
ssh-add ~/.ssh/id_rsa If that what was wrong and you wish to make the changes permanent you can edit ~/.ssh/config and make a listing for your Raspberry Pi with the settings you wish to use. Here are some for the default user. Change the user and IP address as needed: Code:
Host rpi |
agillator
Thanks so much for the explanation Turbocapitalist Thank you very much for idea of configuring in ~/.ssh/config michaelk ssh-copy-id is the simplest command, the only problem is that it copies other keys, but it was the command that I use now. I really understand that it is very simple, there is not much secret, just take the client key and put it in Raspbian. I reinstalled Raspbian and added the key, this time it works and just switch to PasswordAuthentication no to enter only with the key. Thank you very much for the help. |
ssh-copy-id defaults to id_rsa.pub by default but you can specify any key on the command line.
ssh-copy-id -i public_key_name user@server https://linux.die.net/man/1/ssh-copy-id |
Quote:
Thanks for the information. I have read that the permissions recommendation is chmod 700 for .ssh and chmod 600 for authorized_keys But when I apply it I cannot enter. It only works with the "user" -rw ------- 1 user user 1483 Mar 31 23:36 authorized_keys It works to enter -rw ------- 1 root root 1483 Mar 31 23:20 authorized_keys It does not work to enter Thanks |
If I understand what you are posting yes, the authorized_keys file in the users .ssh directory must be owned by that user.
|
All times are GMT -5. The time now is 11:03 PM. |