LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-18-2020, 06:32 PM   #1
camorri
LQ Veteran
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2, current, slackware-arm-currnet
Posts: 5,545

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
ssh key frustration.


I have been trying for days to sort out why I can not get rsa keys to authenticate.

The server is Slackware current arm on a Raspberry Pi 3. The hosts, I have 3 systems installed in my main system. sda is current/64 fully updated, sdb is 14.2 64 bit, and the third is on an nvme drive, its current 64 bit fully updated.

I can generate keys, copy them using ssh-copy-id, but, I always get a password prompt.

This line was in the verbose output.

Quote:
Skipping ssh-rsa key /home/cliff/.ssh/id_rsa - not in PubkeyAcceptedKeyTypes
Where is this key not in PubkeyAcceptedKeyTypes ? Is this the client or the server? I have looked in the config files for client and server. What should I be looking for?

A side note, I did read DSA keys are no longer recommended. Are RSA keys good? If not, what keys should I generate?

As far as I can see, permissions are correct on directories, and keys.
 
Old 03-18-2020, 06:42 PM   #2
drumz
Member
 
Registered: Apr 2005
Location: Scottsdale, AZ, USA
Distribution: Slackware
Posts: 242

Rep: Reputation: 91
I don't know why your method isn't working, but I can tell you what I do:

Generate a key:
Code:
ssh-keygen -t rsa
Note that I'm using an RSA key.

Instead of of using the built-in tools to copy the public key around, I manually do that:
Code:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Since my authorized_keys file is always kept in sync among my machines, I can directly copy and replace the authorized_keys file to all machines. Alternatively, you can copy the id_rsa.pub file and then `cat` it to each relevant authorize_keys file.

My /etc/ssh/ssh_config and /etc/ssh/sshd_config don't have anything special in them.
 
Old 03-18-2020, 06:45 PM   #3
drumz
Member
 
Registered: Apr 2005
Location: Scottsdale, AZ, USA
Distribution: Slackware
Posts: 242

Rep: Reputation: 91
Maybe this will help you?

https://superuser.com/questions/9629...h-dsa-key-type

On my machine (Slackware 14.2):

Code:
$ ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
 
1 members found this post helpful.
Old 03-18-2020, 10:07 PM   #4
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,879

Rep: Reputation: 644Reputation: 644Reputation: 644Reputation: 644Reputation: 644Reputation: 644
I have had my fair share of authentication headaches with ssh. I do not recall all the things I did wrong but I will try to remember and post them as they come. In the meantime, this sounds like something client related. Check out the file /etc/ssh/ssh_config. Look for the section '# Host' and the parameter 'RSAAuthentication'. In my file it is at line 24 and commented but I can use RSA authentication with ssh, so I guess by default it is enabled.
Code:
 20 # Host *
 21 #   ForwardAgent no
 22 #   ForwardX11 no
 23 #   RhostsRSAAuthentication no
 24 #   RSAAuthentication yes
 25 #   PasswordAuthentication yes
 26 #   HostbasedAuthentication no
 
Old 03-18-2020, 11:22 PM   #5
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,789
Blog Entries: 3

Rep: Reputation: 2386Reputation: 2386Reputation: 2386Reputation: 2386Reputation: 2386Reputation: 2386Reputation: 2386Reputation: 2386Reputation: 2386Reputation: 2386Reputation: 2386
Quote:
Originally Posted by camorri View Post
A side note, I did read DSA keys are no longer recommended.
More than just not recommended, the DSA keys are actually blocked since vesion 7.0 of OpenSSH.

What do the server logs say when you get the error?
 
1 members found this post helpful.
Old 03-19-2020, 03:02 AM   #6
_peter
Member
 
Registered: Sep 2014
Location: paris
Distribution: slackware
Posts: 92

Rep: Reputation: Disabled
Quote:
I can generate keys, copy them using ssh-copy-id, but, I always get a password prompt.
The ssh public key is copied on the ARM server then chmod 700, does it go through ?
Code:
/home/cliff/.ssh/authorized_keys
if yes then the below should connect your client to your ARM server:
Code:
ssh -i /home/cliff/.ssh/id_rsa -p THE_PORT cliff@THE_SERVER_IPV4
same as crts
Quote:
24 # RSAAuthentication yes
and drumz
Quote:
ssh-keygen -t rsa

Last edited by _peter; 03-19-2020 at 03:03 AM.
 
Old 03-19-2020, 05:12 AM   #7
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,879

Rep: Reputation: 644Reputation: 644Reputation: 644Reputation: 644Reputation: 644Reputation: 644
I have been thinking about some possible error sources. I have definitely been bitten by some of them in the past.

Wrong username:

If you connect to the server without providing a username then the username of the client is automatically used. Always provide the username on the server.

Connecting from not authorized account on the client:
This may happen, e.g., if you created the keys on the client as root and copied them to the server's root account. Everything works as expected from the client's root account but now you are trying to connect from a normal user account. This account does not have the autorized keys in its $HOME/.ssh folder.

Cannot connect to root account on the server:
Connection as root may have been disabled on the server. The corresponding setting on the server is in /etc/ssh/sshd_config (no guarantee on the line numbers):
Code:
33 #PermitRootLogin prohibit-password
Other noteworthy settings on the server:
Code:
36 #MaxSessions 10
38 #PubkeyAuthentication yes
42 AuthorizedKeysFile  .ssh/authorized_keys
58 #PasswordAuthentication yes
59 #PermitEmptyPasswords no
and since you mentioned Slackware -current, maybe PAM needs to be enabled (or PAM is misconfigured on the server? It is still in testing, afaik):
Code:
83 #UsePAM no
Non default name and/or location for the autentication key:
This is my "favourite", so far. If you named the authentication file something other than the default or stored it in any other location than $HOME/.ssh then you must provide that location/keyname via the -i option when connecting to the server. Otherwise the client will try to use $HOME/.ssh/id_rsa and that key may not exist or not be authorized on the server.


Misconfigured user configuration file:
I have not hit this one, yet, but I think this *might* also be a possible source of confusion.
You can define which keys to use on a per host basis on the client machine. This is usually done in the file $HOME/.ssh/config. If your authentication key does have the default name, so you do not use the -i option, but the $HOME/.ssh/config file has another key configured for the server you are trying to connect then it may not work. This is what $HOME/.ssh/config may look like:
Code:
Host myserver.net
User myusername
PubKeyAuthentication yes
IdentityFile /home/user/.ssh/my_special_key # not a valid key
The key may have been valid at some point but is not any longer and the configuration was not adjusted accordingly.



Those are all I can think of for now, maybe one of those can help solve your issue.

Last edited by crts; 03-19-2020 at 05:17 AM.
 
1 members found this post helpful.
Old 03-19-2020, 05:45 AM   #8
camorri
LQ Veteran
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2, current, slackware-arm-currnet
Posts: 5,545

Original Poster
Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
Thank-you all, for your thoughtful comments. I will investigate this, and report back. One further thought, one of my frustrations with ssh keys stems around I could not find a list like waht has been posted here on things to look at that may cause difficulty getting ssh keys working.
 
Old 03-19-2020, 06:47 AM   #9
_peter
Member
 
Registered: Sep 2014
Location: paris
Distribution: slackware
Posts: 92

Rep: Reputation: Disabled
Quote:
Originally Posted by camorri View Post
I could not find a list like waht has been posted here on things to look at that may cause difficulty getting ssh keys working.
Hi Cliff, maybe you already looked here https://docs.slackware.com/howtos:security:sshkeys
with 14.2 it works sort of easily, maybe subtleties for current and ARM stuff, i don't know, it will for you work eventually.
 
1 members found this post helpful.
Old 03-19-2020, 12:43 PM   #10
camorri
LQ Veteran
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2, current, slackware-arm-currnet
Posts: 5,545

Original Poster
Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
An update. The good news is I have ssh with keys working from several system all working to my Pi.

I had different issues on different systems.

There were no issues on the Pi, directory and file permissions were correct. One problem, was hosts.allow and hosts.deny files. I had to add the IP addresses of two systems to sshd: entries. I had an All:All entry in the deny files on all systems, so ssh would not work correctly.

I was a little confused on the keys. I thought I would need a unique key pair on each system, that is probably best practice, however, this is a home network, so I found out you copy a key pair to more than one system, and use it on multiple systems, after you copy the .pub key to the server in question.

I had removed the line "RSAAuthentication yes" in ssh_config on one system. Adding that back fixed another problem.

Once again, thank-you to the everyone that helped.
 
  


Reply

Tags
ssh authorization


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ctrl key and Alt key are acting as Shift key rotopercutor Linux - Newbie 10 12-19-2019 11:22 AM
LXer: What is SSH Key? How To Generate SSH Key in Linux? LXer Syndicated Linux News 0 04-30-2017 07:42 AM
SSH skips public key authentication for a key, but works with another key simopal6 Linux - General 1 07-06-2011 08:33 AM
Frustration! - GnoMenu and Menu Bar - Lost my two desktop view shortcut key ieatbunnies Linux - Newbie 2 02-18-2010 02:44 PM
"Enter Key" not working, how to map "Enter Key" functionality to "F9" Key srinihi Linux - Newbie 1 04-03-2009 02:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration