SSH connection problem (key authentication)

ilporro

New Member
Joined
Aug 6, 2024
Messages
3
Reaction score
0
Credits
41
Hello, I'm relatively new to Linux and very new to SSH, and after some recent experimenting I ran into a problem I can't work my way out off. I hope I've put this question in the correct forum, if not I'm happy to move it.

I recently bought a Raspberry Pi 5 and am trying to connect to it via SSH. After following the directions in this video I managed to connect with password authentication. After that I tried to authenticate with a key, followed all the instructions in the video, didn't encounter any errors, but when I tried to connect to my Raspberry Pi again I didn't get asked to unlock the generated key and it kept asking me for my password. After editing the sshd_config file and disabling password authentication (as per the instructions in the video) I couldn't connect to my Raspberry anymore and got this message: "[email protected]: Permission denied (publickey)."

Does anyone know what I'm doing wrong? And how could I fix it? I tried looking for solutions online but didn't find any, but maybe I just didn't look in the right place.
 


I didn't watch the video, but it doesn't look like it's using your key to connect. If it was using your key, and it was set up correctly, it wouldn't be asking you for a password.

You can try connecting to your Pi via ssh and specifying the key you want to use like:
ssh -i ~/.ssh/id_rsa username@pi-address

You can also add a couple 'v' flags (ssh -vvv) to get more verbose logs back.

Edit: This is an old video I made, but probably more straight to the point of getting keys set up:

Also, you probably want to hook up a keyboard and monitor to your Pi and re-edit the sshd_conf to enable password until you get the key figured out :)
 
Many distro's have something called "ssh-copy-id"

ssh-copy-id user@computer

The first time, you will have to enter a password, but after that, it usually just works without a password.

Remember to create a public ssh-key before you do this.

ssh-keygen -t ecdsa -b 256

I use all the defaults, it's best if you don't use a pass-phrase the first time.
A pass-phrase is more secure, but harder to automate.
 
I recently ran into an instance where the SFTP server on the remote (my android phone phone running "SFTP Server s0 v1") didn't share a key exchange cypher with my linux system (running OpenSSH_9.5p1) so I had to add

Code:
PubkeyAcceptedKeyTypes +ssh-rsa

to ~/.ssh/config

Until I did so, any attempt to connect, even with an explicitly specified key, just acted like there had been no attempt at using key authentication and went straight to a password prompt. There was a mention of an issue in the server side logs, but if you're locked out of the pi that'll be hard to check. Since SFTP uses the same authentication methods that SSH uses, this may be applicable to your current situation.

If you try this and it doesn't work, it's probably best to remove that line from ~/.ssh/config (just because I'm sure there's a reason that's not part of the default config - but I don't feel like googling it right now)
 
I am not saying this with the intent of tell you off, but you shouldn't disable the password login until you've successfully configured the public key access.

SSH server default configuration is smart enough to use public key access first, if available.

In order to get out of this situation you will have to connect a keyboard and screen to be able to physically log into the machine, and restore Password Access. This is basically undoing what you did. Keep the keyboard and screen connected until you're able to SSH using password from another machine.

Next, despite many videos being very accurate, I personally don't follow video instructions. I like watching videos like the above to be able to see how it feels and how good looks like, by seeing the behaviour of a system as they go, but always refer to written instructions. They are better as you don't need to pause and that you can refer without having to catch up with someone that may be very quick.

For SSH Public Key access, there are plenty of resources and many are quite comprehensive, such as https://www.baeldung.com/linux/ssh-setup-public-key-auth
 
Thanks everyone fo the advice! First of all, maybe I wasn't clear enough in the description of my problem, but I was already using a monitor and keyboard (and mouse) for my raspberry pi, so it's not like I was locked out of the pi (fortunately :)). The reason I did disable the password login was in order to double check if the key worked (which it didn't completely), and I had no problem re-enabling it.

The solution Rob mentioned, specifying the key I want to use, worked, so now I am able to connect with a key. However, it feels like a workaround that shouldn't be necessary. The problem I was and still am facing is that after I generate a key, save it to the .ssh folder, copy it to the Pi with ssh-copy-id, it seems like the key doesn't get 'activated'. It is added to the Pi (I checked in the authorized_keys file), but unless I specify the key I want to connect with I still get the "Permission denied (public key)" message. Or to explain it differently, in the Baeldung guide mentioned above step 4 doesn't work for me, unless I specify in the ssh command which key I want to use. And that doesn't feel correct?

As for the video and written guide, as far as I can tell I basically followed those instructions, I can't really see where I might have slipped up. The only thing 'my' video said to do different was using a different type of key (-t ed25519) and giving it a custom name, but I would expect that to make no difference? (in the video I followed it all worked as intended)
 
@ilporro,try this :
1. enable hidden files in your file manager of the SSH Server (to connect to)
2. cd to
~/.ssh$
3. delete
known_hosts and
known_hosts.old
4. Try again login, you will be asked for user, password
 
Thanks, I'l try it in a couple of weeks and will let you know if it works.
 


Top