On Ubuntu machines I just add this line in ~/.ssh/authorized_keys
ssh-rsa XXXsdfsdfqw3eqwesdsdfasdfasdfadfrsdfsdfsdf=
I did the same on Raspberry PI running Raspbian Wheezy. But when I try to do password-less login using my private key in Putty, I get the following error:
Using username "pi".
Server refused our key
pi#192.168.0.5's password:
How do I get it to work with my existing key?
There is fastest and effective way to copy your public key to a remote machine's is with ssh-copy-id
ssh-copy-id pi#192.168.0.5
If you edit authorized_keys by hand ensure that authorized_keys and .ssh folder has the correct permissions :
chown -Rv -- pi:pi ~/.ssh/
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
It was permission related issue.
Did
sudo chown pi:pi .ssh
and
sudo chown pi:pi .ssh/autherized_keys
See https://www.raspberrypi.org/forums/viewtopic.php?t=79932&p=568968
Related
I have 2 machines:
Windows machine with WSL installed, that serves as a client.
Ubuntu machine, with a test-user user, that serves as a server.
Both computer are on the same network.
On the Ubuntu computer, what I did:
I used ssh-keygen to generate two keys, I copied the id_rsa file to the WSL.
Make sure the ssh service is up, with systemctl status ssh.
On the WSL, what I did:
Copied the id_rsa file as key.
Changed the permission of the key file with chmod 600 key.
Connect to the server machine :
ssh -i key test-user#XXX.XXX.XXX.XXX
This works well, but it also ask me the password of the user.
hamuto#DESKTOP-HLSFHPR:~$ ssh -i key test-user#XXX.XXX.XXX.XXX
test-user#XXX.XXX.XXX.XXX's password:
The problem with this thing is, that with Github Actions, I can't enter the password.
So I changed the file /etc/ssh/sshd_config in the server:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no <-- I've changed that to no, and uncomment the line
#PermitEmptyPasswords no
When I retry to connect with ssh:
hamuto#DESKTOP-HLSFHPR:~$ ssh -i key test-user#XXX.XXX.XXX.XXX
test-user#XXX.XXX.XXX.XXX: Permission denied (publickey).
Why is that?
After days of research, I found the solution:
First thing first, I needed to understand that you only need one pair of key, generated on the Ubuntu server.
In the server, you have to copy the id_rsa.pub in the ~/.ssh/authorized_keys.
Set the permission correctly:
chown -R username:username /home/username/.ssh
chmod 700 /home/username/.ssh
chmod 600 /home/username/.ssh/authorized_keys
Change the value of PubkeyAuthentication in the file /etc/ssh/sshd_config to yes and uncomment it.
Copy the private id_rsa key, to the client. Set the permission to 600.
You can connect to the server:
ssh -i ~/.ssh/id_rsa test-user#XXX.XXX.XX.XX
Now it works.
I wanted to set up crontab to fetch resources from remote server to local server.
Steps used as below
In local server
1. ssh-keygen with no passphrase
2. copied the pubic key over to the server using SCP
In the remote server
cat id_rsa.pub >> ~/.ssh/authorized_keys
edited .ssh config file sudo nano /etc/ssh/sshd_config as below
RSAAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePam no
reload ssh by sudo /etc/init.d/ssh reload
sudo chmod 700 .ssh
cd .ssh
sudo chmod 600 authorized_keys
After all this configuration, neither I am able to access remote server by public key or normal login credential into remote server.
If I tried to login through PuTTy asked for my login after has been entered. Its says "Disconnected: No supported authentication methods availble (server send: publickey)"
If I tried to login through SSH from local server ssh sana#127.168.1.1 it says "Permission denied (publickey)"
Server Details:
Ubuntu 14.04
I set up public key with another user not with root user.
Thanks in advance for all the support.
try
chmod 444 ~/.ssh/authorized_keys
the file should be only accessible to read and it should be accessible to read by your user.
And make sure that authorized_keys file is in the sana user home directory
I have two machines with same username (medya), I have mounted their ~/.ssh folder though a network file storage (nfs). so all the files in their ~/.ssh folder are same (and synced).
I did
cat id_rsa.pub >> authorized_keys
I was expecting to be able to ssh to other machine without a password, but I got this error:
bash-4.1$ ssh 10.16.4.114
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
note that I know this is possible because I had done this before...any clue what I am doing wrong this time?
chmod g-w /home/medya
chmod 700 /home/medya/.ssh
chmod 600 /home/medya/.ssh/authorized_keys
have your private key ready
I would like to start up an application server that resides on another linux machine in another network, so SSH is required. How can I do it? Something like this?:
ssh user#host password /home/user/server/bin/run.sh
?
You can generate a ssh public/private key pair using ssh-keygen command, and then append your public key to .ssh/authorized_keys file of target host, then you can omit the 'password' part above.
ssh-keygen -t rsa
scp .ssh/id_rsa.pub user#host:.ssh/authorized_keys
ssh user#host
chmod og-rw .ssh/authorized_keys
chmod a-x .ssh/authorized_keys
chmod 700 .ssh
I'm trying to get this command to work as the user postgres (so I can ship wal files):
rsync -a /tmp/test postgres#server2:/tmp/test
But I get the error:
Permission denied (publickey).
I've run ssh-keygen eval `ssh-agent` and ssh-add as postgres user on server1. keygen created /var/lib/postgresql/.ssh/id_rsa and id_rsa.pub and I can see that it's sent by using ssh -vvv postgres#server2.
On server2 I've created /var/lib/postgresql/.ssh/authorized_keys put the contents of id_rsa.pub form server1 in it. It's owned by postgres user and group and chmod 600. The .ssh directory is also owned by postgres and chmod 700.
I can see from verbose sshd logging on server2 that Failed publickey for postgres...
What am I missing? I'm guessing that sshd isn't looking at my authorized_keys file on server2
Assuming your slave server allows key authentication, you only need to update /etc/ssh/sshd_config if you've set 'AllowedUsers', in which case you need to ensure postgres is in that list.
Other than that, just ssh-keygen (leave private key passphrase empty), and then add an ~/.ssh/authorized_keys directory/file to the slave server. The home directory for postgres is /var/lib/postgresql, but if you do these operations while su'd as the postgres user, you can just use ~, not to mention you won't have to chown anything, because postgres will own the generated ssh keys on the master server, and postgres will own the created directory/file on the slave server.
Be sure to set the file permissions securely on both the master and slave server:
On master
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/known_hosts # this one won't exist until you SSH once
On slave
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys