0

I am trying to do the very basic task of ssh-ing into the pi server from my Windows 10 box. I've tried using keys with a passphrase and without a passphrase, both generated within windows using putty and bitvise. I can SSH via user / password. PubkeyAuthentication is set to yes as this seems to be the central player in trying to accomplish authentication via a public and private key. I have tried a whole host of additional switches in the config file that didn't work. You'll see in the config file the additional switches that I tried and are now commented out. Full break down below, including debug info. I am at a total loss as this should be working, AFAIK.

System Information

Raspberry Pi 5.0 Server

 - openssh-server
 - Linux rpi 6.1.0-rpi7-rpi-2712 #1 SMP PREEMPT Debian 1:6.1.63-1+rpt1
   (2023-11-24) aarch64 GNU/Linux
 - Debian Version: 12.4

Windows 10 / Intel ( Latest Patches )

 - Putty v0.80 or Bitvise SSH v9.33

bob user directory structure on pi server - NOTE: no authorized_keys2 file

root@rpi:/home/bob/.ssh# ls -al
total 12
drwx------  2 bob bob 4096 Jan  5 14:28 .
drwx------ 24 bob bob 4096 Jan  5 11:47 ..
-rw-r--r--  1 bob bob 1591 Jan  5 14:28 authorized_keys
root@rpi:/home/bob/.ssh#

Debug Info

root@rpi:/home/bob/.ssh# /usr/sbin/sshd -d -p 2222
debug1: sshd version OpenSSH_9.2, OpenSSL 3.0.11 19 Sep 2023
debug1: private host key #0: ssh-rsa SHA256:sanatized
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:sanatized
debug1: private host key #2: ssh-ed25519 SHA256:sanatized
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_9.2, OpenSSL 3.0.11 19 Sep 2023
debug1: private host key #0: ssh-rsa SHA256:sanatized
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:sanatized
debug1: private host key #2: ssh-ed25519 SHA256:sanatized
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.50 port 53633 on 192.168.1.2 port 2222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version PuTTY_Release_0.80
debug1: compat_banner: no match: PuTTY_Release_0.80
debug1: permanently_set_uid: 102/65534 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: [email protected] [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user bob service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "bob"
debug1: PAM: setting PAM_RHOST to "192.168.1.50"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user bob service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:sanatized [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/bob/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/bob/.ssh/authorized_keys2
debug1: Could not open user 'bob' authorized keys '/home/bob/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for bob from 192.168.1.50 port 53633 ssh2: RSA SHA256:sanatized
Received disconnect from 192.168.1.50 port 53633:14: No supported authentication methods available [preauth]
Disconnected from authenticating user bob 192.168.1.50 port 53633 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 91169
debug1: audit_event: unhandled event 12

sshd_conf

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#UseDNS yes

PubkeyAuthentication yes

#PubkeyAcceptedAlgorithms +ssh-rsa

#pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa,[email protected]

#RSAAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem       sftp    /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

It's not the first time I've setup sshd/ssh and I've spent 4 hours on this, not getting anywhere.

authorized_keys

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20240105"
AAAAB3NzaC1yc2EAAAADAQABAAABAQCQVTdfgmqDh/D7ogHiavN/iFJHHZQNn1wQ
oRxubicn27UPJ+TbBWvBQlrChxJ9tFsV8E1KThSpgcPB9Y/mrWCsw5q8HxT7wTbe
fjkG3C0TMRp+Of+ZfGz8XuZNeWednxyYmBb1DHnL1wNPo2H6pa64Jg6iJLbVx4Ov
2XSgBHorSAMPmaafL/NThT9SIuf7ABMfSLb1VbTXaUZV3Vrlc0Eh8Tzl0+3TSFB6
jqjZs6HYisR4PoloH8aXTReEQz1uB1zjCw/fX0lMyM8YmzFAGgQ+Nb/pHt7mO52M
Fi4+FKPhigIvnIDTjCRCB67OOYTz7Du4NrNcxaLwpv1BmVHSV3n1
---- END SSH2 PUBLIC KEY ----

---- BEGIN SSH2 PUBLIC KEY ----
Comment: Generated by Shannon@BANZAI.
AAAAB3NzaC1yc2EAAAADAQABAAACAQC4OqOD5oSi5bk3LKd0UTjdqFdCbB0MWfNJ6uiLlhcH
8dBZAYU3PyTSE1CH/cfBw8rX5kezDw+fi8lywmcM8Td8jaJxYpqz+FQuiVwjs7RzIVzRMfm2
2cFaN5gT3uNJpSD6gkpHsRfkca9l6QkZXCSHUtJMyWM3Uzs+2K7DrOXeInC+1mI4GAEPQ79V
OkYkS4aCvEV6olUtlk+lX9RrZgEKCNkZPS8qE7CAPDOP2Wsq6pddmvrfDHw/ffl1Hp/K2EFl
aECqGgXIgYFFOYDMI68IYs0spddqBIUETV4h4jbonnlJwJtLVYwkKiXnscTl9/y2E4k1Yvth
i1aAGqCxfMOuoySynZWwJjR3rMNt+AxCkt5RJcetHDPytnsl/9ACgNsdz/a33TzxuyMxCC27
uCne55jfvCqbwiWdvBn9ce5wnC9DswnCmafwFxpVLYJ3u3/QJEdOchubWawK8XZ0Rvu0SJr1
Qo0a6p8g40StG8s1e2diz27/ugS7/DnbdqSAUsatVnMr55bdeKZW4cmGB+HHYNFV+gmyM/Yw
06aO6cad2qdL2p/nBJ55+EllcLPfZr2dq4r7g/btcuEUPYnI0VqLqJ7XWn/A7JXyPKSvrJZJ
oTqznJRb2LRGpBtUi0PHou0Bcgk4FW+Kem3qwOScaKcD6n0ZweOdDtENoYFpDL5RcQ==
---- END SSH2 PUBLIC KEY ----

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20021012"
AAAAB3NzaC1yc2EAAAABJQAAAIEAuEn3JILP5WY3phNemJR6at3vz60QyWEEAcnr
5LFOKXhRhAOv/XSZikHwEweyGRNo/mkVIYP81KzD09sv5nRhTqpfsbIL2prYnhzx
GaicLXO4kM3Ni3FBUp0diPHobg6kHxDyktyJguWt9DwHvyDpSxgTthEc/QKqDd+b
4uBDKNE=
---- END SSH2 PUBLIC KEY ----
Improve this question
8
  • 1
    Please show your authorized_keys file contents. (They are not secret.) // How did you install your public key on the Raspberry Pi?
    – Daniel B
    Commented Jan 5 at 23:57
  • Provide the ACL for the key file, showing that the file, can only be accessed by the user who will be using it. Likewise, show the permissions on the server, showing the same thing
    – Ramhound
    Commented Jan 6 at 0:16
  • “ Could not open user 'bob' authorized keys '/home/bob/.ssh/authorized_keys2': No such file or directory” - Do show us a screenshot of the permissions of the folder and file. If you can’t then you need to modify the server configuration to stop looking there.
    – Ramhound
    Commented Jan 6 at 0:19
  • Drat, I meant to include the authorized_keys. If you look up, I showed you permissions for the /home/boib/.ssh folder. I created it with vi and pasted the public key into the file. As stated, I actually made an authorized_keys2 file, which loaded but didn't work either. If permissions are not set correctly, the debug tells you that it can't read the file. As soon as figure out how to reply, I will past the contents of the auth_keys.
    – Fonkin
    Commented Jan 6 at 2:07
  • Looks like I just have to edit my original post. auth_keys is now there. Thanks for looking at this.
    – Fonkin
    Commented Jan 6 at 2:09

2 Answers 2

Reset to default
0

Your authorized_keys file is not in the appropriate format.

See man 8 sshd for what to put in your authorized_keys file:

https://manpages.debian.org/bookworm/openssh-server/sshd.8.en.html#AUTHORIZED_KEYS_FILE_FORMAT

Improve this answer
0

Well, that was definitely the issue. Ran a quick

ssh-keygen -i -f ssh2.pub > openssh.pub

Popped the output into authorized keys and it went right now. I feel like a dope. I've never had to do that before, guess things have changed since I've last had to setup a new Linux box. Thank you for figuring out the issue, I'll be wise to the moving forward. Best wishes and Happy New Year!

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .