I have performed extensive troubleshooting testing on my newly arrived Raspberry Pi 5, and I just cannot get SSH Public Key Authentication working.
Here are some of the troubleshooting that I performed:
-> Take a new Micro SD Card and use Raspberry Pi Imager v1.8.5 on Windows
--> Raspberry 5 / Raspberry Pi OS (64-bit) Released: 2023-12-05 / Configure basic settings such as username, password, hostname.
--> Boot Raspberry, confirm that I can SSH into with the user specified in the config of the Raspberry Pi Imager.
sudo apt update
sudo apt full-upgrade
--> Reboot
Create the appropriate directory, and authorized_keys file, and output a public key in the file.
cat ~/.ssh/id_ed25519.pub | ssh <USERNAME>@<IP-ADDRESS> 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
Set the appropriate permissions on the folder and file:
chmod g-w $HOME
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys
Of course, we confirm that the authorized_keys file contains the appropriate public key data.
*Note that I am using Ed25519
Try to authenticate, reverts to password authentication, does not even appear to attempt to authenticate with public key.
Modify sshd_config:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
--> Reboot
Here are some portions of the ssh client debug:
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u2
debug1: match: OpenSSH_9.2p1 Debian-2+deb12u2 pat OpenSSH* compat 0x04000000
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_rsa
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_ed25519 ED25519 SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
xxxxxxxxxxxxx@xxxxxxxxxxxxx's password:
Always prompts for a password. I tried different, re-generating fresh keys.
I also tried to image a new Micro SD card with Raspberry Pi Imager and selecting in the settings to disable password authentication and just use a key, it seem to generate a DSA or RSA, I cannot remember exactly, but out of the box, I could not even authenticate with the key that was generated, even after converting the private key on the Windows Client to ppk, trying with putty, etc...
I have no issues on Ubuntu Server's using the same ed25519 keys, I must missing something as it relates to how Debian Bookworm (with desktop) works?
Here are some of the troubleshooting that I performed:
-> Take a new Micro SD Card and use Raspberry Pi Imager v1.8.5 on Windows
--> Raspberry 5 / Raspberry Pi OS (64-bit) Released: 2023-12-05 / Configure basic settings such as username, password, hostname.
--> Boot Raspberry, confirm that I can SSH into with the user specified in the config of the Raspberry Pi Imager.
sudo apt update
sudo apt full-upgrade
--> Reboot
Create the appropriate directory, and authorized_keys file, and output a public key in the file.
cat ~/.ssh/id_ed25519.pub | ssh <USERNAME>@<IP-ADDRESS> 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
Set the appropriate permissions on the folder and file:
chmod g-w $HOME
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys
Of course, we confirm that the authorized_keys file contains the appropriate public key data.
*Note that I am using Ed25519
Try to authenticate, reverts to password authentication, does not even appear to attempt to authenticate with public key.
Modify sshd_config:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
--> Reboot
Here are some portions of the ssh client debug:
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u2
debug1: match: OpenSSH_9.2p1 Debian-2+deb12u2 pat OpenSSH* compat 0x04000000
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_rsa
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_ed25519 ED25519 SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Will attempt key: C:\\Users\\xxxxx/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
xxxxxxxxxxxxx@xxxxxxxxxxxxx's password:
Always prompts for a password. I tried different, re-generating fresh keys.
I also tried to image a new Micro SD card with Raspberry Pi Imager and selecting in the settings to disable password authentication and just use a key, it seem to generate a DSA or RSA, I cannot remember exactly, but out of the box, I could not even authenticate with the key that was generated, even after converting the private key on the Windows Client to ppk, trying with putty, etc...
I have no issues on Ubuntu Server's using the same ed25519 keys, I must missing something as it relates to how Debian Bookworm (with desktop) works?
Statistics: Posted by NeopathPi — Tue Feb 13, 2024 7:39 pm