I am trying to do the very basic task of ssh-ing into the pi server from my Windows 10 box. I've tried using keys with a passphrase and without a passphrase, both generated within windows using putty and bitvise. I can SSH via user / password. PubkeyAuthentication is set to yes as this seems to be the central player in trying to accomplish authentication via a public and private key. I have tried a whole host of additional switches in the config file that didn't work. You'll see in the config file the additional switches that I tried and are now commented out. Full break down below, including debug info. I am at a total loss as this should be working, AFAIK.
System Information
Raspberry Pi 5.0 Server
- openssh-server
- Linux rpi 6.1.0-rpi7-rpi-2712 #1 SMP PREEMPT Debian 1:6.1.63-1+rpt1
(2023-11-24) aarch64 GNU/Linux
- Debian Version: 12.4
Windows 10 / Intel ( Latest Patches )
- Putty v0.80 or Bitvise SSH v9.33
bob user directory structure on pi server – NOTE: no authorized_keys2 file
root@rpi:/home/bob/.ssh# ls -al
total 12
drwx------ 2 bob bob 4096 Jan 5 14:28 .
drwx------ 24 bob bob 4096 Jan 5 11:47 ..
-rw-r--r-- 1 bob bob 1591 Jan 5 14:28 authorized_keys
root@rpi:/home/bob/.ssh#
Debug Info
root@rpi:/home/bob/.ssh# /usr/sbin/sshd -d -p 2222
debug1: sshd version OpenSSH_9.2, OpenSSL 3.0.11 19 Sep 2023
debug1: private host key #0: ssh-rsa SHA256:sanatized
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:sanatized
debug1: private host key #2: ssh-ed25519 SHA256:sanatized
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_9.2, OpenSSL 3.0.11 19 Sep 2023
debug1: private host key #0: ssh-rsa SHA256:sanatized
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:sanatized
debug1: private host key #2: ssh-ed25519 SHA256:sanatized
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.50 port 53633 on 192.168.1.2 port 2222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version PuTTY_Release_0.80
debug1: compat_banner: no match: PuTTY_Release_0.80
debug1: permanently_set_uid: 102/65534 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: [email protected] [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user bob service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "bob"
debug1: PAM: setting PAM_RHOST to "192.168.1.50"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user bob service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:sanatized [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/bob/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/bob/.ssh/authorized_keys2
debug1: Could not open user 'bob' authorized keys '/home/bob/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for bob from 192.168.1.50 port 53633 ssh2: RSA SHA256:sanatized
Received disconnect from 192.168.1.50 port 53633:14: No supported authentication methods available [preauth]
Disconnected from authenticating user bob 192.168.1.50 port 53633 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 91169
debug1: audit_event: unhandled event 12
sshd_conf
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#UseDNS yes
PubkeyAuthentication yes
#PubkeyAcceptedAlgorithms +ssh-rsa
#pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa,[email protected]
#RSAAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
It's not the first time I've setup sshd/ssh and I've spent 4 hours on this, not getting anywhere.
authorized_keys
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20240105"
AAAAB3NzaC1yc2EAAAADAQABAAABAQCQVTdfgmqDh/D7ogHiavN/iFJHHZQNn1wQ
oRxubicn27UPJ+TbBWvBQlrChxJ9tFsV8E1KThSpgcPB9Y/mrWCsw5q8HxT7wTbe
fjkG3C0TMRp+Of+ZfGz8XuZNeWednxyYmBb1DHnL1wNPo2H6pa64Jg6iJLbVx4Ov
2XSgBHorSAMPmaafL/NThT9SIuf7ABMfSLb1VbTXaUZV3Vrlc0Eh8Tzl0+3TSFB6
jqjZs6HYisR4PoloH8aXTReEQz1uB1zjCw/fX0lMyM8YmzFAGgQ+Nb/pHt7mO52M
Fi4+FKPhigIvnIDTjCRCB67OOYTz7Du4NrNcxaLwpv1BmVHSV3n1
---- END SSH2 PUBLIC KEY ----
---- BEGIN SSH2 PUBLIC KEY ----
Comment: Generated by Shannon@BANZAI.
AAAAB3NzaC1yc2EAAAADAQABAAACAQC4OqOD5oSi5bk3LKd0UTjdqFdCbB0MWfNJ6uiLlhcH
8dBZAYU3PyTSE1CH/cfBw8rX5kezDw+fi8lywmcM8Td8jaJxYpqz+FQuiVwjs7RzIVzRMfm2
2cFaN5gT3uNJpSD6gkpHsRfkca9l6QkZXCSHUtJMyWM3Uzs+2K7DrOXeInC+1mI4GAEPQ79V
OkYkS4aCvEV6olUtlk+lX9RrZgEKCNkZPS8qE7CAPDOP2Wsq6pddmvrfDHw/ffl1Hp/K2EFl
aECqGgXIgYFFOYDMI68IYs0spddqBIUETV4h4jbonnlJwJtLVYwkKiXnscTl9/y2E4k1Yvth
i1aAGqCxfMOuoySynZWwJjR3rMNt+AxCkt5RJcetHDPytnsl/9ACgNsdz/a33TzxuyMxCC27
uCne55jfvCqbwiWdvBn9ce5wnC9DswnCmafwFxpVLYJ3u3/QJEdOchubWawK8XZ0Rvu0SJr1
Qo0a6p8g40StG8s1e2diz27/ugS7/DnbdqSAUsatVnMr55bdeKZW4cmGB+HHYNFV+gmyM/Yw
06aO6cad2qdL2p/nBJ55+EllcLPfZr2dq4r7g/btcuEUPYnI0VqLqJ7XWn/A7JXyPKSvrJZJ
oTqznJRb2LRGpBtUi0PHou0Bcgk4FW+Kem3qwOScaKcD6n0ZweOdDtENoYFpDL5RcQ==
---- END SSH2 PUBLIC KEY ----
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20021012"
AAAAB3NzaC1yc2EAAAABJQAAAIEAuEn3JILP5WY3phNemJR6at3vz60QyWEEAcnr
5LFOKXhRhAOv/XSZikHwEweyGRNo/mkVIYP81KzD09sv5nRhTqpfsbIL2prYnhzx
GaicLXO4kM3Ni3FBUp0diPHobg6kHxDyktyJguWt9DwHvyDpSxgTthEc/QKqDd+b
4uBDKNE=
---- END SSH2 PUBLIC KEY ----
Best Answer
Your authorized_keys file is not in the appropriate format.
See man 8 sshd for what to put in your authorized_keys file:
https://manpages.debian.org/bookworm/openssh-server/sshd.8.en.html#AUTHORIZED_KEYS_FILE_FORMAT