So I have been struggling with trying to authenticate without a password. Here is all my steps.
-
On Source Host ssh-keygen and saved the file into the default directory with a blank key phrase (enter)
drwx------ 2 root root 4096 Dec 11 18:08 .ssh
is the file permissions. -
ssh-keyscan 192.168.117.131 > known_hosts
-
ssh-copy-id user@192.168.117.131
and imputed "user's" password. After entering password, I got:
ssh-copy-id user@192.168.117.131 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys user@192.168.117.131's password: Number of key(s) added: 1 Now try logging into the machine, with: `ssh 'user@192.168.117.131'` and check to make sure that only the key(s) you wanted were added.
ssh user@192.168.117.131
and it is still require a password.
On Remote Host
drwxr-xr-x 2 user user 4096 Dec 12 08:27 .ssh
and
-rwxr-xr-x 1 user user 391 Dec 12 08:27 authorized_keys
authorized_key
file has the same key asid_rsa.pub
on the SOURCE server.
My sshd_config
file has the following settings:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
StrictModes no
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
-
/etc/init.d/ssh restart
-
From source server, tried to SSH once again, and it is still asks for a password.
Here is my debug log as well:
root@kali:~/.ssh# ssh -v user@192.168.117.131
OpenSSH_7.4p1 Debian-10, OpenSSL 1.0.2k 26 Jan 2017
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.117.131 [192.168.117.131] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5p1 Ubuntu-10
debug1: match: OpenSSH_7.5p1 Ubuntu-10 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.117.131:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:uGQe2r9lvKFm6w5p5jInX8Ywrg2PmICccUvC+q+Wc18
debug1: Host '192.168.117.131' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Skipping ssh-rsa key /root/.ssh/id_rsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
user@192.168.117.131's password:
Please help, I have been trying to figure this out for the last 2 days.
Best Answer
From the debugging messages, it seems that your local ssh needs some configuration changes. You can see the local ssh,
debug1:
, skipping your RSA key:You can find out how to configure this option by checking out the man page for
ssh_config
:So, querying your ssh configuration:
Should yield all the accepted key types for the local ssh client.
It seems that your configuration is not the standard default configuration. This seems likely due to the specialized version of GNU/Linux you are running: "Kali"