ThatDude Posted April 25, 2022 Share Posted April 25, 2022 On my primary workstation (macbook) I used ssh-copy-id to copy my key to unraid and I can now login without a password as expected. However, when I do the same thing from a debian vm (or raspberry pi), ssh-copy-id succeeds but it still prompts me for a password. Can anyone see what I'm doing wrong? Kinda stumped. parallels@debian-gnu-linux-10:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/parallels/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/parallels/.ssh/id_rsa. Your public key has been saved in /home/parallels/.ssh/id_rsa.pub. The key fingerprint is: SHA256:REDACTED parallels@debian-gnu-linux-10 The key's randomart image is: +---[RSA 2048]----+ | ....++ o+o| | . o.+..o=o.| | REDACTED .| | . .+ B B .| | So * X oo| | .. + E B=o| | . o +o*.| | o o | | . | +----[SHA256]-----+ parallels@debian-gnu-linux-10:~$ ssh-copy-id root@unraid /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@unraid's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@unraid'" and check to make sure that only the key(s) you wanted were added. parallels@debian-gnu-linux-10:~$ ssh root@unriad root@unraid's password: and here's the debug ssh connection parallels@debian-gnu-linux-10:~$ ssh root@unraid -vvvvv OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "unraid" port 22 debug2: ssh_connect_direct debug1: Connecting to unraid [192.168.1.250] port 22. debug1: Connection established. debug1: identity file /home/parallels/.ssh/id_rsa type 0 debug1: identity file /home/parallels/.ssh/id_rsa-cert type -1 debug1: identity file /home/parallels/.ssh/id_dsa type -1 debug1: identity file /home/parallels/.ssh/id_dsa-cert type -1 debug1: identity file /home/parallels/.ssh/id_ecdsa type -1 debug1: identity file /home/parallels/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/parallels/.ssh/id_ed25519 type -1 debug1: identity file /home/parallels/.ssh/id_ed25519-cert type -1 debug1: identity file /home/parallels/.ssh/id_xmss type -1 debug1: identity file /home/parallels/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8 debug1: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to unraid:22 as 'root' debug3: hostkeys_foreach: reading file "/home/parallels/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/parallels/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from unraid debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected],zlib debug2: compression stoc: none,[email protected],zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected] debug2: compression stoc: none,[email protected] debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:BYjksZkr04Z0Tywa/zTShZM8Ddm5nEqs8mE9aCmLQnI debug3: hostkeys_foreach: reading file "/home/parallels/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/parallels/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from unraid debug3: hostkeys_foreach: reading file "/home/parallels/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/parallels/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys from 192.168.1.250 debug1: Host 'unraid' is known and matches the ECDSA host key. debug1: Found key in /home/parallels/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: Will attempt key: /home/parallels/.ssh/id_rsa RSA SHA256:VnVHD2np+AZLN4O/UD5nk2YF7otDBNIhuPUzUcOr2HY agent debug1: Will attempt key: /home/parallels/.ssh/id_dsa debug1: Will attempt key: /home/parallels/.ssh/id_ecdsa debug1: Will attempt key: /home/parallels/.ssh/id_ed25519 debug1: Will attempt key: /home/parallels/.ssh/id_xmss debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/parallels/.ssh/id_rsa RSA SHA256:VnVHD2np+AZLN4O/UD5nk2YF7otDBNIhuPUzUcOr2HY agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /home/parallels/.ssh/id_dsa debug3: no such identity: /home/parallels/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/parallels/.ssh/id_ecdsa debug3: no such identity: /home/parallels/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/parallels/.ssh/id_ed25519 debug3: no such identity: /home/parallels/.ssh/id_ed25519: No such file or directory debug1: Trying private key: /home/parallels/.ssh/id_xmss debug3: no such identity: /home/parallels/.ssh/id_xmss: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug3: send packet: type 50 debug2: we sent a keyboard-interactive packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password root@unraid's password: Quote Link to comment
ThatDude Posted April 30, 2022 Author Share Posted April 30, 2022 (edited) To answer my own question ....SSHD uses this file to check SSH keys: /etc/ssh/root.pubkeys Don't use ssh-copy-id as it copies the keys to /root/.ssh/authorized_keys which (on my unraid server v6.10.0-rc5) is ignored by SSHD. I'm assuming that you need to manually add keys to /boot/config/ssh/root.pubkeys to have them survive the array stopping and starting. Edited April 30, 2022 by ThatDude Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.