Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

sshd ignores authorized_keys file since upgrading from 6.12.10

Featured Replies

I upgraded from 6.12.10 to 6.12.14 when it was released some time ago. For the first time since then, I'm trying to ssh into the box and can't authenticate using publickey method, which is the method that I have been using for years from multiple clients, and now it won't work from any client. It appears that sshd is ignoring my /root/.ssh/authorized_keys file. My keys are both present and correct in both /root/.ssh/authorized_keys and /boot/config/ssh/authorized_keys. The usual location for sshd auth.log does not appear to be present. Any ideas before I blow this system away and reinstall?

 

Permissions of my /root/.ssh/authorized_keys file:
 

root@box:~# ls -al /root/.ssh/authorized_keys
-rw------- 1 root root 332 Jan 26 09:38 /root/.ssh/authorized_keys

 

Permissions of my sshd_config file:
 

root@box:~# ls -al /etc/ssh/sshd_config
-rw------- 1 root root 1522 Feb  3 07:37 /etc/ssh/sshd_config

 

Contents of my /etc/ssh/sshd_config file, which are the same contents as my /boot/config/ssh/sshd_config file, note that I only have password as an AuthenticationMethods entry for troubleshooting, normally this is publickey only:

# Supported HostKey algorithms by order of preference.
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key

KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr

MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]

# Password based logins are disabled - only public key based logins are allowed.
AuthenticationMethods publickey password

# LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in.
LogLevel VERBOSE

# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
Subsystem sftp  /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO

# Root login is not allowed for auditing reasons. This is because it's difficult to track which process belongs to which root user:
#
# On Linux, user sessions are tracking using a kernel-side session id, however, this session id is not recorded by OpenSSH.
# Additionally, only tools such as systemd and auditd record the process session id.
# On other OSes, the user session id is not necessarily recorded at all kernel-side.
# Using regular users in combination with /bin/su or /usr/bin/sudo ensure a clear audit track.
PermitRootLogin Yes


 

  • Community Expert

It still works for me, I save the keys in the flash drive ssh folder, I believe it works as a symlink to /root/.ssh

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.