-2

When I try to use ssh-copy-id -i /root/.ssh/id_ed25519 root@192.168.134.140, it always returns Permission denied, please try again

I know that ssh-copy-id is a script in which scp and ssh is used. And scp to something like root@192.168.134.140 will fail. It makes sense to me.

But, after I unlocked the root user following the answer in this post: How to enable root login?, still it fails. Why is that and how can fix that: All I want is to ssh as a root user to 192.168.134.140 without password.

Artur Meinild
  • 26,018
ZhaoGang
  • 111
  • 1
    Did you try with sudo? Else you will not have access into root homedir. – Artur Meinild Mar 22 '21 at 13:09
  • 1
    In order to use ssh-copy-id without an existing key on the server, you will need to authenticate via password - as well as enabling root login, that requires that the sshd configuration PermitRootLogin is set (at least temporarily) to allow password authentication for root. Did you do that? – steeldriver Mar 22 '21 at 13:17

2 Answers2

0

The link in your question points to enable Root login on your local machine. However, you might need to configure your openssh-server to allow Root logins.

But your primary issue is:

The file /root/.ssh/id_ed25519 is only accesible by root and that is why you get a Permission denied.

You could use

sudo ssh-copy-id -i /root/.ssh/id_ed25519 root@192.168.134.140`

However, you should not do that.
You don't need to use your local root to connect to a remote root user.

Either:

  • copy /root/.ssh/id_ed25519 to your normal user. 
    sudo cp -t ~/.ssh/ /root/.ssh/id_ed25519* && sudo chown $USER: ~/.ssh/id_ed25519*
  • or create a new key with ssh-keygen

And then use ssh-copy-id with the newly created or copied one (without sudo).

Anyways,

You should not enable and use root login via ssh. Rather connect with a "normal" user and use sudo to elevate priviliges. You can also enable passwordless sudo for that user if you want that convenience.

pLumo
  • 26,947
0

Make sure you have the right permissions for the ssh files.

  • .ssh folder: There should be read, write and execute privileges to the owner. So, we need to change the permission by chmod 700 ~/.ssh.

  • Public key: we need to have read and write permissions for the owner and read permissions for other groups. So, we need to change the permission by chmod 644 <your_public_key>.

  • Private key: we need to have read and write permissions for the owner and give no permissions to other groups. We need to change the permission by chmod 600 <your_private_key>.

Check if you have changed the PasswordAuthentication no in the /etc/ssh/sshd_config file. If you have regenerated the ssh-keys, then we need to change the PasswordAuthentication yes in the /etc/ssh/sshd_config file. After enabling password authentication in the file, we just have to restart the ssh service by sudo systemctl restart ssh. Then try to copy the public keys. After copying the ssh keys, we can change PasswordAuthentication no and restart the service.

You should not enable root user login as it creates a major security issue. If you really want to enable it, then set PermitRootLogin yes in the same file.

jackwin joseph
  • 1