0

I was getting prompted to enter my password instead of authenticating with my SSH key. I thought if I deleted everything in ~/.ssh I would be able to generate a new key from my laptop, manually copy the public key, and use my SFTP client (Transmit) to add to authorized_keys on my server. Unfortunately, that did not work. I'm able to r+w in ~/.ssh, but I'm not able to edit /etc/ssh/sshd_config to enable PasswordAuthentication, through the SFTP client. I tried attaching the server (named "ubuntu") to a display that outputs:

Ubuntu 23.04 ubuntu ttyl ubuntu login:

It outputs incorrectly on everything I've tried. Is this something that can be fixed? Any suggestions would be greatly appreciated.

Link to: /var/log/auth.log https://drive.google.com/file/d/14adetEqSXUmM9-eh5ZSrvQvgP6n3ESYA

Here's the output of ➜ ssh -vvv -i id_rsa caleb@192.168.1.19 https://drive.google.com/file/d/1Ue1RS0_5JQl6_lnE65mpuscqxWfej16e

chrishall in ~/.ssh via ⬢ v19.8.1
➜ ssh -o "IdentitiesOnly=yes" -i id_ed25519 caleb@192.168.1.19
caleb@192.168.1.19: Permission denied (publickey).

chrishall in ~/.ssh via ⬢ v19.8.1
➜ ssh -o "IdentitiesOnly=yes" -i id_rsa caleb@192.168.1.19
caleb@192.168.1.19: Permission denied (publickey).


chrishall in ~/.ssh via ⬢ v19.8.1
➜ ssh -v id_ed25519 caleb@192.168.1.19
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to id_ed25519 port 22.
ssh: Could not resolve hostname id_ed25519: nodename nor servname provided, or not known


chrishall in ~/.ssh via ⬢ v19.8.1
➜ ssh -v id_rsa caleb@192.168.1.19
OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include 
/etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to id_rsa port 22.
ssh: Could not resolve hostname id_rsa: nodename nor servname provided, or not known
Chris
  • 11
  • 1
  • 4
  • If you can r+w in ~/.ssh, can't you just create a new ~/.ssh/authorized_keys file containing the new public key? why do you need to edit /etc/ssh/sshd_config? – steeldriver Aug 08 '23 at 19:10
  • I did but the server doesn't seem to recognize the change. Since I'm not able to use terminal, I'm not able to sudo systemctl restart ssh. I tried to restart the server at no result. – Chris Aug 08 '23 at 19:21
  • 3
    The new key should be recognized without restarting the server - the usual "gotcha" is overly permissive permissions on the file and/or ~/.ssh directory - at a minimum, they must not be writable by anyone other than the owner (I suggest 600 and 700 respectively) – steeldriver Aug 08 '23 at 19:31
  • Those are the permissions on both my local computer and server. I tried adding another key, but both are still being denied because of the /etc/ssh/sshd_config file on my server. I added a few commands above that might help. – Chris Aug 08 '23 at 20:20
  • Read man ssh. It will explain the required permission for ~/.ssh/, and will explain what you lost when you "deleted everything in ~/.ssh". I think you've lost all ssh, sftp access to this system, for this userid. Can you connect a USB (or not) keyboard and mouse (along with your display). Use a powered USB Hub. Login, fix the permission on ~/.ssh/, run ssh-keygen, and fix the errors. Read man ssh-keygen. For next time, read man ssh-copy-id. For completeness, read man -k ssh. – waltinator Aug 08 '23 at 23:53
  • Can you login to the server directly? If so, you should be able to edit /etc/ssh/sshd_config and set PasswordAuthentication yes. That way, you can at least login with a password. Are you appending your public key to ~/.ssh/authorized_keys on server? Next, I think @steeldriver is correct about incorrect permissions. On server...~/.ssh/ should be 700 & ~/.ssh/authorized_keys should be 600. On local, ~/.ssh/ should be 700 & your private key should be 600. Next, ensure ~/.ssh/ & ~/.ssh/authorized_keys on server are owned by user you're logging in with. – mpboden Aug 09 '23 at 01:25
  • @mpboden When I connect a display, keyboard, and mouse to try and connect directly, the prompt says Ubuntu 23.04 ubuntu ttyl ubuntu login: and outputs Login incorrect for any username I enter. ~/.ssh/ is 700, ~/.ssh/authorized_keys and private keys are 600, public keys are 644 on local and server owned by my username. Any idea why it's rejecting my username when I'm connected directly? – Chris Aug 09 '23 at 16:08
  • I’d start here: How do I reset a lost administrative password? – mpboden Aug 09 '23 at 17:16
  • 1
    That gave me the idea to boot to recovery mode, enter root shell, and from there, I was able to edit the sshd_config file. Thanks for everyone's help! – Chris Aug 09 '23 at 17:35

0 Answers0