Join Log in
Score:0
avatar Server

Linux server ssh keeps asking for password, what is the correct setup, what is missing?

cn flag
Amir Dora.

I am trying to connect to ssh2 server. I am able to connect via password, but I needed to setup ssh, so i created the ssh-keygen locally and copied it to server using command ssh-copy-id root@IP_ADDRESS, and double checked, its saved in folder ~/.ssh/authorized_keys.

I changed home and .ssh and authorized key permissions but nothing seems to help and server keeps asking for password.

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Also I have looked in /etc/ssh/sshd_config to make sure everything is ok. Following are configurations

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

I also restarted ssh-service everytime I made some change sudo systemctl restart ssh.service. This is getting really frustrating now. A simple setup is not working and taking me hours.

Root folder permissions

drwx------  12 root root    20480 Apr  7 00:52 root

.ssh folder permissions

drwx------   2 root root  4096 Apr  7 00:32 .ssh

authorized_keys permissions

-rw------- 1 root root 563 Apr  7 00:07 .ssh/authorized_keys

Log using ssh -vv

OpenSSH_8.9p1, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /home/ad/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname **********:2e0c::2 is address
debug1: Connecting to **********:2e0c::2 [**********:2e0c::2] port 22.
debug1: Connection established.
debug1: identity file /home/ad/.ssh/id_rsa type 0
debug1: identity file /home/ad/.ssh/id_rsa-cert type -1
debug1: identity file /home/ad/.ssh/id_ecdsa type -1
debug1: identity file /home/ad/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ad/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ad/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ad/.ssh/id_ed25519 type -1
debug1: identity file /home/ad/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ad/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ad/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ad/.ssh/id_xmss type -1
debug1: identity file /home/ad/.ssh/id_xmss-cert type -1
debug1: identity file /home/ad/.ssh/id_dsa type -1
debug1: identity file /home/ad/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u7
debug1: compat_banner: match: OpenSSH_6.7p1 Debian-5+deb8u7 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to **********::2:22 as 'user'
debug1: load_hostkeys: fopen /home/ad/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:**********/***joHf2Me+/8X6H3WnPXZLQR1fE1s6Q
debug1: load_hostkeys: fopen /home/ad/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '**********::2' is known and matches the ED25519 host key.
debug1: Found key in /home/ad/.ssh/known_hosts:10
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/ad/.ssh/id_rsa RSA SHA256:*********/7Dd/3o******DYua3nreWs
debug1: Will attempt key: /home/ad/.ssh/id_ecdsa 
debug1: Will attempt key: /home/ad/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/ad/.ssh/id_ed25519 
debug1: Will attempt key: /home/ad/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/ad/.ssh/id_xmss 
debug1: Will attempt key: /home/ad/.ssh/id_dsa 
debug2: pubkey_prepare: done
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ad/.ssh/id_rsa RSA SHA256:*********/7Dd/3o******DYua3nreWs
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/ad/.ssh/id_ecdsa
debug1: Trying private key: /home/ad/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/ad/.ssh/id_ed25519
debug1: Trying private key: /home/ad/.ssh/id_ed25519_sk
debug1: Trying private key: /home/ad/.ssh/id_xmss
debug1: Trying private key: /home/ad/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
23
0 + 0
ssh
vidarlo avatar
ar flag
vidarlo
What is the ssh versions on the two sides?
1
Reply
cn flag
Amir Dora.
OpenSSH_6.7p1 Debian-5+deb8u7, OpenSSL 1.0.2l 25 May 2017 on server and locally OpenSSH_8.9p1, OpenSSL 1.1.1m 14 Dec 2021.
0
Reply
cn flag
Amir Dora.
Edited my comment, listed both versions. The server is using an old version. Since it's a client's server. Is it safe to upgrade? Could this be the cause of error?
0
Reply
vidarlo avatar
ar flag
vidarlo
It's new enough that it should support RSA, but you should upgrade anyway. Openssl 1.0 is *ancient*. In addition, best practice is to never use the root user, but rather rely on sudo or escalating privileges after logging in.
0
Reply
cn flag
Amir Dora.
sure I will do that. Is there anything else you think is not setup correctly for ssh ?
0
Reply
djdomi avatar
za flag
djdomi
upgrade first then consider again to ask. what that box, debian 3?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.