Score:0

ssh asks for a password even though the key is copied

lk flag

I copied the key to the server, but ssh still asks for the password

ssh-keygen
ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/sp595/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

maybe this will help:

1.I have another server with which access by the same key works

2.I used to have such access, but at some point it stopped (I didn't change anything). After that, I decided to delete the .ssh folder and create the directory and files again.

Here are the logs:

OpenSSH_9.3p1, OpenSSL 3.0.8 7 Feb 2023
debug1: Reading configuration data /home/sp595/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.60 [192.168.1.60] port 22.
debug1: Connection established.
debug1: identity file /home/sp595/.ssh/id_rsa type 0
debug1: identity file /home/sp595/.ssh/id_rsa-cert type -1
debug1: identity file /home/sp595/.ssh/id_ecdsa type -1
debug1: identity file /home/sp595/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/sp595/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/sp595/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/sp595/.ssh/id_ed25519 type -1
debug1: identity file /home/sp595/.ssh/id_ed25519-cert type -1
debug1: identity file /home/sp595/.ssh/id_ed25519_sk type -1
debug1: identity file /home/sp595/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/sp595/.ssh/id_xmss type -1
debug1: identity file /home/sp595/.ssh/id_xmss-cert type -1
debug1: identity file /home/sp595/.ssh/id_dsa type -1
debug1: identity file /home/sp595/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5+deb11u1
debug1: compat_banner: match: OpenSSH_8.4p1 Debian-5+deb11u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.60:22 as 'root'
debug1: load_hostkeys: fopen /home/sp595/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:O7LAk4O8AalrA7uXJxKdRbraxESmBUYmrojZ+33DsLw
debug1: load_hostkeys: fopen /home/sp595/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.1.60' is known and matches the ED25519 host key.
debug1: Found key in /home/sp595/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/sp595/.ssh/id_rsa RSA SHA256:o0Hr2pPlpAOjgzOoqwG1Xyi70rwFxiBb76rk84kcuug
debug1: Will attempt key: /home/sp595/.ssh/id_ecdsa 
debug1: Will attempt key: /home/sp595/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/sp595/.ssh/id_ed25519 
debug1: Will attempt key: /home/sp595/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/sp595/.ssh/id_xmss 
debug1: Will attempt key: /home/sp595/.ssh/id_dsa 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/sp595/.ssh/id_rsa RSA SHA256:o0Hr2pPlpAOjgzOoqwG1Xyi70rwFxiBb76rk84kcuug
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/sp595/.ssh/id_ecdsa
debug1: Trying private key: /home/sp595/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/sp595/.ssh/id_ed25519
debug1: Trying private key: /home/sp595/.ssh/id_ed25519_sk
debug1: Trying private key: /home/sp595/.ssh/id_xmss
debug1: Trying private key: /home/sp595/.ssh/id_dsa
debug1: Next authentication method: password
Gilles Quenot avatar
cn flag
Add which steps you had done before, like `eval $(ssh-agent)` and `ssh-add`
suprovsky avatar
hu flag
Check if the target machine has file ~/.ssh/authorized_keys and it contains your public key. If not, look at the SSH server log, because that's what's missing in this question.
SP595 avatar
lk flag
@RadosławSerba Yes there is a file on the server and it contains the value of my key
SP595 avatar
lk flag
@GillesQuénot updated the question
suprovsky avatar
hu flag
Provide authentication logs, that should be better to review. Depending on distro it will be `/var/log/auth.log` or `/var/log/secure`.
Gilles Quenot avatar
cn flag
Where is the mandatory `ssh-add` command??? What is the output of `echo ${!SSH*}` ?
SP595 avatar
lk flag
@GillesQuénot why do we need this command? I've always been able to do it without her. How should I prescribe it then? echo ${!SSH*} output: zsh: event not found: SSH
Gilles Quenot avatar
cn flag
Try using `bash` the command `echo ${!SSH*} `
SP595 avatar
lk flag
@GillesQuénot this command outputs a void if I run it in bash
Gilles Quenot avatar
cn flag
So you don't have executed `eval $(ssh-agent)`... `->[read again my answer]`
SP595 avatar
lk flag
@GillesQuénot I noticed an interesting feature. when I ran eval$(ssh-agent) via zsh in bash when running echo${!SSH*} it didn't give anything, but when I entered eval$(ssh-agent) in bash it output: SSH_AGENT_PID SSH_AUTH_SOCK
in flag
Please provide the relevant lines from your sshd server logs from these login attempts.
in flag
And just for completeness please also show the output of `namei -l /root/.ssh/authorized_keys` from the server.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.