LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   I can't SSH without a password (https://www.linuxquestions.org/questions/linux-software-2/i-cant-ssh-without-a-password-4175702551/)

lucmove 10-24-2021 03:27 PM
I can't SSH without a password
 
I followed this procedure:

Code:
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ~/.ssh/sshkey

(blah blah blah done)

Code:
# ssh-copy-id -i ~/.ssh/sshkey.pub -p 22 root@192.168.1.6
(it requests the target machine's ssh password. I type it. Done)
(I checks the /root/.ssh/authorized_keys file in the target mmachine. The new key is there. I know because this file was empty until one minute ago.)

I restart sshd on the target machine. I try to login from the client machine. It still wants the password.

I google. I find some suggestions. I add 'PubkeyAcceptedKeyTypes=+ssh-dss' to several files:

client machine:
/etc/ssh/ssh_config
/etc/ssh/sshd_config
~/.ssh/config

target machine:
/etc/ssh/ssh_config
/etc/ssh/sshd_config

I restart sshd on the target machine. I try to login from the client machine. It still wants the password.

What am I doing wrong, or what have the OpenSSH people disabled or made secret this time?

rkelsen 10-24-2021 03:33 PM
I can't SSH without a password
 
Have you tried doing it as a user other than root?

lucmove 10-24-2021 04:00 PM
I just tried, it works as a lesser user. It takes a long time, it hangs for almost one minute, but it works.

How do I enable it for root too?

HappyTux 10-24-2021 04:08 PM
Quote:
Originally Posted by rkelsen (Post 6295304)
Have you tried doing it as a user other than root?
Indeed root login is disabled by default. On my Raspi I have it set to the second method in the link below so I can back it up with rsync over the network as I use the passwordless key like the OP attempts.

https://www.liquidweb.com/kb/enable-root-login-via-ssh/

rkelsen 10-24-2021 04:18 PM
Quote:
Originally Posted by lucmove (Post 6295310)
I just tried, it works as a lesser user. It takes a long time, it hangs for almost one minute, but it works.

How do I enable it for root too?
Dunno, and I can't be bothered fighting it. I just use SSH to log in as a user and then "su" to root whenever it's needed.

I'd say there are probably very good reasons for this.

michaelk 10-24-2021 04:26 PM
Code:
client machine:
/etc/ssh/ssh_config
/etc/ssh/sshd_config
~/.ssh/config
What is in your config file?

Keys are on a per user basis. The user on the client must have the private keys owned by them with 600 permissions.

While the ssh client will automatically check for keys with default names i.e. id_rsa otherwise you need to specify the key name on the command line or in the ssh config file.

if ssh-copy-id worked as root@@192.168.1.6 then PermitRootLogin is set to yes. Most distributions do disable root login by default or use prohibit-password but some do not. The default is yes.

Use ssh -v or multiple -vvv option to see why the key is not being accepted.

What version of ssh is running on the client as compared to the server?

lucmove 10-24-2021 04:29 PM
Quote:
Originally Posted by HappyTux (Post 6295312)
Indeed root login is disabled by default. On my Raspi I have it set to the second method in the link below so I can back it up with rsync over the network as I use the passwordless key like the OP attempts.

https://www.liquidweb.com/kb/enable-root-login-via-ssh/
That option enables login as root on the server, with the server's root account. I can do that. What I can't do is login using the root account on the client machine. This is something new because I know I used to be able to do it until a few years ago.

lucmove 10-24-2021 04:40 PM
Quote:
Originally Posted by michaelk (Post 6295319)
Use ssh -v or multiple -vvv option to see why the key is not being accepted.
First, the error was "not in PubkeyAcceptedKeyTypes."

Now, the error seems to be "no such identity." But I'm not sure.

Code:
debug1: Reading configuration data /root/.ssh/config

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug2: resolving "192.168.1.6" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to 192.168.1.6 [192.168.1.6] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug1: identity file /root/.ssh/id_rsa type 1

debug1: key_load_public: No such file or directory

debug1: identity file /root/.ssh/id_rsa-cert type -1

debug1: identity file /root/.ssh/id_dsa type 2

debug1: key_load_public: No such file or directory

debug1: identity file /root/.ssh/id_dsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /root/.ssh/id_ecdsa type -1

debug1: key_load_public: No such file or directory

debug1: identity file /root/.ssh/id_ecdsa-cert type -1

debug1: key_load_public: No such file or directory

debug1: identity file /root/.ssh/id_ed25519 type -1

debug1: key_load_public: No such file or directory

debug1: identity file /root/.ssh/id_ed25519-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u7

debug1: match: OpenSSH_7.4p1 Debian-10+deb9u7 pat OpenSSH* compat 0x04000000

debug2: fd 3 setting O_NONBLOCK

debug1: Authenticating to 192.168.1.6:22 as 'root'

debug3: put_host_port: [192.168.1.6]:22

debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:56

debug3: load_hostkeys: loaded 1 keys from [192.168.1.6]:22

debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug2: local client KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c

debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@openssh.com,zlib

debug2: compression stoc: none,zlib@openssh.com,zlib

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug2: peer server KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1

debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@openssh.com

debug2: compression stoc: none,zlib@openssh.com

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug3: send packet: type 30

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:antK6I0zStMIUh3g6hj+/q9WNB+aUIN9EcDDtEU/mfY

debug3: put_host_port: [192.168.1.6]:22

debug3: put_host_port: [192.168.1.6]:22

debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:56

debug3: load_hostkeys: loaded 1 keys from [192.168.1.6]:22

debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:56

debug3: load_hostkeys: loaded 1 keys from [192.168.1.6]:22

debug1: Host '[192.168.1.6]:22' is known and matches the ECDSA host key.

debug1: Found key in /root/.ssh/known_hosts:56

debug3: send packet: type 21

debug2: set_newkeys: mode 1

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: set_newkeys: mode 0

debug1: rekey after 134217728 blocks

debug2: key: /root/.ssh/id_rsa (0x55e8b82ea0e0)

debug2: key: /root/.ssh/id_dsa (0x55e8b82f6cb0)

debug2: key: /root/.ssh/id_ecdsa ((nil))

debug2: key: /root/.ssh/id_ed25519 ((nil))

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password

debug3: start over, passed a different list publickey,password

debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering RSA public key: /root/.ssh/id_rsa

debug3: send_pubkey_test

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password

debug1: Offering DSA public key: /root/.ssh/id_dsa

debug3: send_pubkey_test

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password

debug1: Trying private key: /root/.ssh/id_ecdsa

debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory

debug1: Trying private key: /root/.ssh/id_ed25519

debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

root@192.168.1.6's password:

michaelk 10-24-2021 04:49 PM
Quote:
Enter file in which to save the key (/root/.ssh/id_rsa): ~/.ssh/sshkey

debug1: Offering DSA public key: /root/.ssh/id_dsa
What keys are currently in your /root/.ssh directory. Did you really create the key with the name sshkey? Try:

ssh -i ~/.ssh/sshkey root@192.168.1.6

descendant_command 10-24-2021 04:52 PM
Quote:
Originally Posted by lucmove (Post 6295320)
~/.ssh/sshkey
You haven't specified to use this key.

lucmove 10-24-2021 04:53 PM
Eh. It's working now.

Instead of

Code:
# ssh-copy-id -i ~/.ssh/sshkey.pub etc...
I did

Code:
# ssh-copy-id -i ~/.ssh/id_rsa.pub etc...
Now it works. It's very slow. It hangs for a long time then I'm in. That is annoying. Is there a log file to troubleshoot that?

HappyTux 10-24-2021 05:01 PM
Quote:
Originally Posted by lucmove (Post 6295320)
That option enables login as root on the server, with the server's root account. I can do that. What I can't do is login using the root account on the client machine. This is something new because I know I used to be able to do it until a few years ago.
That sounds like you have not copied the secret key that matches the public key to your root/.ssh directory on the client. This is how mine is setup both keys match in the normal user directory and in the root directory. In fact I only use the single key for all my machines this solves the problem of different keys on different users and machines. It is the only way my backup works as I need to be root on my backup machine to keep the proper permissions in place when doing it.

Edit: I turned on the spare machine to show you, try adding -vvvv to the command to see where it fails.

Code:
zeus@zeus-H370M:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABI snip... /n+SnilLkQhesWU9Bdn5p7Cc2yfim3ESgRAcYT0pnsVoC/E5/W+SmyI2iYOa/fRFcnccfx4KiTLjZJWtB2dE+lyuHVq7mDiajSdnxu5aVkAxEIf2eoyByQJ4KN92Wj5z2litwJtBwx1w9ozsRc8UyK5CQGrmjarOOTbDynpQmdi/vwuu6Byd3SGWUxneXS/AQ==
zeus@zeus-H370M:~$ su
Password:
root@zeus-H370M:/home/zeus# cd
root@zeus-H370M:~# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABI snip... /n+SnilLkQhesWU9Bdn5p7Cc2yfim3ESgRAcYT0pnsVoC/E5/W+SmyI2iYOa/fRFcnccfx4KiTLjZJWtB2dE+lyuHVq7mDiajSdnxu5aVkAxEIf2eoyByQJ4KN92Wj5z2litwJtBwx1w9ozsRc8UyK5CQGrmjarOOTbDynpQmdi/vwuu6Byd3SGWUxneXS/AQ==
root@zeus-H370M:~# ssh -vvvv root@192.168.0.116
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.116 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.116 [192.168.0.116] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5
debug1: match: OpenSSH_8.4p1 Debian-5 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.116:22 as 'root'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys from 192.168.0.116
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Ysh7EUKI20aZBbVEx5aw57xHRaZT6LiwES/3fHhoJHE
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys from 192.168.0.116
debug1: Host '192.168.0.116' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:11
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:xzRc7+XXD2RSxs8LLT5molg2EZ9E6vOaq0efPd1Ix8Q
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:xzRc7+XXD2RSxs8LLT5molg2EZ9E6vOaq0efPd1Ix8Q
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /root/.ssh/id_rsa RSA SHA256:xzRc7+XXD2RSxs8LLT5molg2EZ9E6vOaq0efPd1Ix8Q
debug3: sign_and_send_pubkey: RSA SHA256:xzRc7+XXD2RSxs8LLT5molg2EZ9E6vOaq0efPd1Ix8Q
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:xzRc7+XXD2RSxs8LLT5molg2EZ9E6vOaq0efPd1Ix8Q
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.0.116 ([192.168.0.116]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env SHELL
debug3: Ignored env HISTCONTROL
debug3: Ignored env HISTSIZE
debug3: Ignored env LANGUAGE
debug3: Ignored env PWD
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env MOTD_SHOWN
debug3: Ignored env HOME
debug1: Sending env LANG = en_CA.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env LS_COLORS
debug3: Ignored env PROMPT_COMMAND
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSCLOSE
debug3: Ignored env XDG_SESSION_CLASS
debug3: Ignored env TERM
debug3: Ignored env LESSOPEN
debug3: Ignored env USER
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env SSH_CLIENT
debug3: Ignored env PATH
debug3: Ignored env HISTFILESIZE
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env MAIL
debug3: Ignored env SSH_TTY
debug3: Ignored env OLDPWD
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Linux bullseye-raspi 5.10.0-9-arm64 #1 SMP Debian 5.10.70-1 (2021-09-30) aarch64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Aug 19 20:55:30 2021
root@bullseye-raspi:~#
Edit2: Almost forgot the machine logged into. All have the same keys.

Code:
root@bullseye-raspi:~# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABI snip... /n+SnilLkQhesWU9Bdn5p7Cc2yfim3ESgRAcYT0pnsVoC/E5/W+SmyI2iYOa/fRFcnccfx4KiTLjZJWtB2dE+lyuHVq7mDiajSdnxu5aVkAxEIf2eoyByQJ4KN92Wj5z2litwJtBwx1w9ozsRc8UyK5CQGrmjarOOTbDynpQmdi/vwuu6Byd3SGWUxneXS/AQ==

michaelk 10-24-2021 05:03 PM
Check your sshd_config file in the past having GSAPPIAutentication yes will slow down logins. Try commenting or setting

GSSAPIAuthentication no

or maybe check

UseDNS no

lucmove 10-24-2021 06:21 PM
And suddenly it's not slow anymore. Login is instant as expected. Shrug.

Anyway, it seems to me that the actual problem was that I generated a key and saved it to a file named sshkey, and it seems that OpenSSH absolutely expects it to be id_rsa. That's what broke everything. I thought that the ssh-copy-id command would be enough to send the key to the remote authorized_keys file and everything would fall into place. That was my mistake.

I'm closing this issue. Many thanks to all. I certainly appreciate the attention.

SOLVED.

michaelk 10-24-2021 06:36 PM
As a FYI If I use different key names I add them to my ~/.ssh/config file per host.

Code:
host name
    hostname the_server_hostname or IP_address
    user username
    port xx (if not using 22)
    IdentityFile ~/.ssh/my_rsa
Then all you need to do is

ssh name


All times are GMT -5. The time now is 07:00 PM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page