Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The authentication methodology used by ssh has always been very strange to me: it will "ratchet down" to the least secure form of authentication that you have allowed it to take – then accept that. You have to exclude "passwords" as an option if you intend to use certificates.
The authentication methodology used by ssh has always been very strange to me: it will "ratchet down" to the least secure form of authentication that you have allowed it to take – then accept that. You have to exclude "passwords" as an option if you intend to use certificates.
In Slackware you can use either certificates or passwords with the default config.
You can switch off password logins if you only want to use certificates, but you don't have to.
And suddenly it's not slow anymore. Login is instant as expected. Shrug.
Anyway, it seems to me that the actual problem was that I generated a key and saved it to a file named sshkey, and it seems that OpenSSH absolutely expects it to be id_rsa. That's what broke everything. I thought that the ssh-copy-id command would be enough to send the key to the remote authorized_keys file and everything would fall into place. That was my mistake.
I'm closing this issue. Many thanks to all. I certainly appreciate the attention.
SOLVED.
Good to read you got it going there is probably a config option to be passed on the command line that would allow the odd name, I know there is one for having a different directory for the config files I just go with the standard one as all I do is copy the files that already exist and usually only have to do a single deletion in the known hosts for a conflict there the first time used and everything then just works..
The authentication methodology used by ssh has always been very strange to me: it will "ratchet down" to the least secure form of authentication that you have allowed it to take – then accept that. You have to exclude "passwords" as an option if you intend to use certificates.
Really? That has never been my experience. Might be good to provide some more information. What sshd are you using and what sshd_config?
Or perhaps you have set PreferredAuthentications in you ssh client config?
From man 5 ssh_config (openssh 8.4)
Code:
PreferredAuthentications
Specifies the order in which the client should try authentication methods. This al‐
lows a client to prefer one method (e.g. keyboard-interactive) over another method
(e.g. password). The default is:
gssapi-with-mic,hostbased,publickey,
keyboard-interactive,password
You have to exclude "passwords" as an option if you intend to use certificates.
The original post is about keys, though, not certificates. All three, or any one or two, can be used if the server is set up to do so in /etc/ssh/sshd_config via the AuthenticationMethods directive. So the server can even be set to require both a key and a password, in either order.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.