Hi All

I have an archive server with multiple accounts already setup and sshkeys authentications is working fine with all these, the issue is with the new connections I am trying to setup

I have done the same as before, created a new user on the archive server with non encrypted home folder.

On Qnap logged in as admin and created ssh keys ssh-keygen -t rsa
Copied the data in to the new users .ssh folder cat /usr/src/id_rsa.pub >>/media/sdc/newuser/.ssh/authorised_keys
chmod 700 /media/sdc/newuser/.ssh/authorized_keys
chown newuser:newuser /media/sdc/newuser/.ssh/authorized_keys

When I try to login from the admin account on the nas drive to test it keeps asking for the password. I have checked /var/log/auth.log on the archive server and no errors are showing

Anyone got a clue where my issue could be

Thanks

Glenn

Are you certain you copied the key for the user you are trying to sign in as to the nas drive? It almost appears that you created keys for a user, copied it over, and then tried to sign in as a different user.

Thanks for the reply

I looked in to the qnap as the admin account and created the ssh keys. Copied the new account on the archive server (not called admin) and I try to login for the admin account as newuser@archive.mydomain.com where it asks for the password

In addition to checking the keys, also check the folder permissions INCLUDING THE USERS HOME FOLDER ITSELF. SSH is in part a security package and it will disable key authentication if it detects an unsupported permission in the user home, .ssh folder, or the files under that .ssh folder.

Thanks. I have double checked the permissions and all correct.

Really don't understand why it's not working when all the other do

ssh -v produced the following logs. I did login as the user with the password and did chmod 755 ~ logged out and in again but no difference

debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to archive.mydomain.com:22 as 'kdluser'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6jWlGXLw39LohwMyv27s1SGyl0obeK7qVK64Mk6l6kw
debug1: Host 'archive.vostel.co.uk' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
newuser@archive.mydomain.com's password:
debug1: Authentication succeeded (password)

Real quick, did you name the file .ssh/authorised_keys or .ssh/authorized_keys?

That's it as I had it down as authorised_keys. Could not see the wood for the tree

Thanks

That can be fixed on the other end too. See also the AuthorizedKeysFile directive for sshd_config.