0

The last day or so, I've been trying to figure out how to setup SSH on my Slackware box with public/private keys.

Somethings still confuses me:

  • In the sshd_config file, should I use a relative reference or an absolute reference when setting the path for the AuthorizedKeysFile directive? I've read that it can be either or.

    Currently set to, AuthorizedKeysFile /root/.ssh/authorized_keys

  • I'm pretty sure that when generating a key through ssh-keygen it should be generated on the client machine and the public key should be copied to the server and added into the authorized_keys file. Is this correct?

  • I'm pretty sure that the permissions to the .ssh directory and authorized_keys file are correct.

    drw------- .ssh
    drwx--x--- authorized_keys
    -rw----r-- known_hosts

  • I've done a ps -e aux | grep sshd to see what user was running the sshd process. Here are the results: moros is a standard user account that i'm using to log into my box.

    root 5449 0.0 0.0 4112 0980 ? Ss 01:06 0:00 /usr/sbin/sshd
    root 5574 0.0 0.1 6700 2020 ? Ss 15:22 0:00 sshd: moros [priv]
    root 5576 0.0 0.0 6700 1272 ? S 15:22 0:00 sshd: moros@pts/0
    root 5609 0.0 0.0 2204 0628 pts/0 S+ 15:42 0:00 grep sshd

  • Here's what part of my sshd_config looks like

    Port 22
    Protocol 2

    SyslogFacility AUTH
    LogLevel VERBOSE

    PermitRootLogin yes
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile /root/.ssh/authorized_keys

    PasswordAuthentication yes
    PermitEmptyPasswords no

    The rest of it is standard default values.

Anyway, there are a few things that I've been able to determine so far. I know that ssh is working because I can login from a client machine with a password for a valid user on the slackware machine. I've generated a ssh-keygen rsa style and copied the pub key to the server using scp. At the moment, I'm pretty sure that the authorized_keys is setup correctly. I did a cat file >> authroized_keys and added the pub key that I copied to the server. The file has the form of ssh-rsa AAAAB3Nza..... for each line. I turned on VERBOSE logging to get as much information as possible. Last night, I saw in the log, "Failed publickey for moros from 'ip' port 'num' ssh2.

With that log message, I'm boiling the cause of the issue down to one of two things. Either sshd can not find my authorized_keys file and thus the reason for the failure of the key or that the permissions to either the .ssh folder or the authorized keys file are incorrect.

Has anyone run into similar problems with ssh keys and slackware in the past?

UPDATE

As it turns out, the AuthorizedKeysFile directive should state, .ssh/authorized_keys.
This now works when i login as some other than root.

1 Answers1

0

With AuthorizedKeysFile /root/.ssh/authorized_keys, you are telling sshd to go look for the key in /root/.ssh/authorized_keys for whomever is trying to connect. That can't work for anyone else than root. You should stick to the default of ~/.ssh/authorized_keys

The key pair can be generated anywhere. Simply, the public key should be present on the server to which you want to connect, and the private key on the client form which you are connecting.

The permissions are pretty messed up. They should look like:

drwx------- .ssh
-rw------- authorized_keys
-rw-r--r-- known_hosts

authorized_keys should be a file, not a directory.

Also, make sure the permission of the private key are be -rw-------.

damienfrancois
  • 52,978
  • 9
  • 96
  • 110
  • Should that be ~/.ssh/authorized_keys or .ssh/authorized_keys? Originally, the commented out directive had it as .ssh/authorized_keys. –  Nov 29 '13 at 22:28
  • From the manual, the default is ` ~/.ssh/authorized_keys`. – damienfrancois Nov 29 '13 at 22:29
  • I've updated my sshd_config file and set the AuthorizedKeysFile to ~/.ssh/authorized_keys. When i try to ssh as root from my mac, I'm able to get without being asked for the password. But when I try to log in as moros, it still asks me for a password. I've restarted sshd. I've copied the authorized_keys file from /root/.ssh/ to /home/moros/.ssh –  Nov 29 '13 at 22:56
  • the private key permission is -rw------- –  Nov 29 '13 at 22:57
  • authorized_keys in moros/.ssh is -rw------- and .ssh in moros is drwx------ –  Nov 29 '13 at 22:58
  • moros in home looks like this: drwx------ 4 moros users 4096 2013-11-29 16:26 moros/. This could have something to do with my issue. –  Nov 29 '13 at 23:01
  • on the server, start `sshd` in debug mode: `/usr/sbin/sshd -d -e -p 1234` and then try to connect from the client with `ssh -p 1234 ...`. What does it say? – damienfrancois Nov 29 '13 at 23:03
  • It keeps trying to access authroized keys file at /root/.ssh/authorized_keys –  Nov 29 '13 at 23:07
  • I updated the config file to use ~/.ssh/authorized_keys. sshd is running under root, when I did a ps -e aux | grep sshd. root /usr/sbin/sshd –  Nov 29 '13 at 23:10
  • Should /usr/sbin/sshd run under a different user? –  Nov 29 '13 at 23:10
  • Perhaps my user does not have the correct groups? –  Nov 29 '13 at 23:24
  • As a test, I created a new user, changed the authorized to point to my new user /theNewUser/.ssh/authorized_keys, then did /usr/sbin/sshd -d -e -p 1234. I tried the same experiment but with ~/.ssh/authorized_keys. The second experiment would always look at /root/.ssh/... Very wierd! –  Nov 29 '13 at 23:43
  • 1
    Thanks for the help damienfrancois, i was able to figure it out. It appears that in Slackware anyway, the authroizedKeysFile needs to be .ssh/authorized_keys not ~/.ssh/authorized_keys. That did the trick. –  Nov 30 '13 at 04:42
  • According to www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5 it states in the AuthorizedKeysFile that the default is either .ssh/authorized_keys or .ssh/authorized_keys2. I guess I should have looked there first. :) –  Nov 30 '13 at 18:11