| View previous topic :: View next topic |
| Author |
Message |
alienjon
Veteran
Joined: 09 Feb 2005
Posts: 1713
|
 Posted: Sun Oct 27, 2024 3:12 am Post subject: Key pair auth issue with Windows 11 |
 |
|
I have both a desktop (192.168.1.139) and laptop (192.168.1.13) trying to connect to server (192.168.1.4). I've tried a few methods and seem to get the same results. For the sake of consistency I'll use putty for the example. I use putty's key-gen to create an ecdsa pub/priv keypair. I copy the pub into authorized_keys and set the private key to load when loading putty. I've done this for both the desktop and laptop (laptop first and desktop second). I find that using this method I can login just fine on the laptop (which I setup first) but it fails with the desktop (which I setup second) and requires a username/password to be set explicitly. Now, I had cleared the authorized_keys file and redid all this in the manner described, but previously I had done it in reverse (desktop setup first and laptop second) and in that scenario the desktop loaded fine, but the laptop required the username/password.
My /var/messages mentions:
| Code: | Oct 26 23:02:26 devolved sshd[14067]: debug2: server_accept_loop: child 7668 for connection from 192.168.1.4 to 192.168.1.139 received config
Oct 26 23:02:26 devolved sshd-session[7668]: Connection from 192.168.1.139 port 54442 on 192.168.1.4 port 22 rdomain ""
Oct 26 23:02:26 devolved sshd-session[7668]: debug1: PAM: setting PAM_RHOST to "192.168.1.139"
Oct 26 23:02:26 devolved sshd-session[7668]: Failed publickey for alienjon from 192.168.1.139 port 54442 ssh2: ECDSA SHA256:K5a8kNpYgcX/lnn3IhvILjwv0sYfb4LMDshFfowUzO8
Oct 26 23:02:26 devolved sshd-session[7668]: Postponed keyboard-interactive for alienjon from 192.168.1.139 port 54442 ssh2 [preauth]
Oct 26 23:02:29 devolved sshd-session[7668]: Connection closed by authenticating user alienjon 192.168.1.139 port 54442 [preauth]
Oct 26 23:02:29 devolved sshd[14067]: debug1: child_reap: preauth child 7668 for connection from 192.168.1.4 to 192.168.1.139 exited after unsuccessful auth attempt
Oct 26 23:02:29 devolved sshd[14067]: srclimit_penalise: ipv4: new 192.168.1.139/32 deferred penalty of 5 seconds for penalty: failed authentication
Oct 26 23:02:45 devolved sshd[14067]: debug2: server_accept_loop: child 7814 for connection from 192.168.1.4 to 192.168.1.139 received config
Oct 26 23:02:45 devolved sshd-session[7814]: Connection from 192.168.1.139 port 54452 on 192.168.1.4 port 22 rdomain ""
Oct 26 23:02:45 devolved sshd-session[7814]: debug1: PAM: setting PAM_RHOST to "192.168.1.139"
Oct 26 23:02:45 devolved sshd-session[7814]: Failed publickey for alienjon from 192.168.1.139 port 54452 ssh2: ECDSA SHA256:K5a8kNpYgcX/lnn3IhvILjwv0sYfb4LMDshFfowUzO8
Oct 26 23:02:45 devolved sshd-session[7814]: Postponed keyboard-interactive for alienjon from 192.168.1.139 port 54452 ssh2 [preauth]
Oct 26 23:02:48 devolved sshd-session[7814]: Connection closed by authenticating user alienjon 192.168.1.139 port 54452 [preauth]
Oct 26 23:02:48 devolved sshd[14067]: debug1: child_reap: preauth child 7814 for connection from 192.168.1.4 to 192.168.1.139 exited after unsuccessful auth attempt
Oct 26 23:02:48 devolved sshd[14067]: srclimit_penalise: ipv4: new 192.168.1.139/32 deferred penalty of 5 seconds for penalty: failed authentication
Oct 26 23:03:01 devolved sshd[14067]: debug2: server_accept_loop: child 7940 for connection from 192.168.1.4 to 192.168.1.139 received config
Oct 26 23:03:01 devolved sshd-session[7940]: Connection from 192.168.1.139 port 54462 on 192.168.1.4 port 22 rdomain ""
Oct 26 23:03:03 devolved sshd-session[7940]: debug1: PAM: setting PAM_RHOST to "192.168.1.139"
Oct 26 23:03:03 devolved sshd-session[7940]: Postponed keyboard-interactive for alienjon from 192.168.1.139 port 54462 ssh2 [preauth]
Oct 26 23:03:05 devolved sshd-session[7940]: Postponed keyboard-interactive/pam for alienjon from 192.168.1.139 port 54462 ssh2 [preauth]
Oct 26 23:03:05 devolved sshd-session[7940]: Accepted keyboard-interactive/pam for alienjon from 192.168.1.139 port 54462 ssh2
Oct 26 23:03:05 devolved sshd[14067]: debug2: server_accept_loop: child 7940 for connection from 192.168.1.4 to 192.168.1.139 auth done
Oct 26 23:03:05 devolved sshd-session[7957]: Starting session: shell on pts/0 for alienjon from 192.168.1.139 port 54462 id 0
Oct 26 23:06:50 devolved sshd-session[7957]: Close session: user alienjon from 192.168.1.139 port 54462 id 0
Oct 26 23:06:50 devolved sshd-session[7957]: Received disconnect from 192.168.1.139 port 54462:11: disconnected by user
Oct 26 23:06:50 devolved sshd-session[7957]: Disconnected from user alienjon 192.168.1.139 port 54462
Oct 26 23:06:52 devolved sshd[14067]: debug2: server_accept_loop: child 9555 for connection from 192.168.1.4 to 192.168.1.139 received config
Oct 26 23:06:52 devolved sshd-session[9555]: Connection from 192.168.1.139 port 54665 on 192.168.1.4 port 22 rdomain ""
Oct 26 23:06:53 devolved sshd-session[9555]: debug1: PAM: setting PAM_RHOST to "192.168.1.139"
Oct 26 23:06:53 devolved sshd-session[9555]: Postponed keyboard-interactive for alienjon from 192.168.1.139 port 54665 ssh2 [preauth]
Oct 26 23:06:54 devolved sshd-session[9555]: Postponed keyboard-interactive/pam for alienjon from 192.168.1.139 port 54665 ssh2 [preauth]
Oct 26 23:06:54 devolved sshd-session[9555]: Accepted keyboard-interactive/pam for alienjon from 192.168.1.139 port 54665 ssh2
Oct 26 23:06:54 devolved sshd[14067]: debug2: server_accept_loop: child 9555 for connection from 192.168.1.4 to 192.168.1.139 auth done
Oct 26 23:06:54 devolved sshd-session[9572]: Starting session: shell on pts/0 for alienjon from 192.168.1.139 port 54665 id 0 |
I would prefer to disable password authentication completely on the server, but need to be able to have control over which devices have access through the keypairs and this isn't working. Any thoughts what may be causing the issue? Why would it only work for one of the two devices (and the first one setup, at that). |
|
| Back to top |
|
 |
alienjon
Veteran
Joined: 09 Feb 2005
Posts: 1713
|
| Posted: Sun Oct 27, 2024 3:31 am Post subject: |
|
|
So... progress. I had been looking at debug on the server side, but not the client side. When running ssh {host} -vv I noticed:
| Code: | debug1: Trying private key: C:\\Users\\Jon/.ssh/id_rsa
debug1: Trying private key: C:\\Users\\Jon/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\Jon/.ssh/id_ecdsa_sk
debug1: Trying private key: C:\\Users\\Jon/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\Jon/.ssh/id_ed25519_sk
debug1: Trying private key: C:\\Users\\Jon/.ssh/id_xmss
debug1: Trying private key: C:\\Users\\Jon/.ssh/id_dsa |
I had a custom name for the private key, but changed it to the name matching the protocol I'm using and voila. It seems to work now. I didn't see it stated that the private key HAD to match this name, but that appears to be the case. Can someone confirm? Might I be missing something else here? |
|
| Back to top |
|
|
Banana
Moderator
Joined: 21 May 2004
Posts: 1703
Location: Germany
|
| Posted: Sun Oct 27, 2024 8:15 am Post subject: |
|
|
You can name your key what every you want. If so, you need to specify the file everytime you want to use it. If you do not specify the file the defaults will be used.
| Quote: | | a key is named with an "id_" prefix, followed by the key type ("rsa", "dsa", "ed25519"), and the public key also has a ".pub" suffix |
_________________
Forum Guidelines
PFL - Portage file list - find which package a file or command belongs to.
My delta-labs.org snippets do expire |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
