| View previous topic :: View next topic |
| Author |
Message |
Marcofras
n00b
Joined: 29 May 2023
Posts: 39
|
 Posted: Fri Dec 13, 2024 2:22 pm Post subject: ssh Permission denied (publickey). |
 |
|
in a while ssh doesn' t works more in the directory .ssh there isn' t certificate and i cant create
| Code: |
m@localhost ~ $ ls .ssh/
known_hosts
m@localhost ~ $ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/m/.ssh/id_rsa): ~/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Saving key "~/.ssh/id_rsa" failed: No such file or directory
|
|
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22814
|
| Posted: Fri Dec 13, 2024 2:28 pm Post subject: |
|
|
| Your subject line is about the server refusing to let you in due to failed public key authentication. Your body is about failure to create an unusually named key file. Does your home directory contain a directory named ~, and within that, a directory named .ssh? What is the output of namei -l '~/.ssh/id_rsa'? Note the single quotes, since you need to inhibit tilde expansion to match what ssh seems to do. |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1330
Location: Richmond Hill, Canada
|
| Posted: Fri Dec 13, 2024 2:31 pm Post subject: |
|
|
| '~' as home directory is program specific. Most shell support this. However I think ssh-keygen in you case does not support. so it take the character '~' literally as a directory name. |
|
| Back to top |
|
|
Marcofras
n00b
Joined: 29 May 2023
Posts: 39
|
| Posted: Fri Dec 13, 2024 2:41 pm Post subject: |
|
|
| Code: |
m@localhost ~ $ namei -l '~/.ssh/id_rsa'
f: ~/.ssh/id_rsa
~ - No such file or directory
m@localhost ~ $ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/m/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/m/.ssh/id_rsa
Your public key has been saved in /home/m/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:RwPnEPcJXXtHU08XPZWxTulcKdKz/gOyV/x8gdie+WA m@localhost
The key's randomart image is:
+---[RSA 4096]----+
| +.+. ..+&|
| * oo. *O|
| +.o+.=*|
| . .. O.o|
| S . o.o+ |
| . o.+ + |
| +E=.o|
| ..=o.+|
| . .oo|
+----[SHA256]-----+
m@localhost ~ $ ls .ssh
id_rsa id_rsa.pub known_hosts
|
now create the certificate and now? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1330
Location: Richmond Hill, Canada
|
| Posted: Fri Dec 13, 2024 3:03 pm Post subject: |
|
|
| Marcofras wrote: | | Code: |
m@localhost ~ $ namei -l '~/.ssh/id_rsa'
f: ~/.ssh/id_rsa
~ - No such file or directory
m@localhost ~ $ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/m/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/m/.ssh/id_rsa
Your public key has been saved in /home/m/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:RwPnEPcJXXtHU08XPZWxTulcKdKz/gOyV/x8gdie+WA m@localhost
The key's randomart image is:
+---[RSA 4096]----+
| +.+. ..+&|
| * oo. *O|
| +.o+.=*|
| . .. O.o|
| S . o.o+ |
| . o.+ + |
| +E=.o|
| ..=o.+|
| . .oo|
+----[SHA256]-----+
m@localhost ~ $ ls .ssh
id_rsa id_rsa.pub known_hosts
|
now create the certificate and now? |
Is there a question?
Please note the command 'ssh-keygen -t rsa -b 4096' does NOT create "certificate" it create a "private key" which is "rsa" type of 4096 in length. |
|
| Back to top |
|
|
Marcofras
n00b
Joined: 29 May 2023
Posts: 39
|
| Posted: Fri Dec 13, 2024 3:06 pm Post subject: |
|
|
| i dont understand what i have to do now? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1330
Location: Richmond Hill, Canada
|
| Posted: Fri Dec 13, 2024 3:10 pm Post subject: |
|
|
| Marcofras wrote: | | i dont understand what i have to do now? |
In theory there is nothing to do. I think you need to explain what is that you have in mind in term of running the ssh-keygen command.
You can consider copy the public key 'id_rsa.pub' to where you wish to ssh to. |
|
| Back to top |
|
|
Marcofras
n00b
Joined: 29 May 2023
Posts: 39
|
| Posted: Fri Dec 13, 2024 3:15 pm Post subject: |
|
|
i cant connect to the server and i have this message
| Code: |
m@localhost ~ $ ssh root@212.227.87.63
root@212.227.87.63: Permission denied (publickey).
|
this is the main problem and i attempt to solve following the guides i found on google but it doesnt works. |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1330
Location: Richmond Hill, Canada
|
| Posted: Fri Dec 13, 2024 3:23 pm Post subject: |
|
|
| Marcofras wrote: | i cant connect to the server and i have this message
| Code: |
m@localhost ~ $ ssh root@212.227.87.63
root@212.227.87.63: Permission denied (publickey).
|
this is the main problem and i attempt to solve following the guides i found on google but it doesnt works. |
The destination 212.227.87.63 is requesting use publickey authentication method. it will not accept any other way.
So you will need to find a way to copy your public key 'id_rsa.pub' into 212.227.87.64:<root homedir>/.ssh/known_hosts.
Are you sure the destination 212.227.87.63 allow 'root' to login?
P.S. when I say 'copy public key id_rsa.pub' I don't mean the file. I mean the content of the file. |
|
| Back to top |
|
|
Marcofras
n00b
Joined: 29 May 2023
Posts: 39
|
| Posted: Fri Dec 13, 2024 3:37 pm Post subject: |
|
|
| i access the server with remote console provided and in the directory ssh i see only authorized_keys do i have to create the file known_hosts? |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 1950
|
| Posted: Fri Dec 13, 2024 3:40 pm Post subject: |
|
|
| Marcofras wrote: | | i access the server with remote console provided and in the directory ssh i see only authorized_keys do i have to create the file known_hosts? |
Append to authorized_keys (not overwrite) on a new line. You do not need known_hosts. |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1330
Location: Richmond Hill, Canada
|
| Posted: Fri Dec 13, 2024 3:41 pm Post subject: |
|
|
| Marcofras wrote: | | i access the server with remote console provided and in the directory ssh i see only authorized_keys do i have to create the file known_hosts? |
yes. and the file need to be own by root have permission of 0600. |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1330
Location: Richmond Hill, Canada
|
| Posted: Fri Dec 13, 2024 3:42 pm Post subject: |
|
|
| grknight, is correct, I got the file name mixup. it is 'authorized_keys' |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22814
|
| Posted: Fri Dec 13, 2024 3:58 pm Post subject: |
|
|
| pingtoo wrote: | | yes. and the file need to be own by root have permission of 0600. |
This ownership comment is correct in this specific case, but in the general case, the authorized_keys file needs to be owned by the user who is granting access. OP specifically wants root access in this case, so saying own by root is fine here. However, if the OP were authorizing login as some non-root user, such as bob, then the file needs to be owned by bob and located at ~bob/.ssh/authorized_keys. |
|
| Back to top |
|
|
Marcofras
n00b
Joined: 29 May 2023
Posts: 39
|
| Posted: Fri Dec 13, 2024 4:05 pm Post subject: |
|
|
| the content of .ssh/id_rsa.pub, ok i will try |
|
| Back to top |
|
|
sMueggli
Guru
Joined: 03 Sep 2022
Posts: 508
|
| Posted: Sat Dec 14, 2024 9:48 am Post subject: |
|
|
| pingtoo wrote: | | Please note the command 'ssh-keygen -t rsa -b 4096' does NOT create "certificate" it create a "private key" which is "rsa" type of 4096 in length. |
The command creates the private key (never share this key!) and the corresponding public key (which can safely be shared).
I would not recommend to allow SSH access to root. If you do, please create a password-protected private key.
To setup SSH I would allow password-based access to a normal user and then use the command "ssh-copy-id" to transfer the public key to the remote user on the remote computer. When SSH access with the key works, disable passwords as authentication method. |
|
| Back to top |
|
|
|
Networking & Security
