Gary Baldy
Posts: 3
Joined: Thu Jul 18, 2019 10:13 am

SSH issues with my rPi4

Thu Jul 18, 2019 10:49 am

Hi, I have set up my new Raspberry Pi 4 (4GB) with the latest Raspbian release and, since I plan to use it headless, I started configuring ssh to access the terminal through my macbook using a public key rather than username/password.
I created a pair of private/public keys on my macbook using the command ssh-keygen -t rsa -b 4096. I used the standard id_rsa/id_rsa.pub filenames and password has been left blank.
I created the /home/<myuser>/.ssh folder in the raspberry pi (I am not using the default pi user) and sent the command chmod 700 ~/.ssh. I created the file ~/.ssh/authorized_keys and set the permissions with chmod 600 ~/.ssh/authorized_keys.
I then proceeded to modify the /etc/ssh/sshd_config on the raspberry pi, and this is a copy of it:
https://pastebin.com/wSyBH90n
On my macbook I then send this command: ssh -p 3333 <ipaddresshere>, but the terminal returns Permission denied (publickey).
If I run the command sudo systemctl status ssh on my raspberry pi, this is the terminal output:

Code: Select all

● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-07-18 11:28:45 BST; 14min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
  Process: 5833 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
 Main PID: 5834 (sshd)
    Tasks: 1 (limit: 4915)
   Memory: 1.4M
   CGroup: /system.slice/ssh.service
           └─5834 /usr/sbin/sshd -D

Jul 18 11:28:45 RaspberryPi4 sshd[5834]: Server listening on :: port 3333.
Jul 18 11:28:45 RaspberryPi4 systemd[1]: Started OpenBSD Secure Shell server.
Jul 18 11:29:03 RaspberryPi4 sshd[5874]: rexec line 38: Deprecated option RSAAuthentication
Jul 18 11:29:03 RaspberryPi4 sshd[5874]: reprocess config line 38: Deprecated option RSAAuthentication
Jul 18 11:29:03 RaspberryPi4 sshd[5874]: Invalid user garybaldy from 192.168.0.3 port 56069
Jul 18 11:29:03 RaspberryPi4 sshd[5874]: Connection closed by invalid user garybaldy 192.168.0.3 port 56069 [preauth]
Jul 18 11:29:08 RaspberryPi4 sshd[5888]: rexec line 38: Deprecated option RSAAuthentication
Jul 18 11:29:08 RaspberryPi4 sshd[5888]: reprocess config line 38: Deprecated option RSAAuthentication
Jul 18 11:29:08 RaspberryPi4 sshd[5888]: Invalid user garybaldy from 192.168.0.3 port 56070
Jul 18 11:29:08 RaspberryPi4 sshd[5888]: Connection closed by invalid user garybaldy 192.168.0.3 port 56070 [preauth]
What do you think is the issue? I tried the above several time, using different names for the public keys, changing to default ports for ssh, but to no avail. Thank you in advance for your help.

bls
Posts: 181
Joined: Mon Oct 22, 2018 11:25 pm

Re: SSH issues with my rPi4

Thu Jul 18, 2019 2:01 pm

You didn't mention what user you are expecting to login as on the pi (which depends on you Mac username unless you are using [email protected]), but I did notice that your sshd_config has "DenyUsers pi root". More details would be helpful...

Gary Baldy
Posts: 3
Joined: Thu Jul 18, 2019 10:13 am

Re: SSH issues with my rPi4

Thu Jul 18, 2019 2:23 pm

Thank you for your answer, bls. I was planning to use the same key from a couple of computers, and they will have different usernames - none of which will be pi or root, as I have disabled root access for ssh, and the pi account has been locked.
Is the username I will use relevant for ssh connection through public key? I commented the relevant rows in the sshd_config file thinking it would have allowed every username except for root and pi:
#AllowUsers garybaldy
DenyUsers pi root

Gary Baldy
Posts: 3
Joined: Thu Jul 18, 2019 10:13 am

Re: SSH issues with my rPi4

Thu Jul 18, 2019 2:34 pm

Ok, the issue was really trivial and you were right :D I understand that by default the SSH CLI will try to log you in with your current username, but all I needed to do was to add the username used in the Raspberry Pi:
ssh -p 3333 [email protected]

Thank you!

Return to “Troubleshooting”