Raspberry Pi Forums

A small, affordable computer with free resources to help people learn, make things, and have fun
https://www.raspberrypi.org/forums/

Using SSH without run time credentials

https://www.raspberrypi.org/forums/viewtopic.php?f=36&t=262490

Page 1 of 1

Using SSH without run time credentials

Posted: Mon Jan 20, 2020 5:01 pm
by Matha
Hello,

I have something "peculiar" going on beneath covers with respect to using SSH without run time credentials that I cannot understand. Looking for some feedback on debugging from another angle, please.

I have performed ssh-copy-id successfully on approximately 20 RPi boxes - all running Buster but, of course, some are older than others. I can now ssh into all these servers except one where the credential is demanded at each logon attempt. I have checked the ~/.ssh/authorized_keys file and found no difference in the entries except that the errant server had two identical records (deleting one manually did not resolve the issue).

The errant server has the following properties:

Code: Select all

$ uname -a
Linux raspbari11 4.19.75-v7+ #1270 SMP Tue Sep 24 18:45:11 BST 2019 armv7l GNU/Linux
$ cat /proc/cpuinfo
processor	: 0
model name	: ARMv7 Processor rev 5 (v7l)
BogoMIPS	: 38.40
Features	: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm 
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xc07
CPU revision	: 5

processor	: 1
model name	: ARMv7 Processor rev 5 (v7l)
BogoMIPS	: 38.40
Features	: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm 
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xc07
CPU revision	: 5

processor	: 2
model name	: ARMv7 Processor rev 5 (v7l)
BogoMIPS	: 38.40
Features	: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm 
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xc07
CPU revision	: 5

processor	: 3
model name	: ARMv7 Processor rev 5 (v7l)
BogoMIPS	: 38.40
Features	: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae evtstrm 
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xc07
CPU revision	: 5

Hardware	: BCM2835
Revision	: a21041
Serial		: 
Model		: Raspberry Pi 2 Model B Rev 1.1
$
All update/upgrade operations are current in the intranet farm. Please note that all suggestions are welcome! ;)

Kind regards.

Re: Using SSH without run time credentials

Posted: Mon Jan 20, 2020 5:19 pm
by tpyo kingg
Incorrect permissions is a very common problem with those symptoms. So on the errant machine, verify the permissions on the file authorized_keys, the directory it is in, and all the directories above it.

Then if that was not it, watch the logs on the errant machine as you try to log in with a key. It should tell you where the problem lies:

Code: Select all

sudo tail -f /var/log/auth.log | awk '$5~/^sshd/'
Or

Code: Select all

sudo journalctl -efu ssh.service

Re: Using SSH without run time credentials

Posted: Tue Jan 21, 2020 4:55 pm
by Matha
Thx @tpyo kingg,

Code: Select all

pi@raspbari11:~ $ sudo tail -f /var/log/auth.log | awk '$5~/^ssh/'
Jan 21 10:48:16 raspbari11 sshd[31612]: Authentication refused: bad ownership or modes for directory /home/pi
Jan 21 10:48:18 raspbari11 sshd[31612]: Accepted password for pi from 192.168.50.166 port 38352 ssh2
Some lines below (perhaps not relevant for this thread intentionally deleted):

Code: Select all

pi@raspbari11:~ $ sudo journalctl -efu ssh.service
-- Logs begin at Mon 2020-01-20 11:10:27 CST. --
Jan 20 11:10:34 raspbari11 systemd[1]: Started OpenBSD Secure Shell server.
Jan 20 11:11:20 raspbari11 sshd[965]: Authentication refused: bad ownership or modes for directory /home/pi
Jan 20 11:11:24 raspbari11 sshd[965]: Connection closed by authenticating user pi 192.168.50.166 port 37466 [preauth]
Jan 21 10:48:16 raspbari11 sshd[31612]: Authentication refused: bad ownership or modes for directory /home/pi
Jan 21 10:48:18 raspbari11 sshd[31612]: Accepted password for pi from 192.168.50.166 port 38352 ssh2
And, of course, as you realized (but I didn't even think about it since I was editing with user pi and don't have a clue how it happened:

Code: Select all

pi@raspbari11:~/.ssh $ ls -l
total 8
-rw------- 1 pi pi  565 Jan 20 11:10 authorized_keys
-rw-r--r-- 1 pi pi 2220 Sep  8 21:19 known_hosts
Many, many thanks! Kind regards.

Re: Using SSH without run time credentials

Posted: Wed Jan 22, 2020 2:17 pm
by Lewis-H
Use a ssh-library written in Java instead of runtime-exec'ing a ssh program.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/