mrpetrov
Posts: 19
Joined: Sun Mar 08, 2015 3:44 pm

[SOLVED] Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Wed Apr 10, 2019 6:07 pm

Hello, everyone!

Somewhat experienced user here - I'm trying to configure a freshly written Raspbian Lite image to enable passwordless login using public key authentication using already present PUTTY generated key, and am failing miserably at it.

On a stock Raspbian Lite just-written-image I only switch it to static IP like so:
I create
/etc/network/interfaces/eth0
file with this content,

Code: Select all

auto eth0
iface eth0 inet static
        address 192.168.10.111
        netmask 255.255.255.0
        gateway 192.168.10.1
        dns-server 192.168.10.1
Disable dhcpcd service:

Code: Select all

sudo systemctl disable dhcpcd
And leave only networking enabled:

Code: Select all

sudo systemctl enable networking
Then reboot the system:

Code: Select all

sudo reboot
Next, I enable SSH with raspi-config.

Then, there is trouble:

Can someone else please confirm that generating a RSA key with PUTTY on Windows, and putting whats in PuTTYgen's "Public key for pasting into OpenSSH authorized_keys file:" box in

Code: Select all

/home/pi/.ssh/authorized_keys
with permissions

Code: Select all

sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/authorized_keys
fails as of April 2019?

The version of PUTTY I use is: 0.71 (32-bit) running on 64-bit Windows 10.

The interesing part is that this exact same config worked flawlessly for years for me - I have RPi 2 B+ with wheezy install, and it works...

Got another Pi recently - this time it is a RPi 3 B+, and I would like to use the already working PUTTY generated key for pubkey auth, but for some reason, I cant get it to work on stretch...

And from what I can tell - this should work as I have even newer sshd on another machine, but different distro, and I can't see why sshd fails to read my supplied public key...



I played with sshd and its debugging output - I started an additional daemon on a different port via command line, and enabled extra debuggin output (besides whats in sshd_config of stock STRETCH:

Code: Select all

sudo /usr/sbin/sshd -Dddd -f /etc/ssh/sshd_config -p 23
Here is some of the output of how its failing:

Code: Select all

debug1: userauth-request for user pi service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 259
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug2: input_userauth_request: setting up authctxt for pi [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user pi service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:INScUp6udHOEW6FRMZgZ0VmlftjrBNzRXujKo04                     WTDI [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "pi"
debug1: PAM: setting PAM_RHOST to "192.168.10.11"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=, role=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x1de6c08
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/pi/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug2: user_key_allowed: check options: 'ssh-rsa ATCofc6MNQ6hwaiAovSDSnetSUozuikToxdP3wGcgwayhK0m5L/kyvjXNnc/pEpxXG3c1F                     FRitFm5rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emZUX+c/Zsa0UPNQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9embSrEMZ3wGcg5oY5aeTeDikpQihCFPS                     NPkwLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcg45f3/HgfVUJujPaFCxT61meS82IyxJzG2/bwrZF+kJGldTF+ctiwQ6iiauY+Zj06CLT1Kqob5UDEML61gC                     yjnAcfMXgkdP3wGcgP0nTokPqwjhmRj7ZdpYkCpQed+rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emsdS6S5PXwhQSkYKzyqhjnipro4bhsXHtAtTJD6dbR                     9emZJUQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9em45Y/3AphPN9gZs5yyhU1Vlcqds+sUqVGSxySe0aPYphlY+2uGOc0266ZMFJp/MmUmEmLLM04cH3s6Gti                     hS4ShM4L3peSZhL2qELJEka1EwMmq4/Riu3rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emcgkEyWFHkfDye4/PvjT6bfm7melSgXBYBTB5bLfQIwqXVweHd                     CfdZEgI10xeF44179038f46b139BC4B8f7E73E479642C5B3021gCyjnAcfLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcg45WVXVj2khmccLDDH1GxGcJxFPB                     N4bzLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcg45eTeDikpQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emR06iTmGH9PnhJZrW/decd0+r4KaQIELPi8zPuuO                     mRA3bHf4dEvGN0Hta6SclOoz4VJhS2vN+9vRIFnN/LpOadTDJm3Tb00uFPA6Vh2debug2: user_key_allowed: advance: 'ATCofc6MNQ6hwaiAovSDS                     netSUozuikToxdP3wGcgwayhK0m5L/kyvjXNnc/pEpxXG3c1FFRitFm5rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emZUX+c/Zsa0UPNQihCFPSNPkwLNBT                     bVZHUAnYc5iRYaWz9embSNcEH1C3UXSaTcNMHNLGNuLZqjGKbSrEMZzDUoGQJGhaovqyRYaWz9embSrEMZ3wGcgAQf3/HgfVUJujPaFCxT61meS82IyxJzG2                     /bwrZF+kJGldTF+ctiwQ6iiauY+Zj06CLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcgP0nTokPqwjhmRj7ZdpYkCpQed+rLQihCFPSNPkwLNBTbVZHUAnYc5i                     RYaWz9emsdS6S5PXwhQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emZJUQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9em45Y/3AphPN9gZs5yyhU1Vlcqds+sUqV                     GSxySe0aPYphlY+2uGOc0266ZMFJp/MmUmEmLLM04cH3s6GtihS4ShM4L3peSZhL2qELJEka1EwMmq4/Riu3rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9em                     cgkEyWFHkfDye4/PvjT6bfm7melSgXBYBTB5bLfQIwqXVweHdCfdZEgI10xeF44179038f46b139BC4B8f7E73E479642C5B3021gCyjnAcfLT1Kqob5UDEM                     L61gCyjnAcfLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcg455rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emkT                     oxajePfYlRR06iTmGH9PnhJZrW/decd0+r4KaQIELPi8zPuuOmRA3bHf4dEvGN0Hta6SclOoz4VJhS2vN+9vRIFnN/LpOadTDJm3Tb00uFPA6Vh2XeY49TIH                     YP/gpDdebug2: key not found
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/pi/.ssh/authorized_keys2
debug1: Could not open authorized keys '/home/pi/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x1de6c08 is not allowed
Failed publickey for pi from 192.168.10.11 port 58312 ssh2: RSA SHA256:INScUp6udHOEW6FRMZgZ0VmlftjrBNzRXujKo04WTDI
debug3: mm_request_send entering: type 23
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user pi service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 1 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:pgrxvGTAguA5WbPmqk26YAa2AV4WCzLIFZDn3Cw                     I5d0 [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x1de6c18
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/pi/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug2: user_key_allowed: check options: 'ssh-rsa ATCofc6MNQ6hwaiAovSDSnetSUozuikToxdP3wGcgwayhK0m5L/kyvjXNnc/pEpxXG3c1F                     FRitFm5rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emZUX+c/Zsa0UPNQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9embSrEMZ3wGcg5oY5aeTeDikpQihCFPS                     NPkwLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcg45f3/HgfVUJujPaFCxT61meS82IyxJzG2/bwrZF+kJGldTF+ctiwQ6iiauY+Zj06CLT1Kqob5UDEML61gC                     yjnAcfMXgkdP3wGcgP0nTokPqwjhmRj7ZdpYkCpQed+rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emsdS6S5PXwhQSkYKzyqhjnipro4bhsXHtAtTJD6dbR                     9emZJUQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9em45Y/3AphPN9gZs5yyhU1Vlcqds+sUqVGSxySe0aPYphlY+2uGOc0266ZMFJp/MmUmEmLLM04cH3s6Gti                     hS4ShM4L3peSZhL2qELJEka1EwMmq4/Riu3rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emcgkEyWFHkfDye4/PvjT6bfm7melSgXBYBTB5bLfQIwqXVweHd                     CfdZEgI10xeF44179038f46b139BC4B8f7E73E479642C5B3021gCyjnAcfLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcg45WVXVj2khmccLDDH1GxGcJxFPB                     N4bzLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcg45eTeDikpQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emR06iTmGH9PnhJZrW/decd0+r4KaQIELPi8zPuuO                     mRA3bHf4dEvGN0Hta6SclOoz4VJhS2vN+9vRIFnN/LpOadTDJm3Tb00uFPA6Vh2debug2: user_key_allowed: advance: 'ATCofc6MNQ6hwaiAovSDS                     netSUozuikToxdP3wGcgwayhK0m5L/kyvjXNnc/pEpxXG3c1FFRitFm5rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emZUX+c/Zsa0UPNQihCFPSNPkwLNBT                     bVZHUAnYc5iRYaWz9embSNcEH1C3UXSaTcNMHNLGNuLZqjGKbSrEMZzDUoGQJGhaovqyRYaWz9embSrEMZ3wGcgAQf3/HgfVUJujPaFCxT61meS82IyxJzG2                     /bwrZF+kJGldTF+ctiwQ6iiauY+Zj06CLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcgP0nTokPqwjhmRj7ZdpYkCpQed+rLQihCFPSNPkwLNBTbVZHUAnYc5i                     RYaWz9emsdS6S5PXwhQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emZJUQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9em45Y/3AphPN9gZs5yyhU1Vlcqds+sUqV                     GSxySe0aPYphlY+2uGOc0266ZMFJp/MmUmEmLLM04cH3s6GtihS4ShM4L3peSZhL2qELJEka1EwMmq4/Riu3rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9em                     cgkEyWFHkfDye4/PvjT6bfm7melSgXBYBTB5bLfQIwqXVweHdCfdZEgI10xeF44179038f46b139BC4B8f7E73E479642C5B3021gCyjnAcfLT1Kqob5UDEM                     L61gCyjnAcfLT1Kqob5UDEML61gCyjnAcfMXgkdP3wGcg455rLQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emQihCFPSNPkwLNBTbVZHUAnYc5iRYaWz9emkT                     oxajePfYlRR06iTmGH9PnhJZrW/decd0+r4KaQIELPi8zPuuOmRA3bHf4dEvGN0Hta6SclOoz4VJhS2vN+9vRIFnN/LpOadTDJm3Tb00uFPA6Vh2XeY49TIH                     YP/gpDdebug2: key not found
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/pi/.ssh/authorized_keys2
debug1: Could not open authorized keys '/home/pi/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x1de6c18 is not allowed
Failed publickey for pi from 192.168.10.11 port 58312 ssh2: RSA SHA256:pgrxvGTAguA5WbPmqk26YAa2AV4WCzLIFZDn3CwI5d0
debug3: mm_request_send entering: type 23
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
debug3: send packet: type 51 [preauth]
Connection closed by 192.168.10.11 port 58312 [preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 1323
debug1: audit_event: unhandled event 12
Last edited by mrpetrov on Thu Apr 11, 2019 11:36 am, edited 4 times in total.

Andyroo
Posts: 3314
Joined: Sat Jun 16, 2018 12:49 am
Location: Lincs U.K.

Re: Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Wed Apr 10, 2019 6:30 pm

I’ve compared it to my Stretch and the file created by my Mac and the rights look fine

Looking in the key file I have

Code: Select all

ssh-rsa keytext [email protected]
With keytext being the long long key string.
auser being my Mac user name.
ausers.mac.local being my machine name.

One space between each part of the data.
Need Pi spray - these things are breeding in my house...

mrpetrov
Posts: 19
Joined: Sun Mar 08, 2015 3:44 pm

Re: Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Wed Apr 10, 2019 6:40 pm

Andyroo wrote:
Wed Apr 10, 2019 6:30 pm
I’ve compared it to my Stretch and the file created by my Mac and the rights look fine

...
Are you able to SSH to your Pi using only the public key authentication and no entering of passwords?

And you mention a Mac - can you test with Windows PUTTY generated key, because.... that is what is not working for me...

Thanks for your reply, by the way!

Andyroo
Posts: 3314
Joined: Sat Jun 16, 2018 12:49 am
Location: Lincs U.K.

Re: Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Wed Apr 10, 2019 6:46 pm

I just ssh [email protected] and I’m in.

I do not have a Windows box I’m afraid other than my good lady’s and I’m not allowed to fiddle with that (it does not have putty and it’s locked down) :D :lol:
Need Pi spray - these things are breeding in my house...

mrpetrov
Posts: 19
Joined: Sun Mar 08, 2015 3:44 pm

Re: Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Wed Apr 10, 2019 6:55 pm

Are you on STRETCH?

Code: Select all

cat /etc/os-release

Code: Select all

[email protected]:~ $ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
And did you do something special setting it up like that? I mean - am I missing something here?

Andyroo
Posts: 3314
Joined: Sat Jun 16, 2018 12:49 am
Location: Lincs U.K.

Re: Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Wed Apr 10, 2019 7:06 pm

I am definitely on Stretch.

The only difference I can think of is the Mac uses ssh-copy-id [email protected] to copy the key over rather than cut/paste.

Have to ask:
1) Did you copy all of the key inc key type / key / machine name?
2) Did you mix up the public / private part?

Other than that I’m stuck to be honest with no Windows box I cannot try for you. My Mac with Fusion is out at the mo and it will be about a week before I can get to it.

Hope someone with a Windows box can help before this.
Need Pi spray - these things are breeding in my house...

mrpetrov
Posts: 19
Joined: Sun Mar 08, 2015 3:44 pm

Re: Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Wed Apr 10, 2019 7:23 pm

Andyroo wrote: Have to ask:
1) Did you copy all of the key inc key type / key / machine name?
2) Did you mix up the public / private part?
Well, that's the point - on systems now years old and still rocking on solid, all I had to do is fire PUTTYgen on my Windows machine when I decided it was time to renew my SSHing key and generate a new key pair. This allowed me to save the-all-important private key in PUTTY's .PPK format, and gave me what I needed to paste in ~/.ssh/authorized_keys file on the machines I would be accessing with this key, and all "Just Worked" TM !

What I cannot understand is what is so different about Debian/Raspbian from say Slackware/Crux/CentOS - because through the years my "way" above always worked (tried on the listed distros)... what does

Code: Select all

ssh-copy-id
do that is so special?

Or am I expecting too much...

Thanks again, Andyroo! Apreciate you desire to help...

swampdog
Posts: 196
Joined: Fri Dec 04, 2015 11:22 am

Re: Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Thu Apr 11, 2019 12:28 am

I've had no end of wierd problems with PuTTY over the years. If you are able you'll find it much less painful to install cygwin and its "ssh client". Just run 'ssh-user-config'. Thereafter it's just like linux.

Here's how to manually set up ssh on your rpi. We'll create a throwaway account.

Code: Select all

$sudo su -
#[email protected]:~# useradd -m -s /bin/bash fred

[email protected]:~# passwd fred
Enter new UNIX password: fred
Retype new UNIX password: fred
passwd: password updated successfully

[email protected]:~# su - fred
Now get keyless ssh working. Hit enter for the ssh prompts when they occur..

Code: Select all

[email protected]:~ $ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/fred/.ssh/id_rsa): 
Created directory '/home/fred/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/fred/.ssh/id_rsa.
Your public key has been saved in /home/fred/.ssh/id_rsa.pub.
The key fingerprint is:
16:df:6d:35:36:1d:1d:f8:4b:6b:33:23:0f:7e:ea:15 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|              .oo|
|             .  +|
|        .     .+o|
|         o . ..+o|
|        S . . +Eo|
|       .     + B.|
|            . =.+|
|             ..o |
|            .oo  |
+-----------------+
Now ensure we can log into ourself..

Code: Select all

[email protected]:~ $ cd .ssh
[email protected]:~/.ssh $ ls -l
total 8
-rw------- 1 fred fred 1679 Apr 11 00:50 id_rsa
-rw-r--r-- 1 fred fred  391 Apr 11 00:50 id_rsa.pub

[email protected]:~/.ssh $ cp -v id_rsa.pub authorized_keys
‘id_rsa.pub’ -> ‘authorized_keys’
[email protected]:~/.ssh $ chmod 0600 authorized_keys 
[email protected]:~/.ssh $ ls -l
total 12
-rw------- 1 fred fred  391 Apr 11 00:56 authorized_keys
-rw------- 1 fred fred 1679 Apr 11 00:50 id_rsa
-rw-r--r-- 1 fred fred  391 Apr 11 00:50 id_rsa.pub
Now we can log in..

Code: Select all

[email protected]:~/.ssh $ ssh [email protected]
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is 25:80:08:35:ec:b8:8b:3b:7f:9d:04:0e:d7:f0:e9:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

[email protected]:~ $ exit
logout
Connection to localhost closed.
[email protected]:~/.ssh $ 

[email protected]:~/.ssh $ ls -l
total 16
-rw------- 1 fred fred  391 Apr 11 00:56 authorized_keys
-rw------- 1 fred fred 1679 Apr 11 00:50 id_rsa
-rw-r--r-- 1 fred fred  391 Apr 11 00:50 id_rsa.pub
-rw-r--r-- 1 fred fred  222 Apr 11 00:57 known_hosts
Exit back to root and get rid of everything we did..

Code: Select all

[email protected]:~ $ exit
logout
[email protected]:~# ls -l /home
total 12
drwxr-xr-x 39 admin admin 4096 Mar 10 23:00 admin
drwxr-xr-x  3 fred  fred  4096 Apr 11 00:52 fred
drwxr-xr-x 28 pi    pi    4096 May  4  2017 pi

[email protected]:~# userdel -r fred
userdel: fred mail spool (/var/mail/fred) not found
[email protected]:~# ls -l /home
total 8
drwxr-xr-x 39 admin admin 4096 Mar 10 23:00 admin
drwxr-xr-x 28 pi    pi    4096 May  4  2017 pi
Now ensure your real rpi account is like "fred" was. All you do to add a new login is append a "*.pub" key from the machine that wants to login onto the end of "authorized_keys". Typically you do this..
You'll have to enter password for "fred" both times above.

Code: Select all

[email protected]$ cd .ssh
[email protected]$ cat z >>authorized_keys
[email protected]$ rm -v z
Now you don't have to enter it any more. Note particularly I ensured the target filename "z" else you'll likely overwrite one of fred's public keys with "[email protected]"''s public key and that's bad! Also note ">>" (ie append) rather than ">" (overwrite).

It's likely the PuTTY key is in the wrong format or not a public key. I'd still use cygwin though because you can follow exactly the above once "ssh-user-config" has run.

mrpetrov
Posts: 19
Joined: Sun Mar 08, 2015 3:44 pm

Re: Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Thu Apr 11, 2019 11:10 am

Thanks to all who replied to my thread here!

I found where my problems are rooted, and its not even funny.

Turns out it was totally a file transfer problem, like most of you suggested...

I have a reproducible case of Windows 10 1809 OS Build 17763.437 "clipboard failure", and I am thinking about how and where to report it to Microsoft...

My case consists of saving my, admittedly non-common 6144-bit key (the public part), via PuTTYgen's save public key button in a simple text file. As the format of the file cannot be directly used as SSH's authorized_keys file - I mangle it a bit, but using NotePad++ - things like make it all one line, adding ssh-rsa at the begging and moving my comment to the end of the file while removing its quotes, per the format as described here: https://man.openbsd.org/sshd.8#AUTHORIZ ... ILE_FORMAT.

Just as a security measure - I replace a bunch of letters with other ones, and I end up with 1KiB file.

This is the fun part:
if open the resulting text file in Windows' own Notepad, and say "Select all" (Ctrl+A), "Copy" (Ctrl+C), move the cursor to end of file and then "Paste" (Ctrl+V) - there are immediate differences, see here:
ce1.png
copy-paste-error example
ce1.png (116.24 KiB) Viewed 197 times
Differences in "pasted" content starting at symbol number 5...

Not sure what these guys are doing, but this is a bit of a problem...

Anyway, after I succesfully transferred the correct public key to my new RPi 3 B+, all that's left for me is to disable password login, as I no longer need it, and as a matter of fact - it is a security issue.
Everything running and behaving as expected now!

Thanks again, everyone, for chiming in!

P.S. For all the Windows 10 users willing to test it - here is an archived version of my sample text file:
clipboard-bug-test.7z
copy-paste-error sample text file (archived with 7zip)
(1.03 KiB) Downloaded 3 times
.

mrpetrov
Posts: 19
Joined: Sun Mar 08, 2015 3:44 pm

Re: [SOLVED] Trouble configuring Raspbian Lite for pubkey auth SSH with PUTTY (Windows) generated key

Mon Apr 15, 2019 9:21 am

Just to expand a little on this "copy PuTTYgen key via Windows' clipboard" issue:
I tried on a Windows as old as XP, and with the file provided in the above post the behaviour is exactly the same from XP to Win 10 1809 - great, when you think about the timespan involved here!

Anyway, turns out all of the above is to be expected - as described in this superuser.com question: https://superuser.com/questions/1156362 ... omatically.

My take on it is that Windows' clipboard incorrectly does not allow some slashes...

So, for the PUTTY users out there - just save the PuTTYgen key as file, and then find a way to safely transfer that file instead of "copy-paste"... Mild inconvinience, but workable - I think..

Return to “Beginners”