SSH Key Issue Finally Resolved


#1

So I’ve been testing this script in a digital ocean droplet just trying to perfect it before I redo my current server later this fall. There’s one problem that I’ve found that pertains to this script especially. And it deals with SSH keys and logging on with them.

I was trying everything, and I spent hours trying to figure out the problem, reading debug logs and the like. I’ve no no issues using SSH keys on servers before. It’s supposed to be as simple as adding your public key to an authorided_users file in the ~/.ssh folder. Then change the /etc/ssh/sshd_config file to disable root login and password based logins.

I did all of this, but I was unable to login, and I continued to get a publickey error when trying to login. I tried several other scripts on different droplets with no problem. And obviousl, my current box is working so I narrowed it down to something this scrip does that’s causing me this headache. What it’s doing, I have no idea. But I did figure out how to fix it and it was a permissions issue, as usual, with me and linux.

I ran these commands which fixed my problem. If anyone else has this issue, try this.
chmod o-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys


#2

I dont think its specific to this script. I think its specific to your box. I’ve never had an issue setting up passwordless ssh on any of my quickbox systems. I currently have 4 systems running.

see step 4:
http://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/

The .ssh and auth_keys permissions always need to be set.


#3

The QuickBox script does not in any way alter nor touch a users ~/.ssh directory. By default the permissions on the ~/.ssh directory should be 700 and the authorized_keys file be 600, just as you have found. Additionally, I have known people to attempt creating keys and have tremendous issues under the assumption that setting PermitRootLogin to no, when it should be without-password.

Once I am back at my own workstation I will create a How-To specifically on this topic to make it clear (rather than following outside tutorials) on how to create ssh keys for your server… better yet, I think that including a function to create them on install (or as a standalone command) would be splendid as well.

At any rate, glad you got your keys sorted out and thank you for sharing! :slight_smile:


#4

That is probably the case. I just tried it with several scripts, and I loaded the keys the same way on in all tests, and the only script I had an issue with was this one.

Thank you for that link though. I was unaware that you always needed to change permissions on the .ssh folder and authorized_keys. That should prevent any issues I have in the future.


#5

One thing that I think would be kinda great is if there was an option during the script to paste the contents of your id_rsa.pub key into an authorized_users file. I don’t know if this is possible, but if it is that would be amazing!