Passwordless SSH login

Bob ubuntu-qygzanxc at listemail.net
Thu Feb 11 04:30:29 UTC 2021 

** Reply to message from Robert Heller <heller at deepsoft.com> on Wed, 10 Feb
2021 22:36:11 -0500 (EST)

> At Wed, 10 Feb 2021 19:10:49 -0800 "Ubuntu user technical support, not for
> general discussions" <ubuntu-users at lists.ubuntu.com> wrote:
> 
> > 
> > Content-Type: text/plain
> > 
> > ** Reply to message from Robert Heller <heller at deepsoft.com> on Wed, 10 Feb
> > 2021 19:26:23 -0500 (EST)
> > 
> > > At Wed, 10 Feb 2021 15:49:35 -0800 "Ubuntu user technical support, not for
> > > general discussions" <ubuntu-users at lists.ubuntu.com> wrote:
> > > 
> > > > 
> > > > Content-Type: text/plain
> > > > 
> > > > I have set up SSH between two computers on my LAN and am trying to disable
> > > > password login.  SSH works between the computers.  I can login using
> > > > public/private keys.  What I have not been able to do is disable the password
> > > > login.
> > > > 
> > > 
> > > Check the IdentityFile setting in /etc/ssh/ssh_config
> > > 
> > > You need to make sure it is set to:
> > > 
> > >    IdentityFile ~/.ssh/id_rsa
> > >    
> > > I think Ubuntu sets it to:
> > > 
> > >    IdentityFile ~/.ssh/id_ecdsa
> > > 
> > > by default.
> > 
> > Looking at /etc/ssh/ssh_config there is no IdentifyFile parameter, all are
> > commented out.  Which system does this need to be set, all of them or the
> > client or server?
> > 
> > When I generated the keys I specified rsa.  I would think that would be enough
> > for everything to work.
> 
> It needs to be set on the originating machine.  Do a "slogin -v" to see what 
> it is doing.

robert at MARS:~$ slogin -v bob1 at 192.168.60.184
OpenSSH_8.3p1 Ubuntu-1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf
matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.60.184 [192.168.60.184] port 22.
debug1: Connection established.
debug1: identity file /home/robert/.ssh/id_rsa type 0
debug1: identity file /home/robert/.ssh/id_rsa-cert type -1
debug1: identity file /home/robert/.ssh/id_dsa type -1
debug1: identity file /home/robert/.ssh/id_dsa-cert type -1
debug1: identity file /home/robert/.ssh/id_ecdsa type -1
debug1: identity file /home/robert/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/robert/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/robert/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/robert/.ssh/id_ed25519 type -1
debug1: identity file /home/robert/.ssh/id_ed25519-cert type -1
debug1: identity file /home/robert/.ssh/id_ed25519_sk type -1
debug1: identity file /home/robert/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/robert/.ssh/id_xmss type -1
debug1: identity file /home/robert/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3p1 Ubuntu-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.3p1
Ubuntu-1
debug1: match: OpenSSH_8.3p1 Ubuntu-1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.60.184:22 as 'bob1'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:Pnc1Tfpvc6xBJ5yaVyqmTaYmTqjPRl3VAAo/XY57efw
debug1: Host '192.168.60.184' is known and matches the ECDSA host key.
debug1: Found key in /home/robert/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/robert/.ssh/id_rsa RSA
SHA256:2vjQjFca63GJ3xu9FMPbqOmpR5yb+VEImHWexHfg510 agent
debug1: Will attempt key: /home/robert/.ssh/id_dsa 
debug1: Will attempt key: /home/robert/.ssh/id_ecdsa 
debug1: Will attempt key: /home/robert/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/robert/.ssh/id_ed25519 
debug1: Will attempt key: /home/robert/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/robert/.ssh/id_xmss 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,sk-ssh-ed25519 at openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/robert/.ssh/id_rsa RSA
SHA256:2vjQjFca63GJ3xu9FMPbqOmpR5yb+VEImHWexHfg510 agent
debug1: Server accepts key: /home/robert/.ssh/id_rsa RSA
SHA256:2vjQjFca63GJ3xu9FMPbqOmpR5yb+VEImHWexHfg510 agent
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.60.184 ([192.168.60.184]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com want_reply 0
debug1: Remote: /home/bob1/.ssh/authorized_keys:1: key options:
agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/bob1/.ssh/authorized_keys:1: key options:
agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 20.10 (GNU/Linux 5.8.0-43-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

0 updates can be installed immediately.
0 of these updates are security updates.

Last login: Wed Feb 10 14:36:10 2021 from 192.168.60.182
bob1 at Juptier:~$ 


>  This should be enlightening.  It is possible that the compiled 
> in default is something other than ~/.ssh/id_rsa and the -v option will tell 
> you that.  If it is in fact something else, you need to include an 
> IdentityFile setting like I showed above.  You might need to do it on the 
> "other" machine if you ssh both ways.
> 
> > 
> > 
> > > > The instructions I am using
> > > > <https://www.linuxbabe.com/linux-server/setup-passwordless-ssh-login> says to
> > > > edit /etc/ssh/sshd_config and change "PasswordAuthentication" from "yes" to
> > > > "no" and change "ChallengeResponseAuthentication" to "no".  That did not work
> > > > as I can still SSH to the computer and login to the computer using the
> > > > password.
> > > > 
> > > > When I edit /etc/ssh/sshd_config "PasswordAuthentication" is commented out so I
> > > > removed the comment and changed "yes" to "no". 
> > > > "ChallengeResponseAuthentication" was not on the config file so I added it. 
> > > > What else do I need to do?
> > > > 
> > >

-- 
Robert Blair


The inherent vice of capitalism is the unequal sharing of the blessings.  The inherent blessing of socialism is the equal sharing of misery.  -- Winston Churchill

More information about the ubuntu-users mailing list