Passwordless SSH login

R C cjvijf at gmail.com
Thu Feb 11 04:41:22 UTC 2021 

On 2/10/21 9:30 PM, Bob wrote:
> ** Reply to message from Robert Heller <heller at deepsoft.com> on Wed, 10 Feb
> 2021 22:36:11 -0500 (EST)
>
>> At Wed, 10 Feb 2021 19:10:49 -0800 "Ubuntu user technical support, not for
>> general discussions" <ubuntu-users at lists.ubuntu.com> wrote:
>>
>>> Content-Type: text/plain
>>>
>>> ** Reply to message from Robert Heller <heller at deepsoft.com> on Wed, 10 Feb
>>> 2021 19:26:23 -0500 (EST)
>>>
>>>> At Wed, 10 Feb 2021 15:49:35 -0800 "Ubuntu user technical support, not for
>>>> general discussions" <ubuntu-users at lists.ubuntu.com> wrote:
>>>>
>>>>> Content-Type: text/plain
>>>>>
>>>>> I have set up SSH between two computers on my LAN and am trying to disable
>>>>> password login.  SSH works between the computers.  I can login using
>>>>> public/private keys.  What I have not been able to do is disable the password
>>>>> login.
>>>>>
>>>> Check the IdentityFile setting in /etc/ssh/ssh_config
>>>>
>>>> You need to make sure it is set to:
>>>>
>>>>     IdentityFile ~/.ssh/id_rsa
>>>>     
>>>> I think Ubuntu sets it to:
>>>>
>>>>     IdentityFile ~/.ssh/id_ecdsa
>>>>
>>>> by default.
>>> Looking at /etc/ssh/ssh_config there is no IdentifyFile parameter, all are
>>> commented out.  Which system does this need to be set, all of them or the
>>> client or server?
>>>
>>> When I generated the keys I specified rsa.  I would think that would be enough
>>> for everything to work.
>> It needs to be set on the originating machine.  Do a "slogin -v" to see what
>> it is doing.
> robert at MARS:~$ slogin -v bob1 at 192.168.60.184
> OpenSSH_8.3p1 Ubuntu-1, OpenSSL 1.1.1f  31 Mar 2020
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf
> matched no files

that is fine, there is nothing there in a "default" setup


> debug1: /etc/ssh/ssh_config line 21: Applying options for *
> debug1: Connecting to 192.168.60.184 [192.168.60.184] port 22.
> debug1: Connection established.
> debug1: identity file /home/robert/.ssh/id_rsa type 0
> debug1: identity file /home/robert/.ssh/id_rsa-cert type -1
> debug1: identity file /home/robert/.ssh/id_dsa type -1
> debug1: identity file /home/robert/.ssh/id_dsa-cert type -1
> debug1: identity file /home/robert/.ssh/id_ecdsa type -1
> debug1: identity file /home/robert/.ssh/id_ecdsa-cert type -1
> debug1: identity file /home/robert/.ssh/id_ecdsa_sk type -1
> debug1: identity file /home/robert/.ssh/id_ecdsa_sk-cert type -1
> debug1: identity file /home/robert/.ssh/id_ed25519 type -1
> debug1: identity file /home/robert/.ssh/id_ed25519-cert type -1
> debug1: identity file /home/robert/.ssh/id_ed25519_sk type -1
> debug1: identity file /home/robert/.ssh/id_ed25519_sk-cert type -1
> debug1: identity file /home/robert/.ssh/id_xmss type -1
> debug1: identity file /home/robert/.ssh/id_xmss-cert type -1
> debug1: Local version string SSH-2.0-OpenSSH_8.3p1 Ubuntu-1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_8.3p1
> Ubuntu-1
> debug1: match: OpenSSH_8.3p1 Ubuntu-1 pat OpenSSH* compat 0x04000000
> debug1: Authenticating to 192.168.60.184:22 as 'bob1'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: curve25519-sha256
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
> <implicit> compression: none
> debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
> <implicit> compression: none
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ecdsa-sha2-nistp256
> SHA256:Pnc1Tfpvc6xBJ5yaVyqmTaYmTqjPRl3VAAo/XY57efw
> debug1: Host '192.168.60.184' is known and matches the ECDSA host key.
> debug1: Found key in /home/robert/.ssh/known_hosts:1
this means it knows the host you are connecting to.
> debug1: rekey out after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: rekey in after 134217728 blocks
> debug1: Will attempt key: /home/robert/.ssh/id_rsa RSA
> SHA256:2vjQjFca63GJ3xu9FMPbqOmpR5yb+VEImHWexHfg510 agent
> debug1: Will attempt key: /home/robert/.ssh/id_dsa
> debug1: Will attempt key: /home/robert/.ssh/id_ecdsa
> debug1: Will attempt key: /home/robert/.ssh/id_ecdsa_sk
> debug1: Will attempt key: /home/robert/.ssh/id_ed25519
> debug1: Will attempt key: /home/robert/.ssh/id_ed25519_sk
> debug1: Will attempt key: /home/robert/.ssh/id_xmss
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info:
> server-sig-algs=<ssh-ed25519,sk-ssh-ed25519 at openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/robert/.ssh/id_rsa RSA
> SHA256:2vjQjFca63GJ3xu9FMPbqOmpR5yb+VEImHWexHfg510 agent
> debug1: Server accepts key: /home/robert/.ssh/id_rsa RSA
> SHA256:2vjQjFca63GJ3xu9FMPbqOmpR5yb+VEImHWexHfg510 agent
> debug1: Authentication succeeded (publickey).

This means that the server accepted your id_rsa key, and that it has 
theĀ  public key from the pair andĀ  authetication succeeded, you're "in" now.

> Authenticated to 192.168.60.184 ([192.168.60.184]:22).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions at openssh.com
> debug1: Entering interactive session.
here it says you're 'in'
> debug1: pledge: network
> debug1: client_input_global_request: rtype hostkeys-00 at openssh.com want_reply 0
> debug1: Remote: /home/bob1/.ssh/authorized_keys:1: key options:
> agent-forwarding port-forwarding pty user-rc x11-forwarding
> debug1: Remote: /home/bob1/.ssh/authorized_keys:1: key options:
> agent-forwarding port-forwarding pty user-rc x11-forwarding
> debug1: Sending environment.
> debug1: Sending env LANG = en_US.UTF-8
> Welcome to Ubuntu 20.10 (GNU/Linux 5.8.0-43-generic x86_64)
>
>   * Documentation:  https://help.ubuntu.com
>   * Management:     https://landscape.canonical.com
>   * Support:        https://ubuntu.com/advantage
>
> 0 updates can be installed immediately.
> 0 of these updates are security updates.
>
> Last login: Wed Feb 10 14:36:10 2021 from 192.168.60.182
> bob1 at Juptier:~$


and there you are.


so your key pair is working.

>
>
>>   This should be enlightening.  It is possible that the compiled
>> in default is something other than ~/.ssh/id_rsa and the -v option will tell
>> you that.  If it is in fact something else, you need to include an
>> IdentityFile setting like I showed above.  You might need to do it on the
>> "other" machine if you ssh both ways.
>>
>>>
>>>>> The instructions I am using
>>>>> <https://www.linuxbabe.com/linux-server/setup-passwordless-ssh-login> says to
>>>>> edit /etc/ssh/sshd_config and change "PasswordAuthentication" from "yes" to
>>>>> "no" and change "ChallengeResponseAuthentication" to "no".  That did not work
>>>>> as I can still SSH to the computer and login to the computer using the
>>>>> password.
>>>>>
>>>>> When I edit /etc/ssh/sshd_config "PasswordAuthentication" is commented out so I
>>>>> removed the comment and changed "yes" to "no".
>>>>> "ChallengeResponseAuthentication" was not on the config file so I added it.
>>>>> What else do I need to do?
>>>>>

More information about the ubuntu-users mailing list