Ssh keys not working?

I setup 2 new 9.1 “standard” installs, and I can ssh into each other. but when I create an ssh key and then copy the key (successfully) to the other machine I still have to put in a password. not sure why this is happening as any ssh key guide explains it to work this way, and it’s always worked with other linux distros. am i missing something that’s rhel/alma specific?

boring video showing the issue:

You did copy the public key with ssh-copy-id, so permissions and SELinux attributes are correct. Before seeing the video that would have my primary suspect.

However, you did copy ssh-copy-id -i u@remote
That was correct too, since you have your key in your home directory.

There we get to the real issue; your identity file is not in the default location with default name.

You can now do:

ssh -i ~/mykey u@remote

The man ssh writes:

-i identity_file

Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk and ~/.ssh/id_rsa. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). If no certificates have been explicitly specified by the CertificateFile directive, ssh will also try to load certificate information from the filename obtained by appending to identity filenames.

The root cause is thus that you did give explicit filename for ssh-keygen and ssh does not know about it. When one does not request filename, the ssh-keygen puts the keys to default location and the filenames are by the type of keys.

You could:

  • Keep using the -i ~/mykey, which is boring
  • Move/rename the mykey into ~/.ssh/` (id_rsa, ?)
  • Create entry into .ssh/config
Host other
  IdentityFile ~/mykey
  Hostname remote
  User u

With that config the ssh other is an alias for ssh -i ~/mykey u@remote

PS. Most of text on the video was unreadable on my screen, but there was enough for educated guess. :slight_smile:


you are correct, I performed the task again without specifying a name, and it appeared to work well

it seems that in specifying the name of the key saved it to that directory (home directory) - I know that ssh is very specific about what directory and the permissions of the directory that a key is in. so that is probably the issue.

thank you for your help.