Ssh keys not working?

realmx2 · December 23, 2022, 2:57am

I setup 2 new 9.1 “standard” installs, and I can ssh into each other. but when I create an ssh key and then copy the key (successfully) to the other machine I still have to put in a password. not sure why this is happening as any ssh key guide explains it to work this way, and it’s always worked with other linux distros. am i missing something that’s rhel/alma specific?

boring video showing the issue: https://photos.app.goo.gl/2Nt5h8Lx7s4moE4f6

jlehtone · December 23, 2022, 10:16am

You did copy the public key with ssh-copy-id, so permissions and SELinux attributes are correct. Before seeing the video that would have my primary suspect.

However, you did copy ssh-copy-id -i mykey.pub u@remote
That was correct too, since you have your key in your home directory.

There we get to the real issue; your identity file is not in the default location with default name.

You can now do:

ssh -i ~/mykey u@remote

The man ssh writes:

-i identity_file

Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk and ~/.ssh/id_rsa. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). If no certificates have been explicitly specified by the CertificateFile directive, ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames.

The root cause is thus that you did give explicit filename for ssh-keygen and ssh does not know about it. When one does not request filename, the ssh-keygen puts the keys to default location and the filenames are by the type of keys.

You could:

Keep using the -i ~/mykey, which is boring
Move/rename the mykey into ~/.ssh/` (id_rsa, id_rsa.pub ?)
Create entry into .ssh/config

Host other
  IdentityFile ~/mykey
  Hostname remote
  User u

With that config the ssh other is an alias for ssh -i ~/mykey u@remote

PS. Most of text on the video was unreadable on my screen, but there was enough for educated guess.

realmx2 · December 23, 2022, 5:40pm

you are correct, I performed the task again without specifying a name, and it appeared to work well

it seems that in specifying the name of the key saved it to that directory (home directory) - I know that ssh is very specific about what directory and the permissions of the directory that a key is in. so that is probably the issue.

thank you for your help.

Topic		Replies	Views
Raspberry Pi SSH Support	4	351	August 2, 2023
SSHD rejecting every publickey I throw at it Support	3	960	June 19, 2022
SSH configuration is not being honored Security	3	831	October 2, 2023
Passwordless rsh and rlogin Support	2	313	January 9, 2023
SSH password auth keeps being set to "no" automatically Security	4	734	October 25, 2023

Ssh keys not working?

Related Topics