Notices
Page 1 of 2 1 2
Reply
Thread Tools
TopBananananana is offline TopBananananana
2012-11-18 , 12:29
Posts: 14 | Thanked: 5 times | Joined on Oct 2012
#1
Hi all,

I'm having problems with SSH keys and my N900. I'm not a complete Linux newbie, I use Linux exclusively at home and SSH a lot between computers.

For some reason, I cannot get keys to work with the N900 working as a server.
  • The server starts fine with /etc/init.d/ssh restart, not errors.
    In /etc/ssh/sshd_config I have AuthorizedKeysFile %h/.ssh/authorized_keys
  • I have my public key copied to /home/user/.ssh/authorized_keys
  • On my laptop I'm using the command: ssh user@192.168.0.21 (user as that is the name of the folder where .ssh/authorized_keys is kept, and 192.168.0.21 which is the IP of the phone as confirmed by /sbin/ifconfig)
Result: Permission denied (publickey).

Comparing to my 'main' Linux server the biggest thing different is a lot of *key* files missing, except ssh_host_rsa_key and ssh_host_rsa_key.pub, but I'm using RSA keys anyway and the others aren't referred to by /etc/ssh/sshd_config.

I'm sure it's something *really* simple, but I cannot, for the life of me, work out what's wrong.

Help, advice and ideas gratefully received, no matter how simple.
Last edited by TopBananananana; 2012-11-18 at 14:33. Reason: Now solved!
 
michaaa62 is offline michaaa62
2012-11-18 , 12:45
Posts: 2,102 | Thanked: 1,937 times | Joined on Sep 2008 @ Berlin, Germany
#2
Did you run ssh-copy-id or did you ' physically' copy the key from laptop to N900???
Did you have a passwd setup for the user 'user' on the N900? Only root password is created during configuration of the packages on the N900.
 

The Following User Says Thank You to michaaa62 For This Useful Post:
TopBananananana is offline TopBananananana
2012-11-18 , 13:02
Posts: 14 | Thanked: 5 times | Joined on Oct 2012
#3
Hi, no password is setup except for root. I physically transferred the file but sticking the .pub key onto LAN only apache and then copied and pasted into the N900.
Last edited by TopBananananana; 2012-11-18 at 13:06.
 
michaaa62 is offline michaaa62
2012-11-18 , 13:43
Posts: 2,102 | Thanked: 1,937 times | Joined on Sep 2008 @ Berlin, Germany
#4
Try to check if outcome differs.

On the N900
Code:
rm .ssh/authorized_keys
sudo gainroot
passwd user
On your laptop as $user
Code:
ssh-copy-id -i .ssh/id_rsa.pub user@192.168.0.21
 

The Following User Says Thank You to michaaa62 For This Useful Post:
TopBananananana is offline TopBananananana
2012-11-18 , 13:56
Posts: 14 | Thanked: 5 times | Joined on Oct 2012
#5
Done the above! New error (which I find promising as it means that something's changed and I'm progressing! )

Code:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
ce:7e:93:6f:c9:20:88:20:26:28:bf:39:36:f9:fe:a7.
Please contact your system administrator.
Add correct host key in /home/netbook/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/netbook/.ssh/known_hosts:12
RSA host key for [192.168.0.21]:22 has changed and you have requested strict checking.
Host key verification failed.
Deleted the offending line in known_hosts, but it doesn't seem to change anything?
 
TopBananananana is offline TopBananananana
2012-11-18 , 14:02
Posts: 14 | Thanked: 5 times | Joined on Oct 2012
#6
Disregard that last post, numpty here failed to delete the *right* line, deleted it and it seems to be working!

Is it safe now to disable password logins for the SSH server or will that further break things?
 
michaaa62 is offline michaaa62
2012-11-18 , 14:10
Posts: 2,102 | Thanked: 1,937 times | Joined on Sep 2008 @ Berlin, Germany
#7
The following settings should be set to no:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Restart sshd and check if ssh logins without keys are really disabled, like: Rename your private key file:
Code:
mv ~/.ssh/id_rsa ~/.ssh/id_rsa.backup
Try to login which should be impossible, then restore the key.
Last edited by michaaa62; 2012-11-18 at 14:15.
 

The Following User Says Thank You to michaaa62 For This Useful Post:
TopBananananana is offline TopBananananana
2012-11-18 , 14:17
Posts: 14 | Thanked: 5 times | Joined on Oct 2012
#8
Thank you very much. Your continued support is gratefully appreciated.

Is UsePAM supported? I get the following message
Code:
/etc/ssh # /etc/init.d/ssh restart
/etc/ssh/sshd_config line 77: Unsupported option UsePAM
Restarting OpenBSD Secure Shell server: sshd/etc/ssh/sshd_config line 77: Unsupported option UsePAM
 
TopBananananana is offline TopBananananana
2012-11-18 , 14:22
Posts: 14 | Thanked: 5 times | Joined on Oct 2012
#9
For what it's worth, just restarted it and can log in, even without being challenged for a password.

From my netbook:
Code:
$ls .ssh
id_rsa.bak  id_rsa.pub  known_hosts
Now I am confused.
 
michaaa62 is offline michaaa62
2012-11-18 , 14:26
Posts: 2,102 | Thanked: 1,937 times | Joined on Sep 2008 @ Berlin, Germany
#10
Strange? Did stopping may be fail because of the unsupported option of openssh on the N900?
 
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 14:13.

Contact Us - Home - Archive - Top