Access via ssh with key

Hello, I have an unexpected problem with SSH access to my router on OpenWRT 22.03. I added my public key and when I connect to the root user everything works fine, but when I try to connect under another user I get the message: Permission denied (publickey). If I activate the Allow SSH password authentication option, then everything works and I can open a session under this user, but only with a password. Help me figure out the problem?

When you say "try to connect under another user", do you mean another user on the client computer, or another user on the router?

Each user on the client has a different SSH private key, and thus each user has to upload it's public key to the router. Also, each user on the server has a different list of authorized keys, so you have to add your public keys for each user.

Another user on the router, of course. Do you mean this: sudo ssh-copy-id -p {port} {user}@192.168.1.1? For some reason, when entering this command, the system writes: sh: can't create /etc/dropbear/authorized_keys: Permission denied. I suspect that the user needs to be added to some group?

The user on the client is the same. But I can log in as root without any problems. I can also log in as a different user using a password.

Run this command via ssh:

cat /etc/passwd

Each user in this file is represented as a line consisting of 7 fields, separated by colons. The first field is the user name. Check that your other user is actually present in this file. If it is not, you need to add a new user using adduser.

If the user exists, check the second-to-last field to see if the home directory is set. If it is not, you need to create it and update /etc/passwd accordingly. Usually this directory is something like /home/<your user>.

If you have the correct home directory, check that the .ssh directory exists in it. If not, create it with mkdir.

If you have the .ssh directory, check that authorized_keys exists in it. If not, create it and add the desired public keys inside it.

If all of that exists, ensure that the user actually owns the home directory and its contents:

chown -R <your user>:<your group> <home directory>

Look up your user's group using the 4th field of /etc/passwd and the /etc/group file.

1 Like

Thanks everyone, I solved the problem by deleting the authorized_keys file from the user's .ssh folder. I created a new file and re-registered the key there, after that everything worked. Tell me, it turns out that if I add keys through the Luci interface, then they are registered only for root?

Yes, that page only adds keys to the root user's authorized_keys file.

1 Like