Openssh-server and public key authentication

highpost · October 19, 2020, 8:04am

I'm trying to get openssh-server to work with public key authentication.

Since this isn't working I've been trying to isolate the issue. To begin with, I'm limiting this to my LAN, so it's not a firewall issue. I have DropBear working on port 22 with both password and public key authentication. With openssh-server I have password authentication working on port 2222 (but not public key). Finally, I get the same results when I use a MacBook and an Ubuntu 20.04 PC and my authorized_keys files are identical between /etc/dropbear and /etc/ssh.

~/.ssh/config (password only):

Host porch 192.168.1.1
  Ciphers aes256-ctr
  MACs hmac-sha2-256
  PasswordAuthentication yes
  Protocol 2

~/.ssh/config (public key only):

Host porch 192.168.1.1
  Ciphers aes256-ctr
  HostKeyAlgorithms ssh-rsa
  KexAlgorithms curve25519-sha256@libssh.org
  MACs hmac-sha2-256
  IdentityFile ~/.ssh/id_rsa
  PasswordAuthentication no
  Protocol 2

/etc/ssh/sshd_config (password only)

ChallengeResponseAuthentication no 
PasswordAuthentication yes
PermitRootLogin yes
Port 2222
Protocol 2
Ciphers aes256-ctr
MACs hmac-sha2-256

/etc/ssh/sshd_config (public key only)

ChallengeResponseAuthentication no 
PasswordAuthentication no
PermitRootLogin yes
Port 2222
Protocol 2
PubkeyAuthentication yes
Ciphers aes256-ctr
HostKeyAlgorithms ssh-rsa
KexAlgorithms curve25519-sha256@libssh.org
MACs hmac-sha2-256

anon50098793 · October 19, 2020, 8:10am

ssh is simple to debug... run the daemon in the foreground with verbose debugging ( but a simple logread would probably be enough ) and run the client with verbose options...

highpost · October 20, 2020, 7:55pm

Thanks. It turned out that DropBear expects authorized_keys to be in /etc/ssh and OpenSSH expects it in /root/.ssh.

system · October 30, 2020, 7:55pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.