Can't connect with ssh using keys

[theikid]

Hi there,

on Bluefin I was able to connect through ssh using my ed25519 (public) key added through the gui to my user account. But now that I'm on Cobia I have to put my password everytime so it seems that it's not using my key anymore.

I'm on TrueNAS-SCALE-23.10.1.3.

Anyone would have any lead ? Thank you !

 

[chuck32]

It would be helpful if you would share your configuration, otherwise how should we know what went wrong ;)

 

[theikid]

It would be helpful if you would share your configuration, otherwise how should we know what went wrong ;)

I thought that my ts version would be enough.

All my other servers work with the same key from my laptop.

I run mac os sonoma on a macbook pro.

Using the ed25519 i successfully log in to a gitlab self host instance, raspberry pi and my unifi express gateway.

What other infos would be useful?

 

[chuck32]

What other infos would be useful?

The part in your truenas GUI where you configured the key for authentication ;)

Did you disable password authentication?

 

[theikid]

The part in your truenas GUI where you configured the key for authentication ;)

Did you disable password authentication?

Yeah should I thought.

In credentials/user. Edit my user and add the content of my public key to the authorized keys input. Password was on, so i could connect with password, i turn it off so now i can’t login.

Maybe i can show you some log if you know how to debug?

 

[chuck32]

Yeah should I thought.

There is a difference between you describing what you did and us seeing what you actually did. Some screenshots would be helpful.

I just enabled SSH on my machine to check on 23.10.1.

I used my admin account as an example. Under Credentials -> Local Users -> Admin -> edit I pasted my public key. The easiest would be to use the Choose File button and upload the public key file.

I didn't know on top of my head, whether you need to disable password based authentication or not. I checked, when you correctly configured ssh keys they will be used, but you can skip them and use your password. Ignore the checkmark for now.

After you did this, you should be able to login using your key.

In the next steps you could either disable password based authentication per user or under Services -> SSH

you could disable passwords for every user. This is to enforce the ssh key based authentication.

I also created a ed25519 key pair to double check whether ed25519 is supported or not. At least in 23.10.1 it is supported.

My suspicion is that you did not correctly configure your ssh keys and that's why you are not prompted for your keys. Also, just to be sure, you are prompted for your user password and not the ssh key password?

1) Upload the public key via file
2) check if you are prompted for a key (or rather you should be prompted for the key password or be logged in directly when you did not set a password for your key)
3) If not, try and disable "SSH password login enabled" for the user, see if it works now

Did you try to generate a new key pair, just for testing?

When using another keypair it may be required to specify which private key to use (at least in windows terminal it will otherwise just use the default key .ssh/id_rsa):

ssh -i "/path/to/keyfile" user@host

If that still does not work, please provide screenshots.

 

[theikid]

There is a difference between you describing what you did and us seeing what you actually did. Some screenshots would be helpful.

I just enabled SSH on my machine to check on 23.10.1.

I used my admin account as an example. Under Credentials -> Local Users -> Admin -> edit I pasted my public key. The easiest would be to use the Choose File button and upload the public key file.

View attachment 75272
I didn't know on top of my head, whether you need to disable password based authentication or not. I checked, when you correctly configured ssh keys they will be used, but you can skip them and use your password. Ignore the checkmark for now.

After you did this, you should be able to login using your key.

In the next steps you could either disable password based authentication per user or under Services -> SSH
View attachment 75273
you could disable passwords for every user. This is to enforce the ssh key based authentication.

I also created a ed25519 key pair to double check whether ed25519 is supported or not. At least in 23.10.1 it is supported.

My suspicion is that you did not correctly configure your ssh keys and that's why you are not prompted for your keys. Also, just to be sure, you are prompted for your user password and not the ssh key password?

1) Upload the public key via file
2) check if you are prompted for a key (or rather you should be prompted for the key password or be logged in directly when you did not set a password for your key)
3) If not, try and disable "SSH password login enabled" for the user, see if it works now

Did you try to generate a new key pair, just for testing?

When using another keypair it may be required to specify which private key to use (at least in windows terminal it will otherwise just use the default key .ssh/id_rsa):

ssh -i "/path/to/keyfile" user@host

If that still does not work, please provide screenshots.

Your comment led me to verify permissions on my .ssh folder & authorised_key file and it was not properly set.

home folder can't be writable by group, .ssh need to be chmod 700 & .ssh/authorized_keys chmod 600 and

Thank you for guiding !

 

[chuck32]

Thank you for guiding !

Glad you solved it!

Just for me to understand it, did you not use the GUI or how did the permissions even change on your system?

 

[theikid]

Glad you solved it!

Just for me to understand it, did you not use the GUI or how did the permissions even change on your system?

I use ACL so I don't understand too what happened... what change is moving from bluefin to Cobia and changed my IP, nothing else changed..