Unable to Generate SSH Public/Private Keys

Status
Not open for further replies.
Z

Zythyr

Dabbler
Joined
Mar 4, 2013
Messages
42
When I try to generate public/private ssh keys for a specific user (ex: user1), I get the following error below. User1 doesn't have a home directory is it set to the default /nonexistent directory.
Code:
[root@SVR1 ~]# su user1
[user1@SVR1 ] /root% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/nonexistent/.ssh/id_rsa):
Could not create directory '/nonexistent/.ssh': No such file or directory
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
open /nonexistent/.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /nonexistent/.ssh/id_rsa.


When I try generating the keys using root, I get the following error:
Code:
[root@SVR ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
open /root/.ssh/id_rsa failed: Read-only file system.
Saving the key failed: /root/.ssh/id_rsa.


SVR1 Config:
Hostname: SVR1.local
Build: FreeNAS-9.2.1.9-RELEASE-x86 (2bbba09)
Platform: Intel(R) Pentium(R) 4 CPU 3.40GHz
Memory: 6052MB
 
Last edited:
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Zythyr said:
When I try to generate public/private ssh keys for a specific user (ex: user1), I get the following error below. User1 doesn't have a home directory is it set to the default /nonexistent directory.
Click to expand...
...and there's your problem. ssh keys go in ~/.ssh/, and if ~/ doesn't exist, there's no place for them to go. Change user1's home directory to something that exists.

When I try generating the keys using root, I get the following error:
Click to expand...
The root filesystem is mounted read-only on 9.2.x and prior. FreeNAS 9.3 doesn't do this, but needs 4x as much RAM as you have.
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
2GB of RAM is still half the minimum requirement for UFS on 9.2.1.X
 
Z

Zythyr

Dabbler
Joined
Mar 4, 2013
Messages
42
I just updated the RAM on the server to 6GB by temporarily borrowing the RAM from another computer.

How can I make the root file system writable so I can generate SSH key pairs for the root user?

As for generating the SSH keys for user1, must I really have a home directory for the users? Can't I keep it nonexistent? For Freenas 9.3, I was able to generate SSH key pair for a user without a home directory. The key as saved into the /nonexistent/.ssh folder.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Why do you want to generate ssh key pairs for local users on the FreeNAS server? That would imply that users are logged in to there, and using ssh from there to other hosts, which isn't an expected use of the system.
For Freenas 9.3, I was able to generate SSH key pair for a user without a home directory. The key as saved into the /nonexistent/.ssh folder.
Click to expand...
In order to create /nonexistent/.ssh/, /nonexistent/ can't be nonexistent (i.e., it has to exist), which kind of defeats the purpose of using that directory name. And in that case, the user does indeed have a home directory--it's /nonexistent/.
 
Z

Zythyr

Dabbler
Joined
Mar 4, 2013
Messages
42
danb35 said:
Why do you want to generate ssh key pairs for local users on the FreeNAS server? That would imply that users are logged in to there, and using ssh from there to other hosts, which isn't an expected use of the system.

In order to create /nonexistent/.ssh/, /nonexistent/ can't be nonexistent (i.e., it has to exist), which kind of defeats the purpose of using that directory name. And in that case, the user does indeed have a home directory--it's /nonexistent/.
Click to expand...

I have two freenas servers. I am trying to access the second freenas server from the first one using SSH. user1 is the main users (aside from root) and I will be using user1 to access user1 on the second freenas server.

Edit:

I just created a home directory for user1 into hard drive which is writable.

Now I am having the following issue:

SVR1 is Freenas 9.2.1.9
SVR2 is Freenas 9.3

I generated the ssh key pair on each server for user1. I copied the public key of each server onto the other server for user1's "authoerized keys" file.

I am able to SSH into SVR2 from SVR1
however, when I try to SSH into SVR1 from SVR2, I am unable to. It keeps asking me for user1's password. Why is it asking me for password when I already put the public key of SVR2 onto SVR1's authorized keys file.
 
Last edited:
Z

Zythyr

Dabbler
Joined
Mar 4, 2013
Messages
42
danb35 said:
Does the authorized_keys file on SVR1 have the correct ownership (user1) and permissions (600)?
Click to expand...

Yes, the authorized_keys file has permission of 600 and the ownership to user1.

user1 exist on both SVR1 and SVR2. The primary group for user1 is user1. Both SVR1 and SVR2 have similar setup. Below are the folders and permissions as follows

SVR1 is running freenas 9.2.1.9
/mnt/SVR1VOL/home >> root:wheel 755
/mnt/SVR1VOL/home/user1 >> user1:user1 755
/mnt/SVR1VOL/home/user1/.ssh >> user1:user1 700
/mnt/SVR1VOL/home/user1/.ssh/authorized_keys >> user1:user1 600

SVR2 is running freenas 9.3
/mnt/SVR2VOL/home >> root:wheel 755
/mnt/SVR2VOL/home/user1 >> user1:user1 755
/mnt/SVR2VOL/home/user1/.ssh >> user1:user1 700
/mnt/SVR2VOL/home/user1/.ssh/id_rsa >> user1:user1 600
/mnt/SVR2VOL/home/user1/.ssh/id_rsa.pub >> user1:user1 644
/mnt/SVR2VOL/home/user1/.ssh/known_hosts >> user1:user1 644
Click to expand...

I am trying to SSH into SVR1 from SVR2.


Edit: Using all the above configurations, I restarted both the freenas server. SSH passwordless login finally worked when logging into SVR1 from SVR2. But now I have another issues. I exited the terminal and retried logging into SVR1 from SVR2, but now I get connection time out error (see below). It seems the SSH only works once, then after logging out when I try to SSH again, I get the timed out error.

[user1@SVR2] ~/.ssh% ssh-keyscan -t rsa 192.168.1.113 >> ~/.ssh/known_hosts
# 192.168.1.113 SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
[user1@SVR2] ~/.ssh% ssh user1@192.168.1.113
Connection to 192.168.1.113 timed out while waiting to read
Click to expand...

Sometimes, when SSH does work (with password), after restarting the server, when I try to SSH again, I get error like the one below. Why is the host key changing? The IP address is still the same...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
09:55:89:b2:40:33:4b:e6:0a:21:b3:73:3e:0f:01:53.
Please contact your system administrator.
Add correct host key in /mnt/SVR2VOL/home/user1/.ssh/known_hosts to get rid of
this message.
Offending ECDSA key in /mnt/SVR2VOL/home/user1/.ssh/known_hosts:1
ECDSA host key for 192.168.1.113 has changed and you have requested strict check
ing.
Host key verification failed.
Click to expand...
 
Last edited:
Status
Not open for further replies.

Similar threads

H
  • Locked
SOLVED Passwordless SSH - cannot get it to work what so ever. Please help.
Replies
5
Views
10K
Storms
S
Z
  • Locked
SSH works only temporialrly
Replies
5
Views
2K
Zythyr
Z
wr00
  • Locked
SSH RSA key authentication FreeNAS 9.3
Replies
5
Views
7K
danb35
danb35
diedrichg
  • Locked
Yet another SSH problem
Replies
16
Views
3K
Whattteva
Whattteva
NASn00b
  • Locked
How to configure SSH access without passwords using WinSCP?
Replies
4
Views
11K
SmallGuy
SmallGuy
Top