[opensuse] [Leap 15] SSH & Raspberry Pi
I have two Raspberry Pi Zeros in my intranet. I would like to be able to ssh into them, but every time I try from this desktop machine, I get a 'Permission denied (publickey,password)' error. I have searched most of google space, and all answers seem to come down to either settings in the server's /etc/ssh/sshd_config file or permissions on the ~/.ssh folder and ~/.ssh/authorized_keys file. I have followed every suggestion, but none have worked. OTOH, using Juice on my Android phone, I can get in straightaway with sshing to pi@raspberrypi. I am asked for user pi's password, and then I'm in. Thereafter, that connection works without the password. What's the difference between the openssh on Leap 15.2 and Android's Juice app? And how can I get ssh access working from my desktop? I can provide further details if required, eg server settings, sshd_config settings. -- Bob Williams System: Linux 5.3.18-lp152.20.7-default Desktop: KDE Frameworks: 5.71.0, Qt: 5.12.7 and Plasma: 5.18.5 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 2020-07-18 at 22:47 +0100, Bob Williams wrote:
I have two Raspberry Pi Zeros in my intranet. I would like to be able to ssh into them, but every time I try from this desktop machine, I get a 'Permission denied (publickey,password)' error.
I have searched most of google space, and all answers seem to come down to either settings in the server's /etc/ssh/sshd_config file or permissions on the ~/.ssh folder and ~/.ssh/authorized_keys file. I have followed every suggestion, but none have worked.
OTOH, using Juice on my Android phone, I can get in straightaway with sshing to pi@raspberrypi. I am asked for user pi's password, and then I'm in. Thereafter, that connection works without the password.
What's the difference between the openssh on Leap 15.2 and Android's Juice app? And how can I get ssh access working from my desktop?
I can provide further details if required, eg server settings, sshd_config settings.
-- Bob Williams System: Linux 5.3.18-lp152.20.7-default Desktop: KDE Frameworks: 5.71.0, Qt: 5.12.7 and Plasma: 5.18.5
Whenever I have having trouble logging in with SSH I find adding the -v switch (verbose) very helpful. SSH tries various things to authenticate, and various ciphers and the two parties have to find ones they both like. If nothing else you learn a little about how SSH does this negotiation. Bill -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op zondag 19 juli 2020 00:27:48 CEST schreef Bill Merriam: > On Sat, 2020-07-18 at 22:47 +0100, Bob Williams wrote: > > I have two Raspberry Pi Zeros in my intranet. I would like to be able > > to ssh into them, but every time I try from this desktop machine, I > > get a 'Permission denied (publickey,password)' error. > > > > I have searched most of google space, and all answers seem to come > > down > > to either settings in the server's /etc/ssh/sshd_config file or > > permissions on the ~/.ssh folder and ~/.ssh/authorized_keys file. I > > have followed every suggestion, but none have worked. > > > > OTOH, using Juice on my Android phone, I can get in straightaway with > > sshing to pi@raspberrypi. I am asked for user pi's password, and then > > I'm in. Thereafter, that connection works without the password. > > > > What's the difference between the openssh on Leap 15.2 and Android's > > Juice app? And how can I get ssh access working from my desktop? > > > > I can provide further details if required, eg server settings, > > sshd_config settings. > > Whenever I have having trouble logging in with SSH I find adding the -v > switch (verbose) very helpful. SSH tries various things to > authenticate, and various ciphers and the two parties have to find ones > they both like. If nothing else you learn a little about how SSH does > this negotiation. > > Bill Bill, I think that 1. SSH is not enabled 2. The firewall port is not opened. First, on the Pi's make sure SSH is running ( YaST - System - Services manager. Second, make sure the firewall is open for SSH ( port 22 or YaST- Security, Users Groups - Firewall - public zone - Add ssh -- Gertjan Lettink a.k.a. Knurpht openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 19 Jul 2020 02:11:55 +0200 Knurpht-openSUSE <knurpht@opensuse.org> wrote:
Bill, I think that 1. SSH is not enabled 2. The firewall port is not opened.
First, on the Pi's make sure SSH is running ( YaST - System - Services manager. Second, make sure the firewall is open for SSH ( port 22 or YaST- Security, Users Groups - Firewall - public zone - Add ssh
Sorry, I should have said - the Pis are running Raspberry Pi OS, not openSUSE. But they both have SSH enabled. I don't know of any firewall settings in RPi. And if either of your points 1 and 2 applied, how was Juice (an SSH app) running on my Android phone able to connect? -- Bob Williams System: Linux 5.3.18-lp152.20.7-default Desktop: KDE Frameworks: 5.71.0, Qt: 5.12.7 and Plasma: 5.18.5 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/18/2020 04:47 PM, Bob Williams wrote:
I have two Raspberry Pi Zeros in my intranet. I would like to be able to ssh into them, but every time I try from this desktop machine, I get a 'Permission denied (publickey,password)' error.
I'm confused... You have 2 Pi Zeros. What OS is on them? Debian/openSUSE? You also have "this desktop machine" -- same question, openSUSE? For the installs with openSUSE, sshd is disabled by default and port 22 is closed. (there is a place in the installer at the end of final software selection where you can tick a box to start sshd by default and it will open the firewall for you) Follow Gertjan's directions if that is the case. If the Pi zeros are running debian and sshd isn't running, then it should be a simple case of enabling and starting the sshd service, e.g. (as root) # systemctl enable sshd # systemctl start sshd It will then be restarted on each reboot. When you attempt to connect, as Bill indicated, you can use verbose mode to diagnose the connection. Instead of just one -v, use -vv for additional connection debug information. Post back the OS on each machine and the output of ssh -vv for the box you try to connect from. Provide $ systemctl status sshd on the server you are attempt to connect 'to'. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 18 Jul 2020 19:55:32 -0500 "David C. Rankin" <drankinatty@suddenlinkmail.com> wrote:
On 07/18/2020 04:47 PM, Bob Williams wrote:
I have two Raspberry Pi Zeros in my intranet. I would like to be able to ssh into them, but every time I try from this desktop machine, I get a 'Permission denied (publickey,password)' error.
I'm confused... You have 2 Pi Zeros. What OS is on them? Debian/openSUSE? You also have "this desktop machine" -- same question, openSUSE?
Sorry, I should have provided all this. The Pis are running the Rasperry Pi OS. This desktop machine (blackbox) is running openSUSE Leap 15.2. [...]
If the Pi zeros are running debian and sshd isn't running, then it should be a simple case of enabling and starting the sshd service, e.g. (as root)
# systemctl enable sshd # systemctl start sshd
It will then be restarted on each reboot.
When you attempt to connect, as Bill indicated, you can use verbose mode to diagnose the connection. Instead of just one -v, use -vv for additional connection debug information.
Post back the OS on each machine and the output of ssh -vv for the box you try to connect from. Provide
09:18 bob@blackbox:~> ssh -vv bob@pi2 OpenSSH_8.1p1, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /home/bob/.ssh/config debug1: /home/bob/.ssh/config line 20: Applying options for pi2 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 25: Applying options for * debug2: resolving "pi2" port 22 debug2: ssh_connect_direct debug1: Connecting to pi2 [192.168.178.33] port 22. debug1: Connection established. debug1: identity file /home/bob/.ssh/id_rsa type -1 debug1: identity file /home/bob/.ssh/id_rsa-cert type -1 debug1: identity file /home/bob/.ssh/id_dsa type 1 debug1: identity file /home/bob/.ssh/id_dsa-cert type -1 debug1: identity file /home/bob/.ssh/id_ecdsa type 2 debug1: identity file /home/bob/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/bob/.ssh/id_ed25519 type -1 debug1: identity file /home/bob/.ssh/id_ed25519-cert type -1 debug1: identity file /home/bob/.ssh/id_xmss type -1 debug1: identity file /home/bob/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Raspbian-10+deb10u2 debug1: match: OpenSSH_7.9p1 Raspbian-10+deb10u2 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to pi2:22 as 'bob' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:2YXpVUDXeRpfMxoO8hr3IBZQmlzb18YtXsmHoshXyHA debug1: Host 'pi2' is known and matches the ECDSA host key. debug1: Found key in /home/bob/.ssh/known_hosts:10 debug2: set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: Skipping ssh-dss key /home/bob/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes debug1: Will attempt key: /home/bob/.ssh/id_rsa debug1: Will attempt key: /home/bob/.ssh/id_ecdsa ECDSA SHA256:BKPOUHRhIcuLF7Td9deyHSLEZcAajUnzuFUZauUfiW4 debug1: Will attempt key: /home/bob/.ssh/id_ed25519 debug1: Will attempt key: /home/bob/.ssh/id_xmss debug2: pubkey_prepare: done debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/bob/.ssh/id_rsa debug1: Offering public key: /home/bob/.ssh/id_ecdsa ECDSA SHA256:BKPOUHRhIcuLF7Td9deyHSLEZcAajUnzuFUZauUfiW4 debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/bob/.ssh/id_ed25519 debug1: Trying private key: /home/bob/.ssh/id_xmss debug2: we did not send a packet, disable method debug1: No more authentication methods to try. bob@pi2: Permission denied (publickey,password).
$ systemctl status sshd
on the server you are attempt to connect 'to'.
● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2020-07-18 18:01:52 BST; 15h ago Docs: man:sshd(8) man:sshd_config(5) Process: 396 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 408 (sshd) Memory: 2.5M CGroup: /system.slice/ssh.service └─408 /usr/sbin/sshd -D Jul 18 18:01:48 pi2 systemd[1]: Starting OpenBSD Secure Shell server... Jul 18 18:01:52 pi2 sshd[408]: Server listening on 0.0.0.0 port 22. Jul 18 18:01:52 pi2 sshd[408]: Server listening on :: port 22. Jul 18 18:01:52 pi2 systemd[1]: Started OpenBSD Secure Shell server. Jul 18 21:26:32 pi2 sshd[14210]: Accepted password for pi from 192.168.178.23 port 38878 ssh2 Jul 18 21:26:32 pi2 sshd[14210]: pam_unix(sshd:session): session opened for user pi by (uid=0) Jul 18 21:29:10 pi2 sshd[14443]: Accepted password for pi from 192.168.178.23 port 38900 ssh2 Jul 18 21:29:10 pi2 sshd[14443]: pam_unix(sshd:session): session opened for user pi by (uid=0) 192.168.178.23 is my Android phone, running Juice SSH. -- Bob Williams System: Linux 5.3.18-lp152.20.7-default Desktop: KDE Frameworks: 5.71.0, Qt: 5.12.7 and Plasma: 5.18.5 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/19/2020 03:29 AM, Bob Williams wrote:
debug1: Will attempt key: /home/bob/.ssh/id_ecdsa ECDSA SHA256:BKPOUHRhIcuLF7Td9deyHSLEZcAajUnzuFUZauUfiW4 debug1: Will attempt key: /home/bob/.ssh/id_ed25519 debug1: Will attempt key: /home/bob/.ssh/id_xmss debug2: pubkey_prepare: done debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/bob/.ssh/id_rsa debug1: Offering public key: /home/bob/.ssh/id_ecdsa ECDSA SHA256:BKPOUHRhIcuLF7Td9deyHSLEZcAajUnzuFUZauUfiW4 debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/bob/.ssh/id_ed25519 debug1: Trying private key: /home/bob/.ssh/id_xmss debug2: we did not send a packet, disable method debug1: No more authentication methods to try. bob@pi2: Permission denied (publickey,password).
You don't have a private key on blackbox that matches a public key in ~/.ssh/authorized_keys on Pi. copy the public key for either `id_rsa.pub` or `id_ecdsa.pub` to Pi as `id_rsa.pub.bb` or `id_ecdsa.pub.bb` and then $ cat id_rsa.pub.bb > ~/.ssh/authorized_keys You should then be able to ssh into pi. (the .bb, short for blackbox, was added to the end to prevent overwriting any similarly named keys on pi -- and to identify them as keys from blackbox) -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 19 Jul 2020 04:06:15 -0500 "David C. Rankin" <drankinatty@suddenlinkmail.com> wrote:
On 07/19/2020 03:29 AM, Bob Williams wrote: [...]
You don't have a private key on blackbox that matches a public key in ~/.ssh/authorized_keys on Pi.
copy the public key for either `id_rsa.pub` or `id_ecdsa.pub` to Pi as `id_rsa.pub.bb` or `id_ecdsa.pub.bb` and then
$ cat id_rsa.pub.bb > ~/.ssh/authorized_keys
You should then be able to ssh into pi.
(the .bb, short for blackbox, was added to the end to prevent overwriting any similarly named keys on pi -- and to identify them as keys from blackbox)
Excellent. Many thanks, David. I had tried to copy the public keys using ssh-copy-id, but kept running into Permission denied, when I expected to be asked for the password. -- Bob Williams System: Linux 5.3.18-lp152.20.7-default Desktop: KDE Frameworks: 5.71.0, Qt: 5.12.7 and Plasma: 5.18.5 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 7/19/20 5:04 AM, Bob Williams wrote:
On Sun, 19 Jul 2020 04:06:15 -0500 "David C. Rankin" <drankinatty@suddenlinkmail.com> wrote:
On 07/19/2020 03:29 AM, Bob Williams wrote: [...]
You don't have a private key on blackbox that matches a public key in ~/.ssh/authorized_keys on Pi.
copy the public key for either `id_rsa.pub` or `id_ecdsa.pub` to Pi as `id_rsa.pub.bb` or `id_ecdsa.pub.bb` and then
$ cat id_rsa.pub.bb > ~/.ssh/authorized_keys
You should then be able to ssh into pi.
(the .bb, short for blackbox, was added to the end to prevent overwriting any similarly named keys on pi -- and to identify them as keys from blackbox)
Excellent. Many thanks, David.
I had tried to copy the public keys using ssh-copy-id, but kept running into Permission denied, when I expected to be asked for the password.
It's a good thing you did, the following needs >> instead of > $ cat id_rsa.pub.bb >> ~/.ssh/authorized_keys You may need to modify the /etc/ssh/sshd_config to allow password logins so you can move your public key over. Sounds like you know where you are going from here. Let us know if you have more issues. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Bill Merriam -
Bob Williams -
David C. Rankin -
Knurpht-openSUSE