[SOLVED] SSH key-only authentication on LMDE3

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
Fuzzy
Level 3
Level 3
Posts: 158
Joined: Thu Jul 28, 2011 11:54 am

[SOLVED] SSH key-only authentication on LMDE3

Post by Fuzzy » Fri Oct 26, 2018 12:49 am

I've pored over the documentation and websites for a few days now. I'm seeing that most instructions for SSH about how to setup "PasswordAuthentication no" (key-only authentication) vary from OS to OS. I'm having difficulty finding documentation which will help me understand key-only authenticated SSH in LMDE3.

I've set permissions for ~ ~/.ssh and authorized_keys on the server, as suggested by the "SSH best practices" websites.

I've modified the server's /etc/ssh/sshd_config file as shown on the "SSH best practices" websites.

I've checked and tested my key pairs as explained in various websites and docs.

I've even disabled the GNOME SSH, and GNOME KEYRING from MENU | PREFERENCES | STARTUP APPLICATIONS - as a test (now re-enabled).

It doesn't matter what I do - I am prompted to enter a password for my local private key the first time I SSH after a reboot.

The server is Arch Linux using OpenSSH, the client is using LMDE3.

In looking at the output from ssh -v blah@blahblah - I don't see anything that stands out. It gets to:

Code: Select all

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /<ssh directory>/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-blah blah blah blah
...and then prompts me for a passphrase for the local private key. I'm at a loss of how to achieve a fully non-passphrase, key-only authentication with LMDE3.

NOTE: in the snippet of ssh -v output provided above, the <ssh directory> and "blah blah blah" were edits I made in this post, and do not appear in the actual output.

Once again - any direction to helpful documentation would be appreciated.

Thanks,
Fuzzy
Last edited by Fuzzy on Tue Oct 30, 2018 4:02 pm, edited 1 time in total.

PhilippeH
Level 1
Level 1
Posts: 36
Joined: Thu Jul 20, 2017 3:12 am
Location: Toulon (France)
Contact:

Re: SSH key-only authentication on LMDE3

Post by PhilippeH » Fri Oct 26, 2018 2:42 am

Hello
I recently setup this type of access between two computers in local network running Mint 18.3 and 19. I followed these instructions and it works like a charm. Hope it will also in your case.

Fuzzy
Level 3
Level 3
Posts: 158
Joined: Thu Jul 28, 2011 11:54 am

Re: SSH key-only authentication on LMDE3

Post by Fuzzy » Fri Oct 26, 2018 3:27 am

Hi PhilippeH! Thanks for the link.

I went through the steps carefully, but I had already performed the steps.

I'm thinking this might have something to do with Debian. Some folks said that by getting rid of the gnome items at startup, that it would resolve the issue. I didn't find this to be true. With the gnome items disabled in startup, the behavior is the same, it just displays on the screen differently (with gnome enabled, the passphrase prompt shows up in a dialog box, with gnome disabled, the passphrase prompt shows up in the terminal window.)

Thanks though!

Fuzzy

PhilippeH
Level 1
Level 1
Posts: 36
Joined: Thu Jul 20, 2017 3:12 am
Location: Toulon (France)
Contact:

Re: SSH key-only authentication on LMDE3

Post by PhilippeH » Fri Oct 26, 2018 5:31 am

I don't know if any of the steps you performed before interferes with the instructions I mentioned. For me it worked immediately but I am not capable of helping any further.

As to using a passphrase or not, if you hit Enter without providing one, it works and will not be necessary any more

Fuzzy
Level 3
Level 3
Posts: 158
Joined: Thu Jul 28, 2011 11:54 am

Re: SSH key-only authentication on LMDE3

Post by Fuzzy » Tue Oct 30, 2018 4:02 pm

Ok - chalk another one up to not understanding what I had read.

The system is actually operating exactly as it is supposed to in my current configuration. I finally realized this after setting up a key pair and testing from LiveCDs of both LMDE3 and Arch Linux - both displayed the same "symptom" of requesting the passphrase for my private key.

Along the way, I started realizing my mistake, as I questioned the logic..."Well, if you can have the private key's passphrase automatically offered, or saved...what's the point of the passhprase for the private key?!"

Finally, it dawned on me where my flaw in understanding had been, and that the only point to the private key passphrase was to protect against folks who had physical access to the client computer...to prevent them from logging onto my SSH server using my public/private key share. So, in effect, if I chose to assign a passphrase to the private key, that the entire point was to then manually use that key each time I rebooted. (Duh!) It seems so obvious now, that I am embarrassed to admit the problem.

Anyway - thanks for the offers of help and such, but I finally "got it."

Thanks,
Fuzzy

Post Reply

Return to “Newbie Questions”