This is the old XigmaNAS forum in read only mode,
it will taken offline by the end of march 2021!



I like to aks Users and Admins to rewrite/take over important post from here into the new fresh main forum!
Its not possible for us to export from here and import it to the main forum!

SSH public key authentication failure

Secure shell connections.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
unclben
NewUser
NewUser
Posts: 2
Joined: 28 Jan 2013 03:02
Status: Offline

SSH public key authentication failure

Post by unclben »

I used ssh-keygen to create a keypair on my laptop. I then used scp to move the public key to my user's home directory (/mnt/ada0/) on the NAS4Free box. Then, inside the .ssh folder, I renamed the public key to authorized_keys. The first time, that worked:

Code: Select all

ben@six:~/.ssh$ scp id_rsa.pub 192.168.0.122:/mnt/ada0/.ssh/id_rsa.pub
ben@192.168.0.122's password: 
id_rsa.pub                                    100%  389     0.4KB/s   00:00    
ben@six:~/.ssh$ ssh ben@192.168.0.122
ben@192.168.0.122's password: 
Last login: Mon Jan 28 02:18:48 2013 from 192.168.0.115
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
	The Regents of the University of California.  All rights reserved.
Welcome to NAS4Free!
$ cd .ssh
$ mv id_rsa.pub authorized_keys
$ ls -a
.		..		authorized_keys
$ exit
Connection to 192.168.0.122 closed.
ben@six:~/.ssh$ ssh ben@192.168.0.122
Last login: Mon Jan 28 02:19:54 2013 from 192.168.0.115
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
	The Regents of the University of California.  All rights reserved.
Welcome to NAS4Free!
I then fiddled around with rsync settings for a while. When I tried to make rsync work over ssh, I got an authentication error:

Code: Select all

ben@six:~$ rsync -avz *.test 192.168.0.122:ben/
Permission denied (publickey).
I thought that was odd, since ssh had been working fine and rsync worked perfectly when I did a direct rsync transfer without using ssh. Sure enough, when I went back and tried an ssh session I got the same authentication error.

Code: Select all

ben@six:~/.ssh$ ssh 192.168.0.122
Permission denied (publickey).
I do have the shell set to "sh" for user "ben".
The .ssh directory is in ben's home directory (home is /mnt/ada0, key is in /mnt/ada0/.ssh) on the NAS4Free box.
I tried deleting the contents of the .ssh folder on the NAS4Free box, then re-copying (and re-naming) the public key from my laptop, but I still get the same error.
I can't figure out why ssh would STOP working. HELP, please!

User avatar
raulfg3
Site Admin
Site Admin
Posts: 4865
Joined: 22 Jun 2012 22:13
Location: Madrid (ESPAÑA)
Contact:
Status: Offline

Re: SSH public key authentication failure

Post by raulfg3 »

12.1.0.4 - Ingva (revision 7743) on SUPERMICRO X8SIL-F 8GB of ECC RAM, 11x3TB disk in 1 vdev = Vpool = 32TB Raw size , so 29TB usable size (I Have other NAS as Backup)

Wiki
Last changes

HP T510

fsbruva
Advanced User
Advanced User
Posts: 378
Joined: 21 Sep 2012 14:50
Status: Offline

Re: SSH public key authentication failure

Post by fsbruva »

What do the daemon logs on Nas4free say?
Is there any chance that the password for user "ben" on the laptop is the same as the password for "ben" on Nas4free? Or, did it used to be?
Do you have multiple private keys for some reason?

unclben
NewUser
NewUser
Posts: 2
Joined: 28 Jan 2013 03:02
Status: Offline

Re: SSH public key authentication failure

Post by unclben »

Finally found some time to work on this again...

@raulfg3:
I saw those instructions previously, but they don't seem right.
1) You mention that you need to add the WebGUI to write keys. The screenshot in the first link shows a DSA private key, but no instructions about how to set up the keypair. The second link goes through all the steps, but does not use the WebGUI at all.
2) The detailed instructions in your second link have a big caveat on the page that those steps are only valid (in their entirety) if you are creating a whole new keypair. In my case I am not - I have existing private and public keys that I want to add to this NAS4Free server.
3) Why would the server need my private key? Maybe I'm thinking about this wrong, but wouldn't my private key be on my laptop (the box that is initiating the connection) and the server would only hold the public key? In the second link, he creates the keypair on the server (why?) but only copies the private key to his client. Does the server need to have both public and private, and the client only the private? In any case, I tried to copy my id_rsa file over to the server but that didn't make a difference.

@fsbruva:
1)Thank you for suggesting that I look at the logs... Here is what they say each time I try (and fail) to connect using non-interactive login:
Mar 3 20:29:08 nas4free sshd[10210]: SSH: Server;Ltype: Version;Remote: 192.168.0.115-45252;Protocol: 2.0;Client: OpenSSH_5.9p1 Debian-5ubuntu1
Mar 3 20:29:08 nas4free sshd[10210]: Authentication refused: bad ownership or modes for directory /mnt/ada0
It looks like maybe it's a permissions issue of some kind? "ben" is the owner of /mnt/ada0 (as set in the mount point section of WebGUI), which is ben's home directory as well, so I'm not sure what the problem is.
2) At this time, the user on both client server is the same ("ben") as is the password. Is that a problem? Why would the server care what my local machine's user password is?
3) I do not have multiple private keys, just one. I opened id_rsa and checked just to be sure. :-)

One last bit of info... here is what I get when I use ssh -v to connect:

Code: Select all

ben@six:~/.ssh$ ssh -v ben@192.168.0.122
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.0.122 [192.168.0.122] port 22.
debug1: Connection established.
debug1: identity file /home/ben/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/ben/.ssh/id_rsa-cert type -1
debug1: identity file /home/ben/.ssh/id_dsa type -1
debug1: identity file /home/ben/.ssh/id_dsa-cert type -1
debug1: identity file /home/ben/.ssh/id_ecdsa type -1
debug1: identity file /home/ben/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p2-hpn13v11 FreeBSD-openssh-portable-5.8.p2_3,1
debug1: match: OpenSSH_5.8p2-hpn13v11 FreeBSD-openssh-portable-5.8.p2_3,1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: DSA b2:d0:99:cb:6e:b2:53:95:4d:f6:b3:02:1d:bc:36:db
debug1: Host '192.168.0.122' is known and matches the DSA host key.
debug1: Found key in /home/ben/.ssh/known_hosts:1
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ben/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/ben/.ssh/id_dsa
debug1: Trying private key: /home/ben/.ssh/id_ecdsa
debug1: Next authentication method: password
ben@192.168.0.122's password: 
Thank you both for responding to my initial post and hopefully with your help I can figure this out!

fsbruva
Advanced User
Advanced User
Posts: 378
Joined: 21 Sep 2012 14:50
Status: Offline

Re: SSH public key authentication failure

Post by fsbruva »

Code: Select all

Authentication refused: bad ownership or modes for directory /mnt/ada0
Dead giveaway that your permissions are borked. Take a look at the SSH options (within Nas4Free) to make it log more verbosely.

http://www.daveperrett.com/articles/201 ... n-refused/

Check out what Google found for me... is is possible something else modified the permissions of your /mnt/ada0/.ssh directory?

Ant0niS
NewUser
NewUser
Posts: 1
Joined: 13 Jun 2014 13:26
Status: Offline

Re: SSH public key authentication failure

Post by Ant0niS »

I am sorry for the bump but I wanted to thank you.
I spend about 2 hours trying to make it work.
The g-w made the trick on my home directory.

Post Reply

Return to “SSH”