Re: [PLUG] What are the permissions for .ssh/authorized_keys?
On Thu, 27 Apr 2023, Tomas Kuchta wrote: You can stop the sshd service on the server, then start it interactively with - - then try connecting from the client to see the server response in your server shell. Tomas, et al.: I found the problem and it will take me a while to fix it. It's related to user authentication. On 18 May 2020 Pat added PAM to Slackware64-current and it's now part of 15.0; alienbob reported this on his blog. There's PAM and PAM-kbr5 (for Kerberos). PAM requires three packages, PAM, Cracklib, and libpwquality. While PAM and Cracklist are in the PACKAGES.TXT list in the Slackware64-15.0 source tree, I don't find either installed on the laptop. The other side of this issue is that PAM is not available for Slackware64-14.2; it's brand new with -15.0. I don't know if this makes a difference because while salmo's syslogs and secure logs have no entries relating to ssh or sshd, caddis' do. There are a few entries in syslog* but many in the secure logs. Example: Apr 22 17:24:31 caddis sshd[1388]: gkr-pam: unable to locate daemon control file Apr 22 17:24:31 caddis sshd[1388]: gkr-pam: stashed password to try later in open session Apr 22 17:24:31 caddis sshd[1385]: pam_unix(sshd:session): session opened for user rshepard(uid=1000) by (uid=0) Apr 22 17:24:31 caddis sshd[1385]: gkr-pam: unable to locate daemon control file Apr 22 17:24:31 caddis sshd[1385]: gkr-pam: gnome-keyring-daemon started properly So, at least for the next couple of days I'll continu using a 32G USB flash drive to exchange files between the two host because I've client work that has a higher priority. Thanks, everyone. Regards, Rich
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
You can stop the sshd service on the server, then start it interactively with - - then try connecting from the client to see the server response in your server shell. If you find this not helpful - please just ignore it. No comments necessary. -T On Thu, Apr 27, 2023, 09:53 Rich Shepard wrote: > On Thu, 27 Apr 2023, King Beowulf wrote: > > > When you ssh caddis -> salmo, sshd will log the event on salmo > > (destination). > > Slackware 15.0 default for sshd is > > /var/log/syslog -> errors and status messages > > /var/log/secure -> errors and status messages (pam) > > look for sshd messages. > > Ed, > > Since last Sunday (syslog.4/secure.4) there are no ssh or sshd messages in > either. > > Thanks, > > Rich >
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
On Thu, 27 Apr 2023, King Beowulf wrote: When you ssh caddis -> salmo, sshd will log the event on salmo (destination). Slackware 15.0 default for sshd is /var/log/syslog -> errors and status messages /var/log/secure -> errors and status messages (pam) look for sshd messages. Ed, Since last Sunday (syslog.4/secure.4) there are no ssh or sshd messages in either. Thanks, Rich
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
where is the documentation for ssh's type xx messages off topic mostly but an example of getting ssh log messages on ubuntu 22.10 I decided to see what my linux system had for error messages |$ journalctl -u ssh --since yesterday over 17000 lines of outputs 3242 transactions indicating rejected connection attempts one example |Apr 26 17:26:39 drdoom sshd[31371]: Invalid user marcos from 223.197.188.206 port 59378 Apr 26 17:26:39 drdoom sshd[31371]: pam_unix(sshd:auth): check pass; user unknown Apr 26 17:26:39 drdoom sshd[31371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.197.188.206 Apr 26 17:26:41 drdoom sshd[31371]: Failed password for invalid user marcos from 223.197.188.206 port 59378 ssh2 Apr 26 17:26:41 drdoom sshd[31371]: Received disconnect from 223.197.188.206 port 59378:11: Bye Bye [preauth] Apr 26 17:26:41 drdoom sshd[31371]: Disconnected from invalid user marcos 223.197.188.206 port 59378 [preauth] whois gives 93 lines of info for that IP, basically PCCW IMS Ltd (PCCW Business Internet Access) 26/F, PCCW TOWER TAIKOO PLACE 979 KINGS ROAD QUARRY BAY, HONG KONG I guess the good news is there were no Accepted connections listed. steve Russell Senior wrote: " debug1: Offering public key: /home/rshepard/.ssh/id_ed25519 ED25519 SHA256:kzkp07EYCHEBeOLgGgKYbPGD1IdtDpJl2gPVSfYYXtk debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 " type 51 is an indication that the server is rejecting the key you are trying to use. Success would be type 52. You need to look at the salmo logs to find out why. On Wed, Apr 26, 2023 at 11:09 AM Rich Shepard wrote: On Wed, 26 Apr 2023, MC_Sequoia wrote: Here's where I think the problem is: "debug1: Trying private key: /home/rshepard/.ssh/id_ed25519_sk debug3: no such identity: /home/rshepard/.ssh/id_ed25519_sk: No such file or directory debug1: Trying private key: /home/rshepard/.ssh/id_xmss debug3: no such identity: /home/rshepard/.ssh/id_xmss: No such file or directory debug1: Trying private key: /home/rshepard/.ssh/id_dsa debug3: no such identity: /home/rshepard/.ssh/id_dsa: No such file or directory debug2: we did not send a packet, disable method" Mike, There are no _sk suffixes or _xmss in either salmo/.ssh/ or caddis/.ssh/. Salmo's ssh: ssh_host_dsa_key.pub ssh_host_ed25519_key ssh_host_rsa_key.pub ssh_config ssh_host_ecdsa_key ssh_host_ed25519_key.pub sshd_config ssh_host_dsa_key ssh_host_ecdsa_key.pub ssh_host_rsa_key I'll futz with this later today. What's interesting is that I've not had these issues with any other desktop or laptop over the past 25+/- years. Thanks, Rich
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
On 4/26/23 12:32, Rich Shepard wrote: > There are no ssh logs in/var/log/ or root's home directory. Rich, When you ssh caddis -> salmo, sshd will log the event on salmo (destination). Slackware 15.0 default for sshd is /var/log/syslog -> errors and status messages /var/log/secure -> errors and status messages (pam) look for sshd messages. -Ed
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
It's logged somewhere. Figure out where. On Wed, Apr 26, 2023 at 12:32 PM Rich Shepard wrote: > On Wed, 26 Apr 2023, Russell Senior wrote: > > > type 51 is an indication that the server is rejecting the key you are > > trying to use. Success would be type 52. You need to look at the salmo > logs > > to find out why. > > Russell, > > There are no ssh logs in /var/log/ or root's home directory. > > In salmo/.ssh/ caddis is the only entry in authorized_keys and one of three > in known_hosts (the other two being my web site host and github). > > Rich > >
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
On Wed, 26 Apr 2023, Russell Senior wrote: type 51 is an indication that the server is rejecting the key you are trying to use. Success would be type 52. You need to look at the salmo logs to find out why. Russell, There are no ssh logs in /var/log/ or root's home directory. In salmo/.ssh/ caddis is the only entry in authorized_keys and one of three in known_hosts (the other two being my web site host and github). Rich
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
" debug1: Offering public key: /home/rshepard/.ssh/id_ed25519 ED25519 SHA256:kzkp07EYCHEBeOLgGgKYbPGD1IdtDpJl2gPVSfYYXtk debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 " type 51 is an indication that the server is rejecting the key you are trying to use. Success would be type 52. You need to look at the salmo logs to find out why. On Wed, Apr 26, 2023 at 11:09 AM Rich Shepard wrote: > On Wed, 26 Apr 2023, MC_Sequoia wrote: > > > Here's where I think the problem is: > > "debug1: Trying private key: /home/rshepard/.ssh/id_ed25519_sk > > debug3: no such identity: /home/rshepard/.ssh/id_ed25519_sk: No such > file or directory > > debug1: Trying private key: /home/rshepard/.ssh/id_xmss > > debug3: no such identity: /home/rshepard/.ssh/id_xmss: No such file or > directory > > debug1: Trying private key: /home/rshepard/.ssh/id_dsa > > debug3: no such identity: /home/rshepard/.ssh/id_dsa: No such file or > directory > > debug2: we did not send a packet, disable method" > > Mike, > > There are no _sk suffixes or _xmss in either salmo/.ssh/ or caddis/.ssh/. > Salmo's ssh: > ssh_host_dsa_key.pub > ssh_host_ed25519_key > ssh_host_rsa_key.pub > ssh_config > ssh_host_ecdsa_key > ssh_host_ed25519_key.pub > sshd_config > ssh_host_dsa_key > ssh_host_ecdsa_key.pub > ssh_host_rsa_key > > I'll futz with this later today. > > What's interesting is that I've not had these issues with any other desktop > or laptop over the past 25+/- years. > > Thanks, > > Rich > >
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
On Wed, 26 Apr 2023, MC_Sequoia wrote: Here's where I think the problem is: "debug1: Trying private key: /home/rshepard/.ssh/id_ed25519_sk debug3: no such identity: /home/rshepard/.ssh/id_ed25519_sk: No such file or directory debug1: Trying private key: /home/rshepard/.ssh/id_xmss debug3: no such identity: /home/rshepard/.ssh/id_xmss: No such file or directory debug1: Trying private key: /home/rshepard/.ssh/id_dsa debug3: no such identity: /home/rshepard/.ssh/id_dsa: No such file or directory debug2: we did not send a packet, disable method" Mike, There are no _sk suffixes or _xmss in either salmo/.ssh/ or caddis/.ssh/. Salmo's ssh: ssh_host_dsa_key.pub ssh_host_ed25519_key ssh_host_rsa_key.pub ssh_config ssh_host_ecdsa_key ssh_host_ed25519_key.pub sshd_config ssh_host_dsa_key ssh_host_ecdsa_key.pub ssh_host_rsa_key I'll futz with this later today. What's interesting is that I've not had these issues with any other desktop or laptop over the past 25+/- years. Thanks, Rich
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
Rich, Here's where I think the problem is: "debug1: Trying private key: /home/rshepard/.ssh/id_ed25519_sk debug3: no such identity: /home/rshepard/.ssh/id_ed25519_sk: No such file or directory debug1: Trying private key: /home/rshepard/.ssh/id_xmss debug3: no such identity: /home/rshepard/.ssh/id_xmss: No such file or directory debug1: Trying private key: /home/rshepard/.ssh/id_dsa debug3: no such identity: /home/rshepard/.ssh/id_dsa: No such file or directory debug2: we did not send a packet, disable method" Seems like you can't traverse the ~/.ssh directory try "ssh -i path-to-pem-file username@ip-address" If this works then you need to chmod +x the ~/.ssh/* and chmod 700 ~/.ssh chmod 600~/.ssh/* –
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
On Wed, 26 Apr 2023, Rich Shepard wrote: I don't think I mentioned on this list yesterday's test results: salmo and caddis can ping each other; salmo can ssh to caddis; caddis still cannot ssh to salmo. Just now I looked at the known_hosts file on both hosts. salmo has one line for caddis. But, caddis has 3 lines for salmo: ED25519, RSA, and ECDSA. I want to use only the first, but the others are added back in the file each time I try to ssh to salmo. In /etc/ssh/ on both hosts are multiple key pairs: $ ls /etc/ssh modulissh_host_dsa_key.pubssh_host_ed25519_key ssh_host_rsa_key.pub ssh_configssh_host_ecdsa_key ssh_host_ed25519_key.pub sshd_config ssh_host_dsa_key ssh_host_ecdsa_key.pub ssh_host_rsa_key Can I delete the dsa, ecdsa, and rsa pairs? Rich
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
On Wed, 26 Apr 2023, MC_Sequoia wrote: Rich, are you seeing any error messages? Yep. Because I cannot attach the log file resulting from `ssh -vvv salmo` I've uploaded it to . I don't know enough to see what's still not correct on either the caddis client or the salmo host. I don't think I mentioned on this list yesterday's test results: salmo and caddis can ping each other; salmo can ssh to caddis; caddis still cannot ssh to salmo. I did a web search this morning for .ssh/ and contents perms. They are all properly set now. Thanks, Mike, Rich
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
"Still won't connect from laptop to desktop;" Rich, are you seeing any error messages?
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
On Wed, 26 Apr 2023, Michael Ewan wrote: Also, ssh can silently fail to connect if the permissions are too loose. Thanks, Michael. They're all now with the proper perms, both hosts. Still won't connect from laptop to desktop; still working on that. Rich
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
Also, ssh can silently fail to connect if the permissions are too loose. On Wed, Apr 26, 2023, 6:19 AM Rich Shepard wrote: > On Wed, 26 Apr 2023, Jeffrey Borcean wrote: > > > 0600 / -rw--- > > Thanks, Jeffrey. I did not find this with my web searches. > > Rich >
Re: [PLUG] What are the permissions for .ssh/authorized_keys?
On Wed, 26 Apr 2023, Jeffrey Borcean wrote: 0600 / -rw--- Thanks, Jeffrey. I did not find this with my web searches. Rich
[PLUG] What are the permissions for .ssh/authorized_keys?
I've learned the permissions of all .ssh/ files other than authorized_keys. What should be the perms for that file? TIA, Rich
