Cannot SSH using public key

DustinB3403

Technically the guide I see here is showing RSA key pairs and not dsa, even though the instructions say to use

ssh-keygen -t dsa

. . .

This will create the following files 2 files;
/home/scan_man/.ssh/new_id_rsa.pub  ===> Public Key
/home/scan_man/.ssh/new_id_rsa  ===> Private Key

travisdh1

@IRJ First off, generate the key as the user, just to make everything that much simpler. Use sudo if you have to.

sudo - scan_user keygen

Then copy the public key wherever.

sudo - scan_user ssh-copy-id scan_user@wherever

If those throw an error, try without the - (that tells sudo to fully load the scan_user profile.)

No mussing about with permissions, they are set coherently already.

As @DustinB3403 said, Nessus will have to support the encryption. If they don't support at least RSA, all these "security" things they tell you to do is not worth anything.

IRJ

@DustinB3403 said in Cannot SSH using public key:

Technically the guide I see here is showing RSA key pairs and not dsa, even though the instructions say to use

ssh-keygen -t dsa

. . .

This will create the following files 2 files;
/home/scan_man/.ssh/new_id_rsa.pub  ===> Public Key
/home/scan_man/.ssh/new_id_rsa  ===> Private Key

Yeah those guides are fucked. This the second one I am following today and the second one that is completely fucked up.

travisdh1

@IRJ said in Cannot SSH using public key:

@DustinB3403 said in Cannot SSH using public key:

Technically the guide I see here is showing RSA key pairs and not dsa, even though the instructions say to use

ssh-keygen -t dsa

. . .

This will create the following files 2 files;
/home/scan_man/.ssh/new_id_rsa.pub  ===> Public Key
/home/scan_man/.ssh/new_id_rsa  ===> Private Key

Yeah those guides are fucked. This the second one I am following today and the second one that is completely fucked up.

/agree

IRJ

@travisdh1 said in Cannot SSH using public key:

@IRJ said in Cannot SSH using public key:

@DustinB3403 said in Cannot SSH using public key:

Technically the guide I see here is showing RSA key pairs and not dsa, even though the instructions say to use

ssh-keygen -t dsa

. . .

This will create the following files 2 files;
/home/scan_man/.ssh/new_id_rsa.pub  ===> Public Key
/home/scan_man/.ssh/new_id_rsa  ===> Private Key

Yeah those guides are fucked. This the second one I am following today and the second one that is completely fucked up.

/agree

I figured the first one out. I guess I should make guides here once I am done, because the interwebs does not have any good documentation for this and Tenable has really screwed up.

IRJ

@travisdh1 said in Cannot SSH using public key:

@IRJ First off, generate the key as the user, just to make everything that much simpler. Use sudo if you have to.

sudo - scan_user keygen

Then copy the public key wherever.

sudo - scan_user ssh-copy-id scan_user@wherever

If those throw an error, try without the - (that tells sudo to fully load the scan_user profile.)

No mussing about with permissions, they are set coherently already.

As @DustinB3403 said, Nessus will have to support the encryption. If they don't support at least RSA, all these "security" things they tell you to do is not worth anything.

It should support RSA , and it looks like i should switch user to generate keys. I dont see anywhere to generate for another user.

DustinB3403

@IRJ Just login as the scan_user and then run the ssh-keygen process if you want to run it under that user account.

DustinB3403

Literally su scan_user
ssh-keygen -t rsa

IRJ

@DustinB3403 said in Cannot SSH using public key:

Literally su scan_user
ssh-keygen -t rsa

yeah doing it now.

IRJ

Still getting permission denied when trying to login even via ssh-copy-id

IRJ

I want to throw something right now!!! This should be so basic!!! ugh

DustinB3403

@IRJ okay lets take a step back.

Can you ssh into this unit as scan_user ?

ssh [email protected] ?

IRJ

@DustinB3403 said in Cannot SSH using public key:

@IRJ okay lets take a step back.

Can you ssh into this unit as scan_user ?

ssh [email protected] ?

I cannot right now because I have these lines in sshd

Match User scan_user
    PasswordAuthentication no

DustinB3403

@IRJ said in Cannot SSH using public key:

@DustinB3403 said in Cannot SSH using public key:

@IRJ okay lets take a step back.

Can you ssh into this unit as scan_user ?

ssh [email protected] ?

I cannot right now because I have these lines in sshd

Match User scan_user
    PasswordAuthentication no

Then you would never be able to copy the key to this system. You need password auth first, which can be disabled once you have working keys.

---

Unless you manually copy and paste the key to this system, which is stupid.

Just enable passauth for the time, setup the key with ssh-copy-id and then turn off the passwordauth.

IRJ

@DustinB3403 said in Cannot SSH using public key:

@IRJ said in Cannot SSH using public key:

@DustinB3403 said in Cannot SSH using public key:

@IRJ okay lets take a step back.

Can you ssh into this unit as scan_user ?

ssh [email protected] ?

I cannot right now because I have these lines in sshd

Match User scan_user
    PasswordAuthentication no

Then you would never be able to copy the key to this system. You need password auth first, which can be disabled once you have working keys.

Ok. I commented out restarted sshd and I was able to login with password.

DustinB3403

@IRJ said in Cannot SSH using public key:

@DustinB3403 said in Cannot SSH using public key:

@IRJ said in Cannot SSH using public key:

@DustinB3403 said in Cannot SSH using public key:

@IRJ okay lets take a step back.

Can you ssh into this unit as scan_user ?

ssh [email protected] ?

I cannot right now because I have these lines in sshd

Match User scan_user
    PasswordAuthentication no

Then you would never be able to copy the key to this system. You need password auth first, which can be disabled once you have working keys.

Ok. I commented out restarted sshd and I was able to login with password.

Okay, now perform the ssh-copy-id command.

DustinB3403

@IRJ ?

IRJ

@DustinB3403 said in Cannot SSH using public key:

@IRJ ?

I finally got it working! I commented that out and it is now working. I was also able to turn off password authentication for that account.

The issue was in my sshd_config

AuthorizedKeysFile  %h/.ssh/authorized_keys

IRJ

Gonna have to do this on another server for a sanity check though lol

IRJ

Ok sanity check complete. Working on another system now. My only issue was AuthorizedKeysFile