SSH into one Linode to another using public key? I'm getting denied

VPS#1 is Debian 10
VPS#2 is Ubuntu 22.04

I created a keypair on VPS#1 and copied the .pub into the ~/.ssh/authorized_keys directory on VPS#2 I reset the ssh deamon with sudo systemctl reload ssh

I am getting Permission denied (publickey) when attempting to connect.

The only thing I changed on my sshd-conf on VPS#2 is:
PubkeyAuthentication yes
PermitRootLogin no
PasswordAuthentication no

I'm not sure what is going on. I triple checked that the key is correct in authorized_keys. It is on line 2. No space between the lines, all in one line. And it in fact is the public version of the key from VPS#1

Is it possible to do this or am I crazy?
thanks for your help

6 Replies

VPS#1 is Debian 10
VPS#2 is Ubuntu 22.04

This doesn't matter… 22.04 is a downstream relative of Deb 10. ssh on both is the same code.

Is it possible to do this or am I crazy?

I do this multiple times a day every day for multiple systems…local and remote (my VPS)…

I created a keypair on VPS#1 and copied the .pub into the ~/.ssh/authorized_keys directory on VPS#2 I reset the ssh deamon with sudo systemctl reload ssh

~/.ssh/authorized_keys is a file…not a directory. You're prob overwriting it with some later operation.

IMHO, ~/.ssh/authorized_keys should have the public keys for both VPSs (just in case you want to do ssh VPS1 from VPS1).

What I do is create a directory called ~/.ssh/pubkey and put all the public keys there. When I'm all done I create ~/.ssh/authorized_keys with:

cat ~/.ssh/pubkey/* >~/.ssh/authorized_keys

Also, the permissions of ~/.ssh/authorized_keys should be -rw-r--r-- and have the same owner/group as the owner/group for ~/.

-- sw

I followed the guide here:
https://www.linode.com/docs/guides/use-public-key-authentication-with-ssh/

there was a section that said to do this:

Give the ~/.ssh directory and authorized_keys files appropriate file >permissions:

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

I thought perhaps that was the problem, Since -rw-r--r-- is done with `chmod 644' correct?

Well I have the permissions set correct now and the owner/group are correct as well.

I did like you and made the pubkey directory to clean it up, and stuck all my public keys in there on both servers. After that I wrote everything in pubkey to the authorized_keys file (again made sure this was done on both servers). I ensured that all the public keys are there. Restarted daemon, rebooted both VPSs, and I still get the denied prompt.

Any chance you’re trying to log in as root? That’s explicitly denied…

Do the accounts you’re trying to use on both system have the same name?

— sw

Not trying to login as root.
The usernames are the same.
I allowed the machines to connect to each other through ufw rules like so:
sudo ufw allow from <IPaddress> to any port 22

I ran that on both servers ensured the rules are set.

I also made a new user, repeated the process of making sure the public keys were in that users authorized_keys and still could not connect.

OK I dont know why, but manually copying the first key I made on VPS#1 over to authorized_keys in VPS#2 did not work.

I made a new keypair and did not name it with a custom name. I left it as id_rsa.pub and then went into VPS#2 and changed PasswordAuthentication no to PasswordAuthentication yes

Then I was able to copy the public key with ssh-copy-id [email protected]
I check that it was in the authorized_keys file and then changed PasswordAuthentication back to no.

I was able to login with the key passphrase. So success!

But can I change the name of that key now or does it need to be id_rsa? Not that it matters, I just prefer to have a name on it because I back all my stuff up to my external hard drive.

edit:
Thanks for your help @stevewi I'm still confused. I think it's a problem with the client side's ssh daemon config. It is only working if the private key is not named anything specific in creation. So it only works as name id_rsa. But what if I want to make multiple SSH keys to connect to different servers? How will I be able to if only one file(id_rsa) is used to connect?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct