Re: how do I fix ssh?

Top Page
Attachments:
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
+ (text/plain)
Delete this message
Reply to this message
Author: Joseph Sinclair via PLUG-discuss
Date:  
To: plug-discuss
CC: Joseph Sinclair
Subject: Re: how do I fix ssh?
A few items jump out here. Note the first few are just general recommendations, not solutions to your problem, that's at the end if you want to skip forward.
1) Remove the execute permission on both config and the public key; it's not your problem, but it's also unnecessary.
2) public keys are intended to be, well, public. It isn't necessary, but wouldn't hurt to make the permissions for the .pub file chmod 444 (read only for you, group, and world)
3) Wouldn't hurt to make the id_rsa file read-only (chmod 400) just to minimize the chance of accidents.

Actual solutions (in order of probability to fix the issue presented):
1) Check the contents of config, make sure it does not have a reference to the wrong public/private key pair (or a reference to the public key where a private key is required).
a) this is a common one, "IdentityFile id_rsa" is correct, but I often see "IdentityFile id_rsa.pub", which is not correct. Note also you can rename those (e.g. instead of id_rsa and id_rsa.pub you could have desktop and desktop.pub) key pair files to help distinguish source or purpose, and avoid using the same key pair in multiple places (the same as reusing a password; it's poor security practice).
2) remove authorized_keys on both machines, then repeat the ssh-copy-id commands. Often the issues you're encountering are caused by incorrect entries in that file.
3) Check permissions on the ~/.ssh folder; make sure it's no more permissive than chmod 755, and ideally chmod 750. Openssh won't accept the configuration if the folder is set too permissive.
4) Check known_hosts, make sure it doesn't have bad entries

Please let us know if any of those fix things.

On 2022-10-21 11:36 PM, Jim via PLUG-discuss wrote:
> Somehow I screwed up ssh on my Raspberry pi that runs ubuntu 20.04 and my desktop that runs Kubuntu 22.04. When I try to log into one from the other, I get an error message.
>
> Logging into the desktop from the Pi gives me this error: Load key "/home/pi/.ssh/id_rsa.pub": invalid format and I'm prompted for a password.
>
> In both of them I deleted id_rsa and id_rsa.pub. Then I tried ssh-keygen, ssh-copy-id, then tried to log in like ssh-copy-id said to (ssh ).
>
> When I tried to log into the Pi from the desktop, the error I get is Load key "/home/desktop.user/.ssh/id_rsa.pub": error in libcrypto
>
> When try to log into the desktop from the Pi, the error message I get is Load key "/home/pi.user/.ssh/id_rsa.pub": invalid format
>
> In both cases I'm prompted for a password and I'm able to log in.
>
> The permissions of the files in the .ssh directory on both machines is the same
>
> -rw------- 1 delboy delboy 564 Oct 21 22:47 authorized_keys
> -rwxr--r-- 1 delboy delboy 122 Oct 21 18:27 config
> -rw------- 1 delboy delboy 2602 Oct 21 22:43 id_rsa
> -rwx------ 1 delboy delboy 566 Oct 21 22:43 id_rsa.pub
> -rw------- 1 delboy delboy 364 Oct 21 22:44 known_hosts
>
> In both machines, how can I reset ssh to the state it was in when I first installed the OS on each machine?
>
> Thanks
>
> ---------------------------------------------------
> PLUG-discuss mailing list:
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list:
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss