sftp
sftp copied to clipboard
atmoz
authorized_keys is broken
After many attempt to make it works with keys, and getting denied:
Status: Server refused our key
Status: Access denied
Error: Authentication failed.
i checked the authorized_keys file.
The pk is added to it but incorrectly as you can see:
this is the top of the file, the -----BEGIN.. part is in row 2 and a part of the key in row 1.
I do believe that this is the reason why i can't login.
Can you have a look ?
You need to add the public key to the server, not the private key. (Unless I'm misunderstanding your issue?)
it did that to me with the public key too. I then (in winscp) copied the key "to paste into authorized_keys" and placed that into the .ssh/keys/ directory and the authorised keys got created with the correct format. But I still can't login - i get the same "server refused our key" message
I am having the same issue. Its like the authorized_keys files is sorted in alphabetical order for some reason.
Experiencing this as well, used OpenSSH format but keys are not getting appended properly and are in alphabetical order as bromine355 commented above. Based on a quick look through the create-sftp-user script, it looks like the sort command right after cat may be causing this. Seems that I can reproduce this issue in an isolated environment. Running "sort < id_rsa.pub | uniq > test" results in the test file having the pubkey in alphabetical order, therefore leading to refused keys. I really don't know much about this entire operation, but that's what it seems like is happening to me.
I have never done this before today so forgive me if I made a misstep, but I was able to rebuild the image by modifying the authorized keys section from this:
# Add SSH keys to authorized_keys with valid permissions
userKeysQueuedDir="/home/$user/.ssh/keys"
if [ -d "$userKeysQueuedDir" ]; then
userKeysAllowedFileTmp="$(mktemp)"
userKeysAllowedFile="/home/$user/.ssh/authorized_keys"
for publickey in "$userKeysQueuedDir"/*; do
cat "$publickey" >> "$userKeysAllowedFileTmp"
done
# Remove duplicate keys
sort < "$userKeysAllowedFileTmp" | uniq > "$userKeysAllowedFile"
chown "$uid" "$userKeysAllowedFile"
chmod 600 "$userKeysAllowedFile"
fi
to this:
# Add SSH keys to authorized_keys with valid permissions
userKeysQueuedDir="/home/$user/.ssh/keys"
if [ -d "$userKeysQueuedDir" ]; then
userKeysAllowedFileTmp="$(mktemp)"
userKeysAllowedFile="/home/$user/.ssh/authorized_keys"
for publickey in "$userKeysQueuedDir"/*; do
cat "$publickey" >> "$userKeysAllowedFile"
done
chown "$uid" "$userKeysAllowedFile"
chmod 600 "$userKeysAllowedFile"
fi
Basically removed the sort command and just cat the publickey directly to the authorized_keys file, and it ends with a successfully created authorized_keys file, verified that ssh key auth worked after this change
I have never done this before today so forgive me if I made a misstep, but I was able to rebuild the image by modifying the authorized keys section from this:
# Add SSH keys to authorized_keys with valid permissions userKeysQueuedDir="/home/$user/.ssh/keys" if [ -d "$userKeysQueuedDir" ]; then userKeysAllowedFileTmp="$(mktemp)" userKeysAllowedFile="/home/$user/.ssh/authorized_keys" for publickey in "$userKeysQueuedDir"/*; do cat "$publickey" >> "$userKeysAllowedFileTmp" done # Remove duplicate keys sort < "$userKeysAllowedFileTmp" | uniq > "$userKeysAllowedFile" chown "$uid" "$userKeysAllowedFile" chmod 600 "$userKeysAllowedFile" fito this:
# Add SSH keys to authorized_keys with valid permissions userKeysQueuedDir="/home/$user/.ssh/keys" if [ -d "$userKeysQueuedDir" ]; then userKeysAllowedFileTmp="$(mktemp)" userKeysAllowedFile="/home/$user/.ssh/authorized_keys" for publickey in "$userKeysQueuedDir"/*; do cat "$publickey" >> "$userKeysAllowedFile" done chown "$uid" "$userKeysAllowedFile" chmod 600 "$userKeysAllowedFile" fiBasically removed the sort command and just cat the publickey directly to the authorized_keys file, and it ends with a successfully created authorized_keys file, verified that ssh key auth worked after this change
forgive my ignorance - when you say "rebuild the image" do you mean the atmoz image? if yes, then where does the ARM template get the new image from?
From the authorized_keys man page: https://manpages.debian.org/experimental/openssh-server/authorized_keys.5.en.html#AUTHORIZED_KEYS_FILE_FORMAT
Each line of the file contains one key (empty lines and lines starting with a ‘#’ are ignored as comments).
We sort the file to remove duplicated keys. That is why your multi-line keys are looking strange. But according to the documentation, keys should be on one line. Do multi-line keys even work?
