a-shell icon indicating copy to clipboard operation
a-shell copied to clipboard
verified publisher icon holzschu

publickey authentication for ssh no longer working

Open Iridium-Lo opened this issue 2 years ago • 10 comments

Issue

  • I was able to ssh using keys until I deleted the app and reinstalled it.
  • I'd do this using .ssh/config on a-shell, now I get permission denied.
  • Doing ssh -i .ssh/<privateKey> user@host prompts for password.

Steps

Documents]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/private
/var/mobile/Containers/Data/Application/1A5B4
A86-B395-465D-A82C-EB57C3968223/Documents/.ss
h/id_rsa): .ssh/ir
Reply is: .ssh/ir.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in .ssh/ir
Your public key has been saved in .ssh/ir.pub
The key fingerprint is:
SHA256:2ekTVdq1BRurgKAAUXdIsZ5SB4cTMAD0T8iF7l
KaMC0 mobile@iPhone
The key's randomart image is:
+---[RSA 3072]----+
|B*=oB*+       +.o|
|  o=** . .   + =o|
| ..++o. . . o +. |
|E .=oo   o + .   |
|.o* o.  S + .    |
| + o     . .     |
|  .       o      |
|           .     |
|                 |
+----[SHA256]-----+
[Documents]$ ls.ssh
ls.ssh: command not found
[Documents]$ ls .ssh
config  ir      ir.pub
Documents]$ scp .ssh/ir.pub [email protected].
0.209:~/.ssh 
The authenticity of host '192.168.0.209 (192.
168.0.209)' can't be established.
ED25519 key fingerprint is SHA256:oSqYqE4r3wf
OyhMupdNyfEadeUKiQ+tO5jhYWehhQII.
This key is not known by any other names
Are you sure you want to continue connecting 
(yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.0.209' (E
D25519) to the list of known hosts.
([email protected]) Password:
ir.pub     100%  567    74.5KB/s   00:00    
[Documents]$ ssh [email protected] 'cat ~/.ssh/ir.pub > ~/.ssh/authorized_hosts; cat a
uthorized_hosts' 
([email protected]) Password:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrjqVEg
OWTKDibuMS9JbyLbky7HwGc10yHmPwDabLJRDzCBzD3Na
kkxFke8tcllbGe9VrZxRHImKOSznYswK0VyWwxNhWHgRM
IsLAIw6EangIlwOMI53xUySd3pY8QHjVTp3ec/L5O9o3m
70Vzn8yqjo6hhP3aS0lU4eyXHyIODwQabvCqwHUDZqFRuJFZwsdBT36YxxPbCDBDjkJmdVaMEf+HAMHCVN4KoDW2Ff
/XPMfonGSEguJH1f4eMk8fMrnzfR/T/rUvPmT/yLv6sKw
HZT9ePkWoTOT7UWfxEPSHWRZqxq0BnvQNwYsahF1lt9oq
/bC66QlcdYUuLtL+U/vB4LHsJY/4tPN8vSqcLjiHeMGl+
3lkKw8NQ+dDXQ1o2YgRH50hYv6iGuammE2wmguRjFb54/
TwEx3CiySVdSPv2RFgpQsM1E+u2FJvOe69SvOovvpGnJK
UJuZbw0mdXo1z0XZokK81y7d9B99mK6OHkI2jJJeJUn6y
VjvIYgjARS0= mobile@iPhone
[Documents]$ cat .ssh/config 
host iri
    user iridium
    hostname 192.168.0.209
    identityFile ~/Documents/.ssh/ir
    preferredAuthentications publickey
Documents]$ ssh iri
[email protected]: Permission denied (pub
lickey,password,keyboard-interactive).
[Documents]$ ssh -i .ssh/ir [email protected]
.209 
([email protected]) Password:

Iridium-Lo avatar Jun 29 '23 23:06 Iridium-Lo

Hi, I have no idea what is happening here, which means it's going to be more difficult to help you. I would have done exactly the same commands. I don't understand why you get "Permission denied" with ssh iri either. Since you generated a new key, I would suspect maybe there is something on the host side where you need to authorize the new key (like adding it to ~/.ssh/authorised_keys?)

holzschu avatar Jun 30 '23 05:06 holzschu

I done that in the output I sent you, but it's hard to see.

Documents]$ ssh [email protected] 'cat ~/.ssh/ir.pub > ~/.ssh/authorized_hosts; cat a
uthorized_hosts' 
([email protected]) Password:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrjqVEg
OWTKDibuMS9JbyLbky7HwGc10yHmPwDabLJRDzCBzD3Na
kkxFke8tcllbGe9VrZxRHImKOSznYswK0VyWwxNhWHgRM
IsLAIw6EangIlwOMI53xUySd3pY8QHjVTp3ec/L5O9o3m
70Vzn8yqjo6hhP3aS0lU4eyXHyIODwQabvCqwHUDZqFRuJFZwsdBT36YxxPbCDBDjkJmdVaMEf+HAMHCVN4KoDW2Ff
/XPMfonGSEguJH1f4eMk8fMrnzfR/T/rUvPmT/yLv6sKw
HZT9ePkWoTOT7UWfxEPSHWRZqxq0BnvQNwYsahF1lt9oq
/bC66QlcdYUuLtL+U/vB4LHsJY/4tPN8vSqcLjiHeMGl+
3lkKw8NQ+dDXQ1o2YgRH50hYv6iGuammE2wmguRjFb54/
TwEx3CiySVdSPv2RFgpQsM1E+u2FJvOe69SvOovvpGnJK
UJuZbw0mdXo1z0XZokK81y7d9B99mK6OHkI2jJJeJUn6y
VjvIYgjARS0= mobile@iPhone

I cat the key with > to authorized_hosts so it's the only key then cat authorized_hosts again to see if that key has actually been added and it has, mobile@iphone.

Like I said this was fine until i reinstalled the app. Maybe if you could reinstall the app and test?

Also ssh -i <privatekey> user@host prompts for a password.

On my first install I didn't change any dir or file perms on host or remote. When it stopped working I tried chmoding them to recommended permissions (they were already correct, and nothing changed.

Other help

.profile is not sourced on starting the app as none of my aliases or variables work. I have to manually source each time, the docs say it should source .profile on each app open.

Also is there a way I can go straight to the sh shell? It lets me use functions. Right now I have to do sh then . ./.profile which is kind of annoying.

If your app is coded in shell or python I'd be quite eager to help out.

Iridium-Lo avatar Jul 02 '23 14:07 Iridium-Lo

YMMV, but the SSH servers I use have authorized_keys and known_hosts. I saw that you had added the public key to authorized_hosts but in my experience you need to authorize both the host and the key: https://security.stackexchange.com/questions/20706/what-is-the-difference-between-authorized-keys-and-known-hosts-file-for-ssh

For your other question, if dash was running when a-Shell went in the background and the corresponding Settings is enabled ("Restart Vim or dash after closing a-Shell") then a-Shell will restart dash when it comes back alive.

holzschu avatar Jul 02 '23 15:07 holzschu

i think I've added the pubkey and the contents to authorized_hosts before but I will test.

oh right you need the pubkey contents in knows hosts also I'll try thay

Iridium-Lo avatar Jul 02 '23 16:07 Iridium-Lo

  • So is there now way to boot a-shell on dash?
  • Normally i'd write a source of bashrc to /etc/bashrc so that it's sourced on startup
  • why does a-shell not source .profile on startup? Is there any file I can write to which will enable a-shell to startup in dash?
  • is there a way to use functions in the default shell?

Iridium-Lo avatar Jul 02 '23 16:07 Iridium-Lo

I added the pubkey to known_hosts on the remote and was able to ssh -i .ssh/or [email protected] for a few times but then it would prompt for password, I could never ssh with the config

Iridium-Lo avatar Jul 07 '23 15:07 Iridium-Lo

YMMV, but the SSH servers I use have authorized_keys and known_hosts. I saw that you had added the public key to authorized_hosts but in my experience you need to authorize both the host and the key: https://security.stackexchange.com/questions/20706/what-is-the-difference-between-authorized-keys-and-known-hosts-file-for-ssh

For your other question, if dash was running when a-Shell went in the background and the corresponding Settings is enabled ("Restart Vim or dash after closing a-Shell") then a-Shell will restart dash when it comes back alive.

where do I add that setting?

Iridium-Lo avatar Jul 07 '23 15:07 Iridium-Lo

steps:

Documents]$ cat .ssh/or.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnWghMi
62wKw5QYV6Ou8vWizvsKiQogtGslmhgT9qPYkSjuRGANg
0I9xpRdB5yWc08yIvO4sb+qvEOxpd5ayOsmpUysgzIQsA
Jo9K6x0NWMoy8NJStLzttNZ0jgcJYlxEJoH73b7wagg/X
p0xhHprnbQg8qefa8TFcIhlwHjX0YKEYcl0u3sMW3fH5h
tNQcm/s4j4b4WVj4M6TY/bR3+fDktiSu+O58nkQ+yKjKQ
xOABe89CGdBTfK2EpcPPrJ7FAsxmC9NdyqbAOrjui2V/M
HlVMxoEJTbZz0kUsOdGkb0Y2vk0NId1xmWRfOY4yQM+SY
HYxcUcI40+5hVEEYp9LAoqFrOZQZn9/48k9w7xQJ7jmne
RVCWjsQpInuAKRV98TE1xpxDq2x5sAnKLH7dv5WdfWS09
N3a4RxOXgQ0fqVwJmHpXYjvrfdI6MMwa4EWA24UTKu/Pp
k+fiCk1Tj7+DgGdPU7rwiooLdBWJwdsQZ7Cl2UgqLLx/Z
xILzpiY+dCU= mobile@iPhone
[Documents]$ ssh -i .ssh/or [email protected]
.209 'cat ~/.ssh/{authorized_hosts,known_host
s}' 
([email protected]) Password:

prompted for pass, rest of output after entering pass:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnWghMi
62wKw5QYV6Ou8vWizvsKiQogtGslmhgT9qPYkSjuRGANg
0I9xpRdB5yWc08yIvO4sb+qvEOxpd5ayOsmpUysgzIQsA
Jo9K6x0NWMoy8NJStLzttNZ0jgcJYlxEJoH73b7wagg/X
p0xhHprnbQg8qefa8TFcIhlwHjX0YKEYcl0u3sMW3fH5h
tNQcm/s4j4b4WVj4M6TY/bR3+fDktiSu+O58nkQ+yKjKQ
xOABe89CGdBTfK2EpcPPrJ7FAsxmC9NdyqbAOrjui2V/M
HlVMxoEJTbZz0kUsOdGkb0Y2vk0NId1xmWRfOY4yQM+SY
HYxcUcI40+5hVEEYp9LAoqFrOZQZn9/48k9w7xQJ7jmne
RVCWjsQpInuAKRV98TE1xpxDq2x5sAnKLH7dv5WdfWS09
N3a4RxOXgQ0fqVwJmHpXYjvrfdI6MMwa4EWA24UTKu/Pp
k+fiCk1Tj7+DgGdPU7rwiooLdBWJwdsQZ7Cl2UgqLLx/Z
xILzpiY+dCU= mobile@iPhone
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnWghMi
62wKw5QYV6Ou8vWizvsKiQogtGslmhgT9qPYkSjuRGANg
0I9xpRdB5yWc08yIvO4sb+qvEOxpd5ayOsmpUysgzIQsA
Jo9K6x0NWMoy8NJStLzttNZ0jgcJYlxEJoH73b7wagg/X
p0xhHprnbQg8qefa8TFcIhlwHjX0YKEYcl0u3sMW3fH5h
tNQcm/s4j4b4WVj4M6TY/bR3+fDktiSu+O58nkQ+yKjKQ
xOABe89CGdBTfK2EpcPPrJ7FAsxmC9NdyqbAOrjui2V/M
HlVMxoEJTbZz0kUsOdGkb0Y2vk0NId1xmWRfOY4yQM+SY
HYxcUcI40+5hVEEYp9LAoqFrOZQZn9/48k9w7xQJ7jmne
RVCWjsQpInuAKRV98TE1xpxDq2x5sAnKLH7dv5WdfWS09
N3a4RxOXgQ0fqVwJmHpXYjvrfdI6MMwa4EWA24UTKu/Pp
k+fiCk1Tj7+DgGdPU7rwiooLdBWJwdsQZ7Cl2UgqLLx/Z
xILzpiY+dCU= mobile@iPhone
[Documents]$

Iridium-Lo avatar Jul 07 '23 15:07 Iridium-Lo