raspberrypi
[BUG]: OS customization only allows public-key
What happened?
When I enable ssh and check the box for "Enable SSH" and "Use password authentication" then Save, it always flashes the card to only use public-key authentication. It has pre-filled in an SSH key and even if I delete the key, and Save, it still only uses Public key. I've had to login to the PI manually and enable KeyboardInteractive logins in order to be able to ssh in with a password.
Version
1.9.6 (Default)
What host operating system were you using?
Windows
Host OS Version
24H2 2024-11-04
Selected OS
Raspberry Pi OS Lite (64-bit) Bookwoorm
Which Raspberry Pi Device are you using?
Raspberry Pi Zero 2 W
What kind of storage device are you using?
microSD Card in a USB reader
OS Customisation
- [x] Yes, I was using OS Customisation when the bug occurred.
Relevant log output
I tried for the third time and after deleting the pre-filled in key, it finally allows password logins.
the same happened to me. I'm struggling to ssh to my rpi as it is headless and I don't have a possibility to setup an alternative interface there. Even after I erased sd card manually, it keeps switching from 'password' method that I selected back to 'public-key' access. on connection attempt it just shows 'permission denied (publicKey)
Have you given the Pi enough time to fully boot up, resize its root filesystem, reboot, boot up again and then start the SSH server? I wonder if the 'permission denied (publicKey)' message might just be a red-herring because you're trying to connect to your Pi via SSH "too soon"?
I can confirm the exact same behavior. I really thought I messed things up on my end. By now, I am fairly sure it is a bug.
What I also noticed: when retrying to flash and reusing the previous settings (the dialog box that you get right before flashing), there is a yellow triangle for the Services tab, and the radio button is set to public key - even if you have selected the password-auth in the previous flash.
@foleyj2 und @gubarevs - do you have public SSH keys on the computer that you are flashing from? I did not try it yet on a computer without SSH keys in the default .ssh folder. Based on
Choose Allow public-key authentication only to preconfigure your Raspberry Pi for passwordless public-key SSH authentication using a private key from the computer you’re currently using. If already have an RSA key in your SSH configuration, Imager uses that public key. If you don’t, you can click Run SSH-keygen to generate a public/private key pair. Imager will use the newly-generated public key.
from https://www.raspberrypi.com/documentation/computers/getting-started.html, I assume that it defaults to this if there is an SSH key available. But due to the bug it then ignores the switch to the other setting.
I tried for the third time and after deleting the pre-filled in key, it finally allows password logins.
Based on this comment, it's the first time that I noticed, that there are actually SEVERAL SSH key entry fields. When I tried to delete the key, I noticed that I can scroll with the mouse wheel. This only scrolls the list of keys and the same effect cannot be achieved via the scroll bar on the right. Apparently, it tried to fill in all of the SSH keys in my SSH folder in separate entry fields. This also explains why my first deletion of the entry field was not enough (when I tried it earlier today). Something in the SSH UI is seriously messed up in the current release.
I wonder if the 'permission denied (publicKey)' message might just be a red-herring because you're trying to connect to your Pi via SSH "too soon"?
I thought so too in the beginning. But in my last attempt, the Pi was running for several minutes before trying to connect.
@lurch I let it sit for half an hour. still the same effect.
one more aspect that I've noticed: the ssh authentication configured through that UI doesn't work. I've tried with multiple ssh keys (one of them generated with the button). all of them returned me 'permission denied'. and even after I selected 'password', then next time that window is opened it resets to 'public key' option. and looks like always flashes with it. I was not able to make it to switch to password after multiple attempts. All of that is on version 1.9.6
Just now I tried to switch to an older v1.8.5. ssh authentication started working with one of the same keys. and I was able to successfully switch between 'password' and 'public key' options.
All of that was tested on the same macOS laptop. And with the same raspberry pi zero w. So, it is apparently a bug in some of the newest updates.
Based on this comment, it's the first time that I noticed, that there are actually SEVERAL SSH key entry fields. When I tried to delete the key, I noticed that I can scroll with the mouse wheel. This only scrolls the list of keys and the same effect cannot be achieved via the scroll bar on the right. Apparently, it tried to fill in all of the SSH keys in my SSH folder in separate entry fields.
Yes, see #1152 and #1159
@foleyj2 und @gubarevs - do you have public SSH keys on the computer that you are flashing from? I did not try it yet on a computer without SSH keys in the default .ssh folder. Based on
I do have multiple SSH key on this system which maybe it tried to autodetect? It wasn't the two I normally use (RSA and EC) or SSH would have allowed me in after I typed my passphrase.
Have you given the Pi enough time to fully boot up, resize its root filesystem, reboot, boot up again and then start the SSH server? I wonder if the 'permission denied (publicKey)' message might just be a red-herring because you're trying to connect to your Pi via SSH "too soon"? Siilar to @gubarevs , I had also wondered if it was still updating so I then waited 10 minutes. I also believe that ssh won't come up until it is ready to allow logins. The error message certainly implies that it's expecting a public key.
I had the same problem. I couldn't log in with password regardless of the setting.
I also had trouble using ssh key bc I believe it was populating my id_rsa.pub when it should have been my ed25519 key
I have the same issue with imager 1.9.6, after reverting to my previously installed version (1.8.5) it works again.
I tried for the third time and after deleting the pre-filled in key, it finally allows password logins.
I have the same issue on 1.9.6. In order to use a password I have to select password-less option, delete all keys, then re-select password authentication, Save custom settings and write to SD card, then I can boot and password SSH is fine.
@btray900
I have the same issue on 1.9.6. In order to use a password I have to select password-less option, delete all keys, then re-select password authentication, Save custom settings and write to SD card, then I can boot and password SSH is fine.
I'm seeing the same issue. Can you tell me how you deleted the keys? Is there a file where these are stored?
This issue still exists on the latest version (1.9.6), but upon downgrading to 1.8.5, it worked. It took a few extra steps to flush the malformed config file, though. (These steps are Windows only and aren't tested on other operating systems)
- Access and delete the following path via the registry editor "HKCU\Software\Raspberry Pi\Imager", this clears all saved settings and caches.
- Run the uninstaller in "C:\Program Files (x86)\Raspberry Pi Imager", then delete the whole folder if it remains.
- Delete the "C:\Users{username}\AppData\Local\Raspberry Pi" folder if it exists.
- Perform a fresh install of 1.8.5 and use the application. If prompted to update, don't until this issue is resolved.
Same bug with 1.9.6 on MacOS. I also have multiple keys. No problem with 1.8.5 (+ config delete)
Can we PLEASE get acknowledgement of this bug? I am encountering it also and it is really frustrating when you can only run the machine headless.
Fixed in 2.0. Release candidate builds are available in the releases area.
