1

I don't have this problem. I also looked at this article, with no success. I can SSH ~in~ to the Pi without issue (server -> Pi), but I cannot do the reverse (Pi -> server) without it asking for the destination password (NOT passPHRASE). I have verified that the keys are properly transferred. I used this (as we do) to do so:

cat .ssh/pikey_rsa.pub | ssh -tt user@server "cat >> ~/.ssh/authorized_keys

but they just don't work. Whenever I ssh user@serverIP, it will not just dump me in; it asks for the passsword (NOT passPHRASE): user@serverIP's password: at which point, well, I have to enter the friggin' password, defeating the entire purpose of the ssh key.

What minutia am I missing?

I should probably note that I am remoting IN to the Pi to then remote IN to the server, ala: main -> Pi -> server. I don't see that it should have an impact, but just to be complete, there you go.

I've rebuilt the keys six times trying to eliminate key error. I have manually scp'd keys across and manually added them to the auth file. I tried a USB transfer for heaven's sake! I'm out of ideas.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
WhiteRau
  • 225
  • 1
    Compare /etc/ssh/sshd_config on both systems, and post them if the answer isn't obvious. Also, when you get the password prompt, you can enter the password and successfully log in? – Jim MacKenzie Mar 04 '18 at 04:47
  • selinux is a common source of public key auth blockage, especially if you've been fiddling around with authorized_keys without also fiddling around with restorecon – thrig Mar 04 '18 at 05:49
  • 1
    You should check the permission of ~/.ssh/authenticated_keys ,wrong permission on .ssh&authenticated_keys would cause this problem – FrontENG Mar 04 '18 at 05:58
  • @JimMacKenzie yep. can totlaly login with pw. i'll diff the configs when i get to a not-cellphone. :) – WhiteRau Mar 05 '18 at 21:49
  • @FrontENG permissions same on both ends: 760. – WhiteRau Mar 05 '18 at 21:49
  • @thrig can't speak to that because...didn't ever have that be a factor before. – WhiteRau Mar 05 '18 at 21:50
  • @JimMacKenzie files are identical save two pieces. Pi->CentOS has all the SendEnv on the CentOS end. Pi->Ubuntu has the extra line DelegateCredentials on the Ubuntu end. i tried spinning up another server to see if a different 'nix would work. nope. :P – WhiteRau Mar 06 '18 at 01:19
  • Are you using pikey_rsa as your ssh client identity? (If you don't know then you probably aren't, and so there's no private key to match the public key you copied to the server.) 2. Do you have correct permissions and ownership for the directories from / down to ~/.ssh on the server? (If any are writeable other than by root or the target user then that disables key-based authentication.)
    • – Chris Davies Mar 21 '18 at 13:04