Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission denied (publickey) #30

Closed
skhrg opened this issue May 27, 2020 · 9 comments
Closed

Permission denied (publickey) #30

skhrg opened this issue May 27, 2020 · 9 comments

Comments

@skhrg
Copy link

skhrg commented May 27, 2020

Hi, when I attempt to ssh to unlock my system, I get Permission denied (publickey)

But once the system in booted I am able to ssh in with the same key. I was concerned that maybe my authorized_keys file wasn't getting loaded properly but

# lsinitrd | grep authorized_keys                                        
-rw-------   1 root     root          554 Mar 16 11:15 root/.ssh/authorized_keys

would lead me to believe that that's not the problem.
@gsauthof
Copy link
Owner

Try to debug this issue by looking at the ssh log messages from early boot (e.g. with journalctl -b) and/or unpack the generated initramfs archive and inspect the included authorized_keys to check whether it matches your expectations/what you have under /root/.ssh. Also check the permissions of the /root and /root/.ssh directories in the initramfs archive.

@skhrg
Copy link
Author

skhrg commented May 28, 2020

The correct key is in my initramfs archive.
The permissions in the archive for /root are:

drwxr-xr-x.  3 root    root        4096 May 28 09:07 root

And for /root/.ssh:

drwx------.  2 root    root    4096 May 28 09:07 .ssh

Which seem fine.

@gsauthof
Copy link
Owner

Is the sshd logging any errors during early-boot?

@skhrg
Copy link
Author

skhrg commented May 29, 2020

Not beyond the warning about UsePAM no

@gsauthof
Copy link
Owner

You can also compare the ssh -v output when you get the Permission denied (publickey) error vs. when the login works. Perhaps you see some difference in what keys are offered or something like that.

@saibotk
Copy link

saibotk commented Jun 1, 2020

Actually I am currently experiencing the exact same problem.
I am testing this on a fresh Fedora 32 Server installation, if this might help.

@saibotk
Copy link

saibotk commented Jun 2, 2020
edited
Loading

Okay so at least on fedora 32, when you did not create a root user password (just your own user and made him member of the wheel group), you cannot login via ssh, as the user account is locked. See https://unix.stackexchange.com/questions/193066/how-to-unlock-account-for-public-key-ssh-authorization-but-not-for-password-aut

Edit: Maybe adding a notice to the README would be helpful?

@gsauthof
Copy link
Owner

gsauthof commented Jun 2, 2020

@saibotk this sounds similar to issue #19 - can you confirm?

I'll add something to the README.

@saibotk
Copy link

saibotk commented Jun 3, 2020

Thank you 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gsauthof @saibotk @skhrg