SSH key pair not working for users

Status
Not open for further replies.
A

abbas

Cadet
Joined
Apr 5, 2016
Messages
1
First time posting so i will try to provide as much information as possible, let me know if you need more logs or anything.

Anyways, my freenas has been set up and i can access files remotely using SSH and a user login. Its also available on the local network and i can transfer files thru CIFS.

The issue i am having is when i turn off allow password authentication and try to use RSA keys.

I generated them using puttygen and put the public key in the "SSH Public Key field" under the user profile. I have tried manually putting in the private key into putty when i connect and also tried using pageant. neither of them let me connect.

One problem that i found is that the rsa fingerprint that i see is from the rsa public key on the root account and not the rsa key on the user account that i am trying to log in as.

i have set the folder permissions and the file permissions on both ~./ssh and authorized_keys correctly.

here is my configuration

Hostname freenas.local Edit
Build FreeNAS-9.10-STABLE-201603252134 (412fb1c)
Platform Intel(R) Pentium(R) CPU G3258 @ 3.20GHz
Memory 7824MB
System Time Tue Apr 05 08:48:26 PDT 2016
Uptime 8:48AM up 9:05, 0 users
Load Average 0.09, 0.16, 0.16



here is a log of what is happening when i connect with filezillla
Status: Connecting to 192.168.1.100:4233...
Response: fzSftp started, protocol_version=4
Command: keyfile "C:\Users\Abbas\Desktop\test1"
Command: open "amamdani@192.168.1.100" 4233
Command: Pass:
Error: Authentication failed.
Error: Critical error: Could not connect to server
Status: Disconnected from server
Status: Connecting to 192.168.1.100:4233...
Response: fzSftp started, protocol_version=4
Command: keyfile "C:\Users\Abbas\Desktop\test1"
Command: open "amamdani@192.168.1.100" 4233
Command: Pass:
Error: Authentication failed.
Error: Critical error: Could not connect to server

here is a log of what is happening when i connect with putty

2016-04-05 08:16:52 Looking up host "192.168.1.100"
2016-04-05 08:16:52 Connecting to 192.168.1.100 port 4233
2016-04-05 08:16:52 We claim version: SSH-2.0-PuTTY_Release_0.66
2016-04-05 08:16:52 Server version: SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
2016-04-05 08:16:52 Using SSH protocol version 2
2016-04-05 08:16:52 Doing Diffie-Hellman group exchange
2016-04-05 08:16:52 Doing Diffie-Hellman key exchange with hash SHA-256
2016-04-05 08:16:53 Host key fingerprint is:
2016-04-05 08:16:53 ssh-rsa 2048 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2016-04-05 08:16:53 Initialised AES-256 SDCTR client->server encryption
2016-04-05 08:16:53 Initialised HMAC-SHA-256 client->server MAC algorithm
2016-04-05 08:16:53 Initialised AES-256 SDCTR server->client encryption
2016-04-05 08:16:53 Initialised HMAC-SHA-256 server->client MAC algorithm
2016-04-05 08:16:53 Pageant is running. Requesting keys.
2016-04-05 08:16:53 Pageant has 2 SSH-2 keys
2016-04-05 08:16:57 Trying Pageant key #0
2016-04-05 08:16:57 Server refused our key
2016-04-05 08:16:57 Trying Pageant key #1
2016-04-05 08:16:57 Server refused our key
2016-04-05 08:18:53 Server unexpectedly closed network connection


Ive been stuck on this for almost two days now, and have no idea where to look for a solution. any help would be appreciated!

thanks
 
R

Robert Trevellyan

Pony Wrangler
Joined
May 16, 2014
Messages
3,778
It's not clear to me exactly what steps you followed in trying to set this up.

Perhaps this will help:

Task: user U wants to connect to server S from client C using public key authentication.
Prerequisites: user U exists on server S, and S and C support the same SSH authentication methods.
Setup:
  1. Enable public-key authentication on server S.
  2. On client C, generate public/private key pair for user U.
  3. Copy/append public key (~/.ssh/id_rsa.pub) for user U from client C to ~/.ssh/authorized_keys file for user U on server S. Presumably, pasting a public key into the Modify User dialog achieves this, but it might be worth double-checking.
  4. Check for correct permissions on all SSH authentication-related files (user's .ssh folder and its contents on each end).
At step 3, you need to make sure you don't introduce spurious newlines into the key.
abbas said:
the rsa fingerprint that i see is from the rsa public key on the root account and not the rsa key on the user account that i am trying to log in as
Click to expand...
It shouldn't be. The RSA fingerprint for the server is what allows the client to determine whether they're connecting to the correct server, or if they are a victim of a man-in-the-middle attack, or some other type of masquerading attack. The server fingerprint should be automatically added to the known_hosts file on the client the first time you connect. If the host key doesn't match during a future connection attempt, you will be warned.
 
Last edited:
depasseg

depasseg

FreeNAS Replicant
Joined
Sep 16, 2014
Messages
2,874
Robert Trevellyan said:
At step 3, you need to make sure you don't introduce spurious newlines into the key.
Click to expand...
I like to use the "ssh-copy-id <username>@<host>" method from a client that supports it. This way it's automatic and the public key gets added correctly.

But I also just tested this with SecureCRT (created a new RSA Pub-Priv keypair), uploaded the public key text to the new user window and it worked.
 
Status
Not open for further replies.

Similar threads

{HD}
  • Locked
SOLVED SSH Setup Difficulty
Replies
2
Views
4K
{HD}
{HD}
J
  • Locked
10gbe Intel X540-T2 stopping all transmission intermittently?
Replies
18
Views
5K
Jonathan Hughes
J
C
Bitvise losing login session or not connecting
Replies
8
Views
15K
sgpsrajan
S
T
  • Locked
SOLVED SSH with key into Synology NAS from FreeNAS
Replies
2
Views
4K
Thefarelkid
T
depasseg
  • Locked
Is this replacement drive bad?
Replies
5
Views
2K
Ericloewe
Ericloewe
Top