1

I recently created a new VM running Ubuntu 20.04.3 server, and to use key pair authentication for the SSH server, I created the key pair with ssh-keygen and enabled PubkeyAuthentication yes within /etc/ssh/sshd_config, but I'm unable SSH in via:

ssh -i ~/.ssh/id_rsa [email protected]
  • /etc/ssh/sshd_config:
    (Turning off password authentication and allowing only key authentication didn't work either)
    Include /etc/ssh/sshd_config.d/*.conf
    
    PermitRootLogin yes
    PubkeyAuthentication yes
    
    PasswordAuthentication yes
    ChallengeResponseAuthentication no
    
    UsePAM yes
    
    X11Forwarding yes
    PrintMotd no
    
    AcceptEnv LANG LC_*
    
    Subsystem       sftp    /usr/lib/openssh/sftp-server
    
  • I want to be able to log in to the server without having the public key within the server's authorized_keys

2 Answers 2

1

I tried turning off password authentication and allowing only key authentication, but it didn't work either.

If key authentication doesn't work, then it doesn't work independently from other authentication types. They don't interfere with each other.

(Without having the public key on the server's authorized_keys file)

It's not going to work that way. Literally anyone can generate their own id_rsa keypair – having the public key on the server's authorized_keys file is how the server actually knows that it's your key rather than someone else's.

3
  • Appreciate your response, not to mention that I don't understand what you are saying. But I have seen people using the private key (id_rsa) to log in to servers in some CTF events (Capture The Flags). I am hoping there must be some kind of configuration change that should be done. Pardon me if I am being stupid. Commented Sep 2, 2021 at 12:34
  • They are using it, yes, but that's actually the whole point of this entire authentication scheme: you don't choose to use the one or the other – you always use both the private and public keys in the same procedure. So yes, you will generally see people using a private key, but this works because the server knows the corresponding public key. Commented Sep 2, 2021 at 12:40
  • Got it now. Thank you very much! Commented Sep 2, 2021 at 12:59
0

The public key inside the authorized_keys file on the server, in the user's ~/.ssh folder you're trying to connect to is essentially the keyhole. You need it to connect to said user using the corresponding private key.

You have PermitRootLogin set to yes so I'm guessing that also might be something you're trying to do. If you are trying to use root to connect, you might want to make sure that the 'authorized_keys' file that you're trying to use to connect to is in the /root/.ssh/ folder.

If that's the case, you might also want to set: PermitRootLogin to prohibit-password, I'm not certain if it's needed though certainly it would be more secure.

You will eventually probably also want to set PasswordAuthentication back to no.

2
  • Actually, I am not trying to ssh as root. I just want to ssh in as the user. Commented Sep 2, 2021 at 12:35
  • Oh well, that might be something you'd want to set to no as well. Anyway, if that's not the case then weird that it's not working. Maybe there was just a typo or file misplaced somewhere and you just need to try again. Commented Sep 3, 2021 at 16:00

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.