Solved Can't setup sshd to use passphrase instead of password

freezr

freezr

Dear all,

I've spun off a new VPS but my documentation is not working, from 13.1 and 13.2 has changed something that made my documentation incomplete.

The most noticeable change is that ChallengeResponseAuthentication has been deprecated in favor of KbdInteractiveAuthentication

sshd_config(5)

man.freebsd.org man.freebsd.org

On the default configuration I have changed these four lines:

Code: 
PubkeyAuthentication yes             (40)
KbdInteractiveAuthentication yes     (65)
PermitRootLogin no                   (122)
PasswordAuthentication no            (123)
AllowUsers freezr                    (124, new line)

With this configuration if try to connect it asks for the password and not for the passphrase, if I change KbdInteractiveAuthentication from yes to no it refuses the connection.

On my documentation the only difference was that instead of KbdInteractiveAuthentication yes I had ChallengeResponseAuthentication no.

Anyway I explicitly set up PasswordAuthentication no thus I don't understand why sshd is requesting me the password instead... ?

Thanks! ?
 
Eric A. Borisch said:
First and foremost, has your sshd been restarted after upgrading to 13.2? (Either via whole system reboot, or service sshd restart?)
Click to expand...
Nevermind, if you’re getting to authentication, I think you are past the potential issue there. For the record, a restart of sshd is required after the 13.1 -> 13.2 update.
 
I'm running FreeBSD 13.2 on my notebook. I can only login with ssh keys (apart from the console):
Code: 
[f13.140] $ uname -a
FreeBSD f13.oakes.consulting 13.2-RELEASE-p1 FreeBSD 13.2-RELEASE-p1 GENERIC amd64
[f13.141] $ ls -la ~/.ssh/au*
-rw-------  1 phil  phil  9912 Mar 16  2021 /home/phil/.ssh/authorized_keys
[f13.143] $ tail -6 /etc/ssh/sshd_config
# We need to allow root login for rsnapshot backup server
PermitRootLogin prohibit-password
# We want login via ssh with keys only...
PasswordAuthentication no
ChallengeResponseAuthentication no
PubkeyAcceptedKeyTypes=+ssh-dss
Mode 600 for authorized_keys is fine.
The sshd_config is probably from a previous release.
Have you changed or created ~/authorized_keys? Verify the key type is supported, format, and contents (one line per key).
If all else fails, connect with ssh -v -v -v and see what happens.
 
gpw928

I can't see anywhere that is telling the key is wrong, I really don't understand...

Code: 
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/freezr/.ssh/vultr2_ed25519 ED25519 SHA256:???????????????????????????????????? explicit
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
freezr@216.xxx.xxx.237: Permission denied (publickey).
 
The server did not like your key. Double check that the matching public key is in ~user/.ssh/authorized_keys on the destination server, and has mode (on destination server) 0700 for ~/.ssh, home directory only writable for the user (not group), and 0600 for the authorized keys file. (Can’t recall the exact requirements, but those should hit it.)
 
You must log in or register to reply here.
Back
Top