I'm having trouble using the ed25519 keys to establish SSH connections.I'm using three different machines: one server (A) and two clients (B and C).
A: Ubuntu 24.04 LTS on VPS - OpenSSH_9.6p1 Ubuntu-3ubuntu13.4, OpenSSL 3.0.13 30 Jan 2024
B: Ubuntu 22.04.4 LTS on my laptop - OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022
C Ubuntu 24.04 LTS on RaspberryPi 5 - OpenSSH_9.6p1 Ubuntu-3ubuntu13.4, OpenSSL 3.0.13 30 Jan 2024
I generated two different ed25519 keys for B and C (on the related machines) and copied them both into authorized_keys in A. Additionally, running the ssh-keygen, I set the names of keyfiles on machine B and C to non-default names (~/.ssh/Aserver and ~/.ssh/Aserver.pub).
When I try to establish an SSH connection from B to A, everything works fine, and I don't need to enter any password. However, if I do the same from C to A, the key seems to be ignored, and I need to enter the password every time. The connection C-A works fine when established, but my problem is that I want to use the key and avoid typing the password.I have checked the ~/.shh folder and file permissions, and there are no differences between B and C. The ssh_config files in /etc/ssh are also identical and reported below for convenience. I tried several keys, including the RSA version, but the final outcome is identical. Any idea about the possible cause of this issue?
Thanks!
# This is the ssh client system-wide configuration file. See# ssh_config(5) for more information. This file provides defaults for# users, and the values can be changed in per-user configuration files# or on the command line.# Configuration data is parsed as follows:# 1. command line options# 2. user-specific file# 3. system-wide file# Any configuration value is only changed the first time it is set.# Thus, host-specific definitions should be at the beginning of the# configuration file, and defaults at the end.# Site-wide defaults for some commonly used options. For a comprehensive# list of available options, their meanings and defaults, please see the# ssh_config(5) man page.Include /etc/ssh/ssh_config.d/*.confHost *# ForwardAgent no# ForwardX11 no# ForwardX11Trusted yes# PasswordAuthentication yes# HostbasedAuthentication no# GSSAPIAuthentication no# GSSAPIDelegateCredentials no# GSSAPIKeyExchange no# GSSAPITrustDNS no# BatchMode no# CheckHostIP yes# AddressFamily any# ConnectTimeout 0# StrictHostKeyChecking ask# IdentityFile ~/.ssh/id_rsa# IdentityFile ~/.ssh/id_dsa# IdentityFile ~/.ssh/id_ecdsa# IdentityFile ~/.ssh/id_ed25519# Port 22# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc# MACs hmac-md5,hmac-sha1,umac-64@openssh.com# EscapeChar ~# Tunnel no# TunnelDevice any:any# PermitLocalCommand no# VisualHostKey no# ProxyCommand ssh -q -W %h:%p gateway.example.com# RekeyLimit 1G 1h# UserKnownHostsFile ~/.ssh/known_hosts.d/%k SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yesEDIT:
The last part of the log obtained using the -v option when trying to establish the SSH connection from C to A is the following:
debug1: Next authentication method: publickeydebug1: Will attempt key: /home/XXX/.ssh/id_rsa debug1: Will attempt key: /home/XXX/.ssh/id_ecdsa debug1: Will attempt key: /home/XXX/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/XXX/.ssh/id_ed25519 debug1: Will attempt key: /home/XXX/.ssh/id_ed25519_sk debug1: Will attempt key: /home/XXX/.ssh/id_xmss debug1: Will attempt key: /home/XXX/.ssh/id_dsa debug1: Trying private key: /home/XXX/.ssh/id_rsadebug1: Trying private key: /home/XXX/.ssh/id_ecdsadebug1: Trying private key: /home/XXX/.ssh/id_ecdsa_skdebug1: Trying private key: /home/XXX/.ssh/id_ed25519debug1: Trying private key: /home/XXX/.ssh/id_ed25519_skdebug1: Trying private key: /home/XXX/.ssh/id_xmssdebug1: Trying private key: /home/XXX/.ssh/id_dsadebug1: Next authentication method: keyboard-interactiveThe last part of the log reported above appears to be different from the one obtained during a successful connection from B to A, which carries on with further details of the established connection.
The log on A when trying to connect from B is:
2024-08-03T16:10:02.851654+00:00 ubuntu sshd[117315]: Connection closed by authenticating user root XXX.XXX.52.198 port 50746 [preauth]2024-08-03T16:10:11.609279+00:00 ubuntu sshd[117323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXX.XXX.0.22 user=root2024-08-03T16:10:13.812878+00:00 ubuntu sshd[117318]: error: PAM: Authentication failure for root from XXX.XXX.0.22Permissions for the key on C
-rw------- 1 978 Aug 2 18:38 known_hosts-rw-r--r-- 1 142 Aug 2 18:37 known_hosts.old-rw------- 1 419 Aug 2 18:35 Aserver-rw-r--r-- 1 106 Aug 2 18:35 Aserver.pub