I’m trying to setup key-based authentication on my CoreELEC box. However, I can’t get it to work. I’m adding my key to /storage/.ssh/authorized_keys, but after restarting sshd or rebooting the box, my key is refused. I’m a bit surprised, since my authorized_keys file is identical to what I use on two other systems (an RPI4 running Octoprint and an Intel NUC running Debian). Password authentication does work and I can SSH into the box just fine that way.
Is there something I’m missing? Does CoreELEC actually use authorized_keys? Can it be that I’m using the wrong version of SSH keys (which I find strange since 2 other up-to-date systems do accept the keys).
Edit: after some troubleshooting, it finally accepts my key. I think part of the issue was incorrect formatting of authorized_keys. I always add a linebreak after ssh-rsa, but it should be a space. Word wrap on notepad makes seeing the difference impossible.
Now I think I made some progress. I can now connect to the box using WinSCP. However, when trying using Solar-PuTTY, I still need to enter my password and it gives me the same error. Journalctl gives the following message when I try to login:
Oct 22 13:00:26 CoreELEC sshd[15098]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Oct 22 13:00:30 CoreELEC sshd[15098]: Accepted password for root from 10.0.0.101 port 50777 ssh2
Oct 22 13:02:32 CoreELEC sshd[15226]: Accepted publickey for root from 10.0.0.101 port 50785 ssh2: RSA SHA256:REDACTED_SINCE_I_DONT_KNOW_IF_I_CAN_SHARE
So it first seems like it doesn’t accept the key. Then I take 4 seconds to enter my password and it accepts. 2 minutes later I login using WinSCP and it’s fine? I’m very confused now.
Edit2: I found out my puttygen version was very old, so I updated to the latest version. I regeneraged the public key, but now Solarputty doesn’t accept the key format because it is too new. Maybe time to upgrade to new software and retry?
Sorry if I was unclear. I’m always editing /storage/.ssh/authorized_keys. The keypairs are being accepted by CoreELEC if I use WinSCP, just not if I use Solarputty. The same happens with my Unraid box, which I was also struggling to set up.
It turns out that the issue was with Solarputty, not with the authorized_keys or CoreELEC. I just need to find another SSH session manager.