Need help with setting up SSH keypair authentication

I’m trying to setup key-based authentication on my CoreELEC box. However, I can’t get it to work. I’m adding my key to /storage/.ssh/authorized_keys, but after restarting sshd or rebooting the box, my key is refused. I’m a bit surprised, since my authorized_keys file is identical to what I use on two other systems (an RPI4 running Octoprint and an Intel NUC running Debian). Password authentication does work and I can SSH into the box just fine that way.

Is there something I’m missing? Does CoreELEC actually use authorized_keys? Can it be that I’m using the wrong version of SSH keys (which I find strange since 2 other up-to-date systems do accept the keys).

Check journalctl for any sshd errors. Like wrong permission of the file maybe?

Yes.
I have been using authorized_keys on all my Linux systems including all *elec for many years

N2Plus:~/.ssh # l
total 5
drwx------    2 root     root          1024 Nov 27  2021 .
drwxr-xr-x   14 root     root          1024 Sep 24 15:45 ..
-rw-r--r--    1 root     root           401 Oct 31  2019 authorized_keys

Thanks for the quick tips!

JournalCTL gave me this error.

Oct 22 12:23:25 CoreELEC sshd[12586]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

I tried adding the lines below to /etc/ssh/sshd_config, but the file is nonwritable. Any other options?

PubkeyAuthentication yes
PubkeyAcceptedAlgorithms +ssh-rsa

Edit: after some troubleshooting, it finally accepts my key. I think part of the issue was incorrect formatting of authorized_keys. I always add a linebreak after ssh-rsa, but it should be a space. Word wrap on notepad makes seeing the difference impossible.

Now I think I made some progress. I can now connect to the box using WinSCP. However, when trying using Solar-PuTTY, I still need to enter my password and it gives me the same error. Journalctl gives the following message when I try to login:

Oct 22 13:00:26 CoreELEC sshd[15098]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Oct 22 13:00:30 CoreELEC sshd[15098]: Accepted password for root from 10.0.0.101 port 50777 ssh2
Oct 22 13:02:32 CoreELEC sshd[15226]: Accepted publickey for root from 10.0.0.101 port 50785 ssh2: RSA SHA256:REDACTED_SINCE_I_DONT_KNOW_IF_I_CAN_SHARE

So it first seems like it doesn’t accept the key. Then I take 4 seconds to enter my password and it accepts. 2 minutes later I login using WinSCP and it’s fine? I’m very confused now.

Edit2: I found out my puttygen version was very old, so I updated to the latest version. I regeneraged the public key, but now Solarputty doesn’t accept the key format because it is too new. Maybe time to upgrade to new software and retry?

Wrong place - read-only and no need to edit in this case
Don´t use notepad or another windows stuff to edit authorized_keys, use vi or nano

Maybee You must create a new SSH Key pair, the are many instructions how to do that

Check permissions:

• ~/.ssh permissions should be 700
• ~/.ssh should be owned by your account
• ~/.ssh/authorized_keys permissions should be 600
• ~/.ssh/authorized_keys should be owned by your account
• ~/.ssh/config permissions should be 600
• ~/.ssh/id_* permissions should be 600

Sorry if I was unclear. I’m always editing /storage/.ssh/authorized_keys. The keypairs are being accepted by CoreELEC if I use WinSCP, just not if I use Solarputty. The same happens with my Unraid box, which I was also struggling to set up.

It turns out that the issue was with Solarputty, not with the authorized_keys or CoreELEC. I just need to find another SSH session manager.

I think this issue can be closed as solved.

OK
I have been using the original putty for 20 years.
Some other Programs like Mobaxterm have some issues, that’s why I recommend original putty

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.