Replies: 4 comments
-
|
To be clear, public key authentication from teslausb to my archive server succeeds - this is inbound (management) only. |
Beta Was this translation helpful? Give feedback.
-
Have you tied
|
Beta Was this translation helpful? Give feedback.
-
|
D'oh! That is it. A clear RTFM error - SSH as root is alien to me as in https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-12-03/finding/V-230296 I wonder if the "pi" user is still necessary if both SSH_ROOT_PUBLIC_KEY and SSH_DISABLE_PASSWORD_AUTHENTICATION are defined? Does the pi user account serve any function except as a bridge to sudo/su when logging in via password? |
Beta Was this translation helpful? Give feedback.
-
No, the non-root user (which doesn't even need to be named 'pi') does not serve any purpose as far as TeslaUSB is concerned |
Beta Was this translation helpful? Give feedback.
-
The public key authentication offered in teslausb-20231012-bullseye does not seem to be working for me. Uncommenting line 159 and pasting the contents of my workstation user's id_rsa.pub within the single spaces does not grant me passwordless access via ssh pi@teslausb_ip_address. I am still prompted for a password, which succeeds.
As a test, I reinstalled teslausb without defining the SSH_ROOT_PUBLIC_KEY variable. Post-install while logged in as pi@teslausb via password, I ran a ssh-keygen -t rsa then wrote an authorized_keys file in /home/pi/.ssh, pasting in the contents of my workstation user's id_rsa.pub. Public key authentication continued to fail. I tried chmoding down the permissions of authorized_keys to as low as 400, as I have seem some instances where OpenSSH will ignore the authorized_keys file if it is too open, but again SSH public key authentication fails.
Curiously, I noted that for my first install (with SSH_ROOT_PUBLIC_KEY defined), there is no /home/pi/.ssh directory. /etc/ssh/sshd_config contains #PubkeyAuthentication yes, suggesting SSH itself is not rejecting the login attempt.
Also, logging is inconclusive - auth.log and user.log does not seem to contain any information about successful or failed user logins. I am most used to a /var/log/secure as in Red Hat but I can't find login information anywhere. This should be corrected, as a permanent record of all login attempts is important.
Has anyone here tried public key authentication, and did it work for you?
Beta Was this translation helpful? Give feedback.
All reactions