Problems connecting via SSH

Jonathan_Burt · December 9, 2024, 1:07pm

I’m having problems with connect to my SCALE (ElectricEel-24.10.0.2) server via SSH.

Puttygen
I have created a Public/Private key using Puttygen with the key setting of SSH-2 RSA, and 2048 for the size of the key. I have also added in a Key Passphrase.

SSH Service
TCP Port is 22, all other options are unticked/blank except Weak Ciphers which states None, AES128-CBC.

Users
I have configured a Local Admin user, which I have uploaded the public key (as one line of text) into the Authorised Keys field, and SSH password login enable is unticked.

However, when I use Putty to connect to the server, I get the error:

Server refused our key
Keyboard-interactive authentication prompts from server:

It then lets me enter in the account password and 2FA code, and then logs me in.

My issue:
For the benefit of security, I wanted to only have access allowed via a Private/Public key, and not via password (as not as secure).

This is my first time trying SSH using Public/Private Keys, what am I doing wrong?

Thanks
Jonathan

bacon · December 9, 2024, 2:11pm

Windows 10/11 now ships with a ssh client by default. I would recommend using that over PuTTY.

You didn’t mention that you have configured the key in PuTTY. You have to select the key in the
Connection > SSH > Auth options. There is a Private key file for authentication field:

Jonathan_Burt · December 9, 2024, 2:25pm

I have configured Putty to use the private key. Sorry forgot to say that.

Never used the Windows SSH, so something I would have to look into. Does it support private/public key usage?

Main issue, is why my private key is being rejected.

bacon · December 9, 2024, 3:34pm

Yes, windows ssh client supports pubkey auth. It is based on OpenSSH which is what pretty much everyone uses.

Please make sure that you have entered the public key correctly. The Authorized Keys should be a single line. It should consist of three space separated fields:

ssh-rsa AAAA(longstring) yourpcname

Also make sure the user has a proper home directory.

If all fails, you can also look at the logfiles of the ssh server using the following command:

sudo journalctl -t sshd -r

bacon · December 9, 2024, 3:41pm

If you want to try the windows ssh client:

(All commands should be executed in windows terminal or command prompt)

Generate a key:

ssh-keygen

You’ll find the generated key in your users .ssh directory.

In order to show your public key:

type .ssh\id_rsa.pub

Or just look at the %USERPROFILE%\.ssh\id_rsa.pub with any text editor.
Copy that line to the Authorized Keys section in the TrueNAS user config.

Afterwards you can connect to the server using

ssh username@truenas

where username is your username and truenas is your hostname.

If you want to save some typing you can create a config file in .ssh\config where you can configure a lot of different options (see https://linux.die.net/man/5/ssh_config). For example:

Host truenas
        HostName 192.168.0.141
        Port 51245
        User myusername

You can then simply type ssh truenas and it will use the associated config from the configuration file.

Jonathan_Burt · December 9, 2024, 4:10pm

Excellent thanks, this fixed it. I only had the key in that field, added in ssh-rsa and my PC name and it worked.

Cheers