Remote Login problem with SSH

Support and Help
, ,
1

Ubuntu Version:

24.04 LTS

Desktop Environment (if applicable):

xubuntu-desktop

Problem Description:

I have installed Ubuntu 24.04 on Raspberry Pi 4 Model b with the file ubuntu-24.04.2-preinstalled-server-arm64+raspi.img.xz

I used preinstalled version because with normal version I had no ethernet network. Now with the preinstalled version I have network but unable to login remotely with SSH.

Relevant System Information:

The board is a Raspberry Pi 4 Model B. 4 GB RAM. 64 GB SD Card, Class 10.

Screenshots or Error Messages:

The verbose output of ssh -v is given below.

gaurab@PiNCPSVPN:~/.ssh$ ssh -v gaurab@192.168.1.170
OpenSSH_8.9p1 Ubuntu-3ubuntu0.13, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/gaurab/.ssh/config
debug1: /home/gaurab/.ssh/config line 1: Applying options for 192.168.1.170
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.170 [192.168.1.170] port 22.
debug1: Connection established.
debug1: identity file /home/gaurab/.ssh/id_rsa type 0
debug1: identity file /home/gaurab/.ssh/id_rsa-cert type -1
debug1: identity file /home/gaurab/.ssh/id_ecdsa type -1
debug1: identity file /home/gaurab/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/gaurab/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/gaurab/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/gaurab/.ssh/id_ed25519 type -1
debug1: identity file /home/gaurab/.ssh/id_ed25519-cert type -1
debug1: identity file /home/gaurab/.ssh/id_ed25519_sk type -1
debug1: identity file /home/gaurab/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/gaurab/.ssh/id_xmss type -1
debug1: identity file /home/gaurab/.ssh/id_xmss-cert type -1
debug1: identity file /home/gaurab/.ssh/id_dsa type -1
debug1: identity file /home/gaurab/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.13
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.13
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.13 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.170:22 as 'gaurab'
debug1: load_hostkeys: fopen /home/gaurab/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/gaurab/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:nhHwSdkEdeoJF0UY6Vx1xNvY/ppkCRodlROPPEX052U
debug1: load_hostkeys: fopen /home/gaurab/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/gaurab/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/gaurab/.ssh/known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/gaurab/.ssh/known_hosts2 does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
The authenticity of host '192.168.1.170 (192.168.1.170)' can't be established.
ED25519 key fingerprint is SHA256:nhHwSdkEdeoJF0UY6Vx1xNvY/ppkCRodlROPPEX052U.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.170' (ED25519) to the list of known hosts.
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/gaurab/.ssh/id_rsa RSA SHA256:rIc2rkD4ZJvVCfJ8K7trJBTtndfMAEQZs7j1uU3magM agent
debug1: Will attempt key: /home/gaurab/.ssh/id_ecdsa 
debug1: Will attempt key: /home/gaurab/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/gaurab/.ssh/id_ed25519 
debug1: Will attempt key: /home/gaurab/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/gaurab/.ssh/id_xmss 
debug1: Will attempt key: /home/gaurab/.ssh/id_dsa 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/gaurab/.ssh/id_rsa RSA SHA256:rIc2rkD4ZJvVCfJ8K7trJBTtndfMAEQZs7j1uU3magM agent
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/gaurab/.ssh/id_ecdsa
debug1: Trying private key: /home/gaurab/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/gaurab/.ssh/id_ed25519
debug1: Trying private key: /home/gaurab/.ssh/id_ed25519_sk
debug1: Trying private key: /home/gaurab/.ssh/id_xmss
debug1: Trying private key: /home/gaurab/.ssh/id_dsa
debug1: No more authentication methods to try.
gaurab@192.168.1.170: Permission denied (publickey).

What I’ve Tried:

I have manually created the ~/.ssh folder and generated the id_rsa and id_rsa.pub files and copied the content of the public key file to authorized_file and have set appropriate permissions, but I’m unable to login. I suspect some configuration files are missing. I have deleted all files I have created because none of them worked.

Now I am looking for advise on possible solution.

2

Have you seen https://documentation.ubuntu.com/server/how-to/security/openssh-server/index.html

It is not clear whether you were ready to ssh into the pi. There are some preparations you need to make before trying to ssh.

With ssh, there is always a client / server relationship between 2 hosts. The server is the machine you are trying to ssh into, & the client is the host that is requesting that access. It sounds like your Xubuntu is the client & the pi is the server here…

If you are using key based authentication, you need to create a key pair on the client machine always. Then you need to send the public key to the server. The guide above gives you the commands how to create the key pair on the client and also the command to send the public key to the server. If you use those commands, it will also ensure that the correct files and directories are created and with the correct permissions. You should not need to hack the known_hosts or authorized_keys files.

On the server side, there is /etc/ssh/sshd_config
Here you can configure how you want that server to authenticate with other hosts. I like key based auth only. You can turn on or off password based auth. You can enable or disable ssh root login. My preference is no password auth, key auth only, & no root login.

I’ll stop here for now…

Oh by the way, if you do customize sshd_config on the pi server, you will then need to restart the ssh service.

sudo systemctl restart ssh

3

Hello,

I am not sure what I am doing. I know so little that I am ashamed. The following is what I did.

On the Ubuntu Server installed on Raspberry Pi 4 I generated 2 pair of keys. RSA and ED25519 under ~/.ssh folder.

ssh-keygen -lf ~/.ssh/id_ed25519
256 SHA256:ANHJJME2lndB183FuhOSW/tpNmuHFc2fb2xeXopBy7c gaurab@PiNCPSVPN (ED25519)

ssh-keygen -lf ~/.ssh/id_rsa
4096 SHA256:qGRJiie2JAIgiFXwi4K5Y6WN0OehCIeW0a6XYzz/e0w gaurab@192.168.1.170 (RSA)

While attempting to copy public RSA key to authorized_keys file I get the following error.

ssh-copy-id -i ~/.ssh/id_rsa.pub gaurab@PiNCPSVPN
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/gaurab/.ssh/id_rsa.pub”
The authenticity of host ‘pincpsvpn (192.168.1.170)’ can’t be established.
ED25519 key fingerprint is SHA256:cOyunXUWTWr28du8C2gXrsx2d+hpml9cRKvbm46UAQo.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys
gaurab@pincpsvpn: Permission denied (publickey).

One Known_hosts file is created under ~./ssh

cat known_hosts
|1|PkKKRpABeFhp3yoxS28opOOWzRI=|LL1HCZJk/SvqvuRKBBy9Nvf+ki0= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBl11Grn1u7uJfE9n6qrUKNH0l2yrhYe1ig4oLedIaCo

On Windows 11 client computer when I try to SSH to gaurab@192.168.1.170 the following happens. PiNCPSVPN=192.168.1.170

ssh gaurab@PiNCPSVPN
The authenticity of host ‘pincpsvpn (fe80::da3a:ddff:fec0:73df%13)’ can’t be established.
ED25519 key fingerprint is SHA256:cOyunXUWTWr28du8C2gXrsx2d+hpml9cRKvbm46UAQo.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added ‘pincpsvpn’ (ED25519) to the list of known hosts.
gaurab@pincpsvpn: Permission denied (publickey).

Here too a known_hosts file is created. The content of the file is as below.
pincpsvpn ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBl11Grn1u7uJfE9n6qrUKNH0l2yrhYe1ig4oLedIaCo

I can give more informartion if required. Please let me know what should I do to fix the issue?

Thank you.